From 4d463021b5b89a872b5f89d7068e6e7e53afd485 Mon Sep 17 00:00:00 2001
From: Danny Grove <danny@drgrovellc.com>
Date: Mon, 11 Mar 2024 16:32:03 -0700
Subject: [PATCH] k/matrix: add slack-bridge ingress and update app credentials

---
 infra/main/main.tf                            |  5 ++-
 .../config-secrets.enc.yaml                   |  8 ++---
 kustomizations/matrix/ingress.yaml            | 33 ++++++++++++++++++-
 3 files changed, 40 insertions(+), 6 deletions(-)

diff --git a/infra/main/main.tf b/infra/main/main.tf
index 0a753be..6208bd9 100644
--- a/infra/main/main.tf
+++ b/infra/main/main.tf
@@ -73,7 +73,10 @@ module "digitalocean_database_cluster" {
     name = "telegram",
     create_default_superuser = true,
   }, {
-    name = "slack",
+    name = "mautrix_slack",
+    create_default_superuser = true,
+  }, {
+    name = "matrix_slack_appservice",
     create_default_superuser = true,
   }, {
     name = "media_repo",
diff --git a/kustomizations/matrix/bridges/matrix-appservice-slack/config-secrets.enc.yaml b/kustomizations/matrix/bridges/matrix-appservice-slack/config-secrets.enc.yaml
index 791aac7..f4aa52b 100644
--- a/kustomizations/matrix/bridges/matrix-appservice-slack/config-secrets.enc.yaml
+++ b/kustomizations/matrix/bridges/matrix-appservice-slack/config-secrets.enc.yaml
@@ -4,16 +4,16 @@ metadata:
     name: matrix-appservice-slack
 type: Opaque
 stringData:
-    config.yaml: ENC[AES256_GCM,data:wgpE6EZr1o7qvQdXhJgB3Uz47LFHFuN/b56qAgodf7GzNt5BAaPS7c0EiIZBcjZaZtg5BjGnohXsnyd2s/9Gww/ImZqAIk9nf7yTDYNoKeOx67r0dzTex6EE/ZjfTtKRdW6b+LZgehCT6TjutxnfY6HVFdT9MLsdSzAyWdD4e1q3imK6KGn4GMWx7xFqDMmjzUWzU/XC4dc7CxVfDZcNX5CZpCDUw7M8qz3OVf+afIRZPwy67eUG9MuueyLZpC+AD3OX4PFvsM7hlavIZWE3NL2yWloiMsqVA15IsfZkPvOjFSsOba7Xh8ko59HTIhaOBE4WCC4GI7QiWZU9/oh1497gq2ZKMc9jVbFMcz5psMWSwARIWobM+wHTRBSY7RmQqCyRkBqqL+gpKk0ZYgdOrtIQUOxlkRs3sNy+2tfpyvZxj+WxitUpsfMGQWhOzB7xzhTe6bsFLHFf3WCS3/JkbbVF7jAz8Ky+2l5WFwNGO8DR0oRWjwYiFNbY1id0JiL0x/zhLAhtAZoG9wXYkDcaOUZLPBf19uNCtPpxlcSoh8Z22M4gvZsgdRqGeaW8L2CRPmFpvlIkMslnPmW4a0ZSGKF/prPvTQ8Ize7osR0gP9kANgNaYrZjXu/mvbnzwkyN5Ak9HTh5UGEKZ5BdjUrZ1CDefZb5JCYqJvRKZEAdaNr2ARVUN+a0qSj9ng4r7v+vS6wbYJcp8PABTBdN1YPnJl0jHjSdY0gKiZ3ADceK8F2TH3nG6Qy398X9spkWJt3vDiWP9WTYL5FHdlB1U4J8oNV3UbdV9x4jy9nnabfpshcIIDrsPqzAVk5FIIOFeF7hon3HT4NIZGkr9X7ACpBb0JBnNqSxI+NpCXncTAcr8q7vvngxlBVkNxSePfhL5LV5Sflv4n91mprIdYzOwlX2kVdjlHfRzbQ5H1iGzIBy6FTXHpw8dXY5Xh7hTcFbX+6JQXC79eSRFj/N26fd7L9u27dxiB6bPmh3JZN5zqtL3Kqp9JR/OrtuBQkXxdNPxpfrii89oWtU+L/Io007V/QdLYMKweV6rx7S99PVyvQWJrSF3/+W03bj/YmX82sK1HL0JTPGncgcUDAa,iv:EyJlIF/A0hC4WsXexiUTK2SKG3gbqGcXE6QzxyNzI9E=,tag:y4c3sxCKqAd+qR6ECtc6nw==,type:str]
