add cert-manager and barman cloud plugin

fix cnpg secret
2026-03-17 13:42:51 -04:00 · 2026-03-17 13:16:57 -04:00
7 changed files with 38 additions and 10 deletions
--- a/kubernetes/charts/cert-manager.nix
+++ b/kubernetes/charts/cert-manager.nix
@@ -0,0 +1,15 @@
+{
+  services.k3s.autoDeployCharts = {
+    cert-manager = {
+      name = "cert-manager";
+      version = "v1.20.0";
+      repo = "https://charts.jetstack.io";
+      hash = "sha256-Hxomj9FkLXbQuf0WKq7ckZc6gbh9nlfA//JGAkzNKtQ=";
+      createNamespace = true;
+      targetNamespace = "cert-manager";
+      values = {
+        installCRDs = true;
+      };
+    };
+  };
+}
--- a/kubernetes/charts/cloudnativepg.nix
+++ b/kubernetes/charts/cloudnativepg.nix
@@ -1,10 +1,20 @@
 {
-  services.k3s.autoDeployCharts.cloudnativepg = {
-    name = "cloudnative-pg";
-    version = "0.27.1";
-    repo = "https://cloudnative-pg.github.io/charts";
-    hash = "sha256-Z9cYn5MhnTVWMP92kBaRIc9gbmeshKvgXFP4h4jenUk=";
-    createNamespace = true;
-    targetNamespace = "cloudnativepg";
+  services.k3s.autoDeployCharts = {
+    cloudnativepg = {
+      name = "cloudnative-pg";
+      version = "0.27.1";
+      repo = "https://cloudnative-pg.github.io/charts";
+      hash = "sha256-Z9cYn5MhnTVWMP92kBaRIc9gbmeshKvgXFP4h4jenUk=";
+      createNamespace = true;
+      targetNamespace = "cloudnativepg";
+    };
+    plugin-barman-cloud = {
+      name = "plugin-barman-cloud";
+      version = "0.5.0";
+      repo = "https://cloudnative-pg.github.io/charts";
+      hash = "sha256-c7v0Mrln3ESJz//7s7/HfZJHtxVqLIVY/GtSrv8ti+o=";
+      targetNamespace = "cloudnativepg";
+    };
  };
+  
 }
--- a/kubernetes/charts/default.nix
+++ b/kubernetes/charts/default.nix
@@ -1,5 +1,6 @@
 {
    imports = [
        ./cloudnativepg.nix
+        ./cert-manager.nix
    ];
 }
--- a/kubernetes/kubernetes.nix
+++ b/kubernetes/kubernetes.nix
@@ -2,6 +2,7 @@
  imports = [
    ./charts
    ./manifests
+    ./secrets
  ];

  networking.firewall.allowedTCPPorts = [6443];
--- a/kubernetes/secrets/cloudnativepg/s3-backup-creds.nix
+++ b/kubernetes/secrets/cloudnativepg/s3-backup-creds.nix
@@ -1,6 +1,6 @@
 { config, ... }:
 {
-  sops.templates."omni-etcd-key.yaml" = {
+  sops.templates."cnpg-s3-backup-creds.yaml" = {
    mode = "0444";
    content = ''
      apiVersion: v1
@@ -9,7 +9,7 @@
        name: s3-backup-creds
        namespace: cloudnativepg
      type: Opaque
-      spec:
+      stringData:
        s3AccessKey: fmRuq5b96EKqQOGR1prs
        s3SecretKey: ${config.sops.placeholder.cnpg_s3_backup_key}
    '';
--- a/kubernetes/secrets/default.nix
+++ b/kubernetes/secrets/default.nix
@@ -1,5 +1,5 @@
 {
  imports = [
-    ./omni/omni-etcd-key.nix
+    ./cloudnativepg/s3-backup-creds.nix
  ];
 }
--- a/security/sops.nix
+++ b/security/sops.nix
@@ -18,6 +18,7 @@
            pw_williamp = {
                neededForUsers = true;
            };
+            cnpg_s3_backup_key = {};
        };
    };
 }
Author	SHA1	Message	Date
William P	d26192d28e	add cert-manager and barman cloud plugin	2026-03-17 13:42:51 -04:00
William P	37fdf43abe	fix cnpg secret	2026-03-17 13:16:57 -04:00