cert-manager: Add certificate for hatch.chat

The certificate for *hatch.chat* is used by Synapse (Matrix homeserver).

cert-manager/cert-exporter.yaml

@@ -23,6 +23,11 @@ data:
       namespace: default
       key: acme.sh/dustin.hatch.name/dustin.hatch.name.key
       cert: acme.sh/dustin.hatch.name/fullchain.cer
+    - name: hatchchat-cert
+      namespace: default
+      key: certificates/hatch.chat.key
+      cert: certificates/hatch.chat.crt
+      bundle: certificates/hatch.chat.pem
   known-hosts-command.ssh_config: |
     KnownHostsCommand /usr/bin/curl -fsL https://files.pyrocufflink.blue/ssh_known_hosts
 
@@ -41,6 +46,7 @@ rules:
   resourceNames:
   - pyrocufflink-cert
   - dustinhatchname-cert
+  - hatchchat-cert
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1

cert-manager/certificates.yaml

@@ -34,3 +34,21 @@ spec:
   privateKey:
     algorithm: ECDSA
     rotationPolicy: Always
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: hatchchat-cert
+spec:
+  secretName: hatchchat-cert
+  dnsNames:
+  - hatch.chat
+  - '*.hatch.chat'
+  issuerRef:
+    group: cert-manager.io
+    kind: ClusterIssuer
+    name: zerossl
+  privateKey:
+    algorithm: ECDSA
+    rotationPolicy: Always