-    slack.yaml: ENC[AES256_GCM,data:b+EN+PH5OgQIia7zyXWv4TFTBw9LhrTKtLCRerRpapyJuMGa2Thr0LrG61aH0ggGmd27sMlXd36KPSXVaE6Zzg3dhD5bzziOrAzMUaP2gNt4M3IcDwF4uWJDw9fdN/yi7OLBu81Z4/1oIsdQ9QGphLWYvJ4h1ygxA6ytXVZPsZtd5wcuOO7e08hIIB1IfdZQhu9eMtpFVeDGPDPW9byv/Fs/l0U3oQp2LylUQLO3bbYphC5aVj7vk3jpHelQnjLJq0e9xNbeMaWHnHAMb0803KOSNFEgONIyClNuvmChJ5Xaisz6dj7I46NFsGepi+y1QuWLzN++7CWAX/u1Pth+abMCPA/SQ3Ba8UYJHTdsEVmSGa+1WgOs9xIQcwjA61QStFqiK4GKaewG5XZ58WY5E2MvF4QUss0374crBafJb/yQnSiHMBwqY6I35/daeoUBVCGV2t8uEd4PL1iIl5P2AQ==,iv:mrWD3mrhZtHPMWd4qGZskxhMZbopWes3Nsd0/51so74=,tag:GgqmeTx146/qoAgNLMbCVw==,type:str]
+    config.yaml: ENC[AES256_GCM,data:r4qTOla/LsGtMojbqC0px9vVeDN/308lx19WR1FcHOh/FenPOmhiVN6yqEHiL6NppHm+SfrSdAa58ghF6GVdbv51/Z6K435MPpoAXbcmw2JceZbHZJ2k0u4aY01nWYMKUU+oKcowdzL4bmkA4jkX4XcDVEsA9VlZPAYmSN4O0s4uLl2pJ1K5i0qng2KaCYKAwk5OTK4w//+lK7UhmVC2TBlGZ8MUyuHsvk0zUkWfdXeFtmtVN48LwS3gdjY2ynHDTYl4cmXtErfbqLkdjWLGcTS1LCaIhOSFYTQm04tAWc9TCKB3xYvpx9hSUKN/KrreK7zh6zr2NTYaRMiXPlUT8PC7VdwEkpZPq9fYkeMBBSlRiYUUO2q19Y2rtidWZ3UeKr2MPJA2a9A7l/JGpYeLk7Bg/623xfp2rvqysFbjVQHsR2FUrnhdV/DK6vafRrjPbdKOWjaorc3UdZ6LeS191zwTKUsZHQuW35LXrg+Xhiovle5FetgqVSeMtdAigLQ7rtUzmilZk8clDstibLzmGkKeBsFZKFDkNlMxQmHarA2bH5RcBazugokztEUgRBGVL4XAjStlyYez0EqAXdC7FmxRctx/8fS6n7gLv2eLOxFswNbjpZRDG8ctPGQIF2xPIkV3Ahf9UH1A2Q5pVRCvd49yLflCBE+MFyVjz2FvpkFg915TN3K0j4OKuIW8E5D3whO8e+ofJiZGSgw7+NYZfJi/d1SPMkCyJG5M9wtTJLtLWMDxmvhJlkGO5Hxu/f06EygMKvF1P8DjkpvbFDjClKS/WjmN4IrccYUgrL+kL7XsQZ1EfvFPu/ioKGV9OuHQfOJNqMNPQdGwjg830GSjn2GeyArYSsQ1mJ1QOCPPdlzNpwYf8WRCELAt8LnTWEuKuNpfesvp5pN8DaAa2qagiHMwRKXcwuutgfL3j9gD1wmu3hzbWEilWXXykh75JjM8bPTYkQQWQVJSwjfv9fnlxwxg8bueaVydOyI6TOLfowsDEJR1zy7L5d6uUMwJlrtjHms6N3SYJ4mrgogCrOkH4qX+MMAnkUfVAbxmPvX3u9bxIqbOSoUuzjQto/LJnpPwY6MblEEpkLVo42n2Vaaq2ihMtzXLeq4qd+g7PIQf47RNWtP78+T8csxzlPG7s+c8UPZCoKoVw9EFBXS7SBE=,iv:xNXCfyNWCbWgeDL0oEkPFSxtPxH9SNcUb6nfGo2bRaU=,tag:uy9IUhzGgKgrAI0Fu+hR1g==,type:str]
