From 30d027e7645c44d29617dfa9394f502314db036d Mon Sep 17 00:00:00 2001
From: Zoe Roux <zoe.roux@zoriya.dev>
Date: Sun, 21 Sep 2025 20:28:44 +0200
Subject: [PATCH] Don't refresh postgres ca (until leaf are automatically
 refreshed)

---
 apps/postgres/ca.yaml | 1 +
 shell.nix             | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/postgres/ca.yaml b/apps/postgres/ca.yaml
index 2a40922..670955c 100644
--- a/apps/postgres/ca.yaml
+++ b/apps/postgres/ca.yaml
@@ -11,6 +11,7 @@ spec:
   secretTemplate:
     labels:
       cnpg.io/reload: ""
+  duration: 87660h # 10 years, this is needed until https://github.com/cert-manager/cert-manager/issues/2478
   privateKey:
     algorithm: ECDSA
     size: 256
diff --git a/shell.nix b/shell.nix
index 715b204..c6c86f2 100644
--- a/shell.nix
+++ b/shell.nix
@@ -9,7 +9,6 @@ pkgs.mkShell {
     cmctl
     kubectl-cnpg
     kubernetes-helm
-    kubectl-cnpg
   ];
 
   TALOSCONFIG = "./clusterconfig/talosconfig";