Add LAN access via CARP and relayd

- Add cert-manager for self-signed TLS certificates - Create wildcard cert for *.f3s.lan.buetow.org - Add LAN ingress to Navidrome (navidrome.f3s.lan.buetow.org) - Document FreeBSD relayd configuration for LAN access - Add comprehensive setup guide LAN access uses existing CARP VIP (192.168.1.138) on f0/f1 with relayd forwarding HTTP/HTTPS to k3s Traefik NodePorts. External access via OpenBSD relayd continues unchanged.
author: Paul Buetow <paul@buetow.org> 2026-02-05 11:14:05 +0200
committer: Paul Buetow <paul@buetow.org> 2026-02-05 11:14:05 +0200
commit: d1c50fcfc81d46bbf084227e4be2bf07efd0d100 (patch)
tree: e7f786258d61a5cee84918dcd273c329e2c2a36f /f3s/argocd-apps
parent: 29927d23c5d0b2c1a71763bf4899322073d00313 (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/f3s/argocd-apps/infra/cert-manager.yaml b/f3s/argocd-apps/infra/cert-manager.yaml
new file mode 100644
index 0000000..b1586d2
--- /dev/null
+++ b/f3s/argocd-apps/infra/cert-manager.yaml
@@ -0,0 +1,28 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cert-manager
+  namespace: cicd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: default
+  source:
+    repoURL: http://git-server.cicd.svc.cluster.local/conf.git
+    targetRevision: master
+    path: f3s/cert-manager
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: cert-manager
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
+    retry:
+      limit: 3
+      backoff:
+        duration: 5s
+        factor: 2
+        maxDuration: 1m
author	Paul Buetow <paul@buetow.org>	2026-02-05 11:14:05 +0200
committer	Paul Buetow <paul@buetow.org>	2026-02-05 11:14:05 +0200
commit	d1c50fcfc81d46bbf084227e4be2bf07efd0d100 (patch)
tree	e7f786258d61a5cee84918dcd273c329e2c2a36f /f3s/argocd-apps
parent	29927d23c5d0b2c1a71763bf4899322073d00313 (diff)