+    slack.yaml: ENC[AES256_GCM,data:cIvPkVdSA5gJl0jj1BkwnHwGsJoh2971kphae1IEEirwt9oJ71T0sR9ZAPqhXHlhK8LkYulZX9CcEeMuRwysh4DaFynqBF3J7O7xJnJP9jFC3QopsVnaEhRARnGlLRMqJuOVQFeUixm+71eJ1DI6ApfdfIDwR8KFJfx0+6TWlgeVNNQBu6Vhxlbf/x8sUZEPU6M/FqPaP6Evara0cWSKJ1NIhaosQh6cghp6bxoOOJtrLweGwcKHv2QWCPajUlVv5aHl3qK9djoGDc50cTzD6HPCq6swzn2coI5i2uGNVMg2s6Mxp1zcB6/5PgOeZon2vhlrwsq6T53MzIjyQaocGVXsqQWXZO9eeG0E4ZJxp1lz7DmiwLr9zOrz+9WGWkPkVGII7uskYsUIpOI5qnJp5pkXO828KCSrzlOKdqHu7L7UqYcxnbjYvWaEnOje9snoXMNykYwoLS1Pmb7Sq7jXxQTgMjYjquNVp/yKHKCX2gBmSptYZtcCqU4=,iv:BU3Sz/tFhVn+1uNVYtHT5Db+p8KEqt66BWUhig9lK4o=,tag:SZAujz6AQZPkBYp0QweuCQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-01-19T07:52:51Z"
-    mac: ENC[AES256_GCM,data:eerncWbi85ZV3KYgLcRiSYVDF9WtlTfTS7XnMN3rlX8O4T2c8K76G1KIsL92U3pIFGCJOg1KUPrMajVGiWdXIsypT/J/BKkiijetk6z5javtc1JmuWC9V4VA0DqpHnL5+Nf7EHewxa8GWWe9bGtwOkkcWlujRfu2algCwUmtCUY=,iv:mWA0wJcJl/S5rbYJXIxuwouXsNg+pB/zmXvv0D7lA2o=,tag:+VzRB2Pixsv4jDcnlEnKLw==,type:str]
+    lastmodified: "2024-03-11T23:12:03Z"
+    mac: ENC[AES256_GCM,data://wtLgQoGiN4oybs2nvw2v1aH7qIAbOOCqEpLSCX+vsIJz3Niqh3dZeuuh/7Rup+9ETobECNeL6RvnCGRvfGcbqSOiKdIl7kerbJJkaYCB3vdJwPaglwBceob5VuH+dI/T5bmfAX9ghyUirK84yLPq8DW9VYus83BpLnzBBGDiY=,iv:V8WWkDzZr772Qo+JNiYggPYGQgbZMN/TbvrpALAofE4=,tag:TbaMhN4Q9ICqMvBnQfKqHA==,type:str]
     pgp:
         - created_at: "2024-01-11T20:55:07Z"
           enc: |-
diff --git a/kustomizations/matrix/ingress.yaml b/kustomizations/matrix/ingress.yaml
index 7339937..f35caa8 100644
--- a/kustomizations/matrix/ingress.yaml
+++ b/kustomizations/matrix/ingress.yaml
@@ -118,4 +118,35 @@ spec:
                 name: element-web
                 port:
                   name: http
-
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: appservice-slack
+  labels:
+    app.kubernetes.io/name: appservice-slack
+    app.kubernetes.io/part-of: matrix
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      add_header X-Frame-Options SAMEORIGIN;
+      add_header X-Content-Type-Options nosniff;
+      add_header X-XSS-Protection "1; mode=block";
+      add_header Content-Security-Policy "frame-ancestors 'self'";
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+      - slack-bridge.matrix.distrust.co
+      secretName: slack-bridge-matrix-distrust-co-tls
+  rules:
+    - host: slack-bridge.matrix.distrust.co
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: appservice-slack
+                port:
+                  name: rtm