From 13dbc99d1a2cd3a9765f1b6aa695f5aca33e7f67 Mon Sep 17 00:00:00 2001
From: m0e <mkleiber@nyxsec.de>
Date: Thu, 30 Oct 2025 16:03:46 +0100
Subject: [PATCH] fixed url typos and switched to prod clusterissuer

---
 ansible/roles/k3s/tasks/main.yml                 |  2 +-
 .../files/clusterissuer-prod.yaml                |  4 ++--
 .../roles/k8s-kube-prom-stack/files/values.yaml  | 16 ++++++++--------
 ansible/roles/k8s-wordpress/files/values.yaml    |  4 ++--
 4 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/ansible/roles/k3s/tasks/main.yml b/ansible/roles/k3s/tasks/main.yml
index 592a2e4..d799b6f 100644
--- a/ansible/roles/k3s/tasks/main.yml
+++ b/ansible/roles/k3s/tasks/main.yml
@@ -68,7 +68,7 @@
 
 # Download kubeconfig for remote access
 - name: Fetch kubconfig
- ansible.builtin.fetch:
+  ansible.builtin.fetch:
     src: /etc/rancher/k3s/k3s.yaml
     dest: ../kubeconfig
     flat: yes
diff --git a/ansible/roles/k8s-cert-manager/files/clusterissuer-prod.yaml b/ansible/roles/k8s-cert-manager/files/clusterissuer-prod.yaml
index 86b4ab2..b4acf01 100644
--- a/ansible/roles/k8s-cert-manager/files/clusterissuer-prod.yaml
+++ b/ansible/roles/k8s-cert-manager/files/clusterissuer-prod.yaml
@@ -1,13 +1,13 @@
 apiVersion: cert-manager.io/v1
 kind: ClusterIssuer
 metadata:
-  name: letsencrypt-staging
+  name: letsencrypt-prod
 spec:
   acme:
     server: https://acme-staging-v02.api.letsencrypt.org/directory
     email: admin@nyxsec.de
     privateKeySecretRef:
-      name: letsencrypt-staging
+      name: letsencrypt-prod
     solvers:
     - http01:
         ingress:
diff --git a/ansible/roles/k8s-kube-prom-stack/files/values.yaml b/ansible/roles/k8s-kube-prom-stack/files/values.yaml
index b0fda90..3c5d6b6 100644
--- a/ansible/roles/k8s-kube-prom-stack/files/values.yaml
+++ b/ansible/roles/k8s-kube-prom-stack/files/values.yaml
@@ -604,7 +604,7 @@ alertmanager:
 
     annotations:
       kubernetes.io/tls-acme: "true"
-      cert-manager.io/cluster-issuer: letsencrypt-staging
+      cert-manager.io/cluster-issuer: letsencrypt-prod
       nginx.ingress.kubernetes.io/auth-type: basic
       nginx.ingress.kubernetes.io/auth-secret: ingress-secret
       nginx.ingress.kubernetes.io/auth-realm: 'Please login'
@@ -637,7 +637,7 @@ alertmanager:
     tls:
     - secretName: alertmanager-general-tls
       hosts:
-      - alertmanager.moritz.agitroniq.net
+      - alertmanager.moritz.agitronic.net
 
   # -- BETA: Configure the gateway routes for the chart here.
   # More routes can be added by adding a dictionary key like the 'main' route.
@@ -1331,7 +1331,7 @@ grafana:
     annotations:
       kubernetes.io/ingress.class: nginx
       kubernetes.io/tls-acme: "true"
-      cert-manager.io/cluster-issuer: letsencrypt-staging
+      cert-manager.io/cluster-issuer: letsencrypt-prod
 #
 #    ## Labels to be added to the Ingress
 #    ##
@@ -1341,7 +1341,7 @@ grafana:
 #    ## Must be provided if Ingress is enable.
 #    ##
     hosts:
-       - grafana.moritz.agitroniq.net
+       - grafana.moritz.agitronic.net
 
     ## Path for grafana ingress
     path: /
@@ -1352,7 +1352,7 @@ grafana:
     tls:
      - secretName: grafana-general-tls
        hosts:
-       - grafana.moritz.agitroniq.net
+       - grafana.moritz.agitronic.net
 
   # # To make Grafana persistent (Using Statefulset)
   # #
@@ -3728,7 +3728,7 @@ prometheus:
 
     annotations:
       kubernetes.io/tls-acme: "true"
-      cert-manager.io/cluster-issuer: letsencrypt-staging
+      cert-manager.io/cluster-issuer: letsencrypt-prod
       nginx.ingress.kubernetes.io/auth-type: basic
       nginx.ingress.kubernetes.io/auth-secret: ingress-secret
       nginx.ingress.kubernetes.io/auth-realm: 'Please login'
@@ -3741,7 +3741,7 @@ prometheus:
     ## Must be provided if Ingress is enabled.
     ##
     hosts:
-      - prometheus.moritz.agitroniq.net
+      - prometheus.moritz.agitronic.net
 
     ## Paths to use for ingress rules - one path should match the prometheusSpec.routePrefix
     ##
@@ -3758,7 +3758,7 @@ prometheus:
     tls:
       - secretName: prometheus-general-tls
         hosts:
-          - prometheus.moritz.agitroniq.net
+          - prometheus.moritz.agitronic.net
 
   # -- BETA: Configure the gateway routes for the chart here.
   # More routes can be added by adding a dictionary key like the 'main' route.
diff --git a/ansible/roles/k8s-wordpress/files/values.yaml b/ansible/roles/k8s-wordpress/files/values.yaml
index b5b18aa..2e963a3 100644
--- a/ansible/roles/k8s-wordpress/files/values.yaml
+++ b/ansible/roles/k8s-wordpress/files/values.yaml
@@ -633,7 +633,7 @@ ingress:
   ingressClassName: "nginx"
   ## @param ingress.hostname Default host for the ingress record. The hostname is templated and thus can contain other variable references.
   ##
-  hostname: wordpress.moritz.agitroniq.net
+  hostname: wordpress.moritz.agitronic.net
   ## @param ingress.path Default path for the ingress record
   ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
   ##
@@ -647,7 +647,7 @@ ingress:
   ## e.g:
   annotations:
     kubernetes.io/ingress.class: nginx
-    cert-manager.io/cluster-issuer: letsencrypt-staging
+    cert-manager.io/cluster-issuer: letsencrypt-prod
     nginx.ingress.kubernetes.io/enable-modsecurity: 'true'
     nginx.ingress.kubernetes.io/modsecurity-snippet: |
       SecRuleEngine On