From 9b012b72da2781f66b5018cb12c5a43459d910d9 Mon Sep 17 00:00:00 2001
From: Danny Grove <danny@drgrovellc.com>
Date: Sun, 21 Jan 2024 23:39:49 -0800
Subject: [PATCH] k/matrix: initial commit

---
 kustomizations/matrix/ingress.yaml       | 121 +++++++++++++++++++++++
 kustomizations/matrix/kustomization.yaml |  18 ++++
 2 files changed, 139 insertions(+)
 create mode 100644 kustomizations/matrix/ingress.yaml
 create mode 100644 kustomizations/matrix/kustomization.yaml

diff --git a/kustomizations/matrix/ingress.yaml b/kustomizations/matrix/ingress.yaml
new file mode 100644
index 0000000..7339937
--- /dev/null
+++ b/kustomizations/matrix/ingress.yaml
@@ -0,0 +1,121 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: matrix
+  labels:
+    app.kubernetes.io/name: matrix
+    app.kubernetes.io/part-of: matrix
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: 110m
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+      - matrix.distrust.co
+      secretName: matrix-distrust-co-tls
+    - hosts:
+      - matrix-fed.distrust.co
+      secretName: matrix-fed-distrust-co-tls
+  rules:
+    - host: matrix.distrust.co
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: synapse
+                port:
+                  name: http
+    - host: matrix-fed.distrust.co
+      http:
+        paths:
+          - path: /_matrix/
+            pathType: Prefix
+            backend:
+              service:
+                name: synapse
+                port:
+                  name: http
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: matrix-media-repo
+  labels:
+    app.kubernetes.io/name: matrix
+    app.kubernetes.io/part-of: matrix
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
+    nginx.ingress.kubernetes.io/enable-cors: "true"
+    nginx.ingress.kubernetes.io/proxy-body-size: 110m
+    # This combination of configurations allows for the media-repo to function
+    # properly
+    nginx.ingress.kubernetes.io/upstream-vhost: distrust.co
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      more_set_input_headers 'Host: distrust.co';
+      more_set_input_headers 'X-Forwarded-Host: distrust.co';
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+      - matrix.distrust.co
+      secretName: matrix-distrust-co-tls
+  rules:
+    - host: matrix.distrust.co
+      http:
+        paths:
+          - path: /_matrix/media/
+            pathType: Prefix
+            backend:
+              service:
+                name: media-repo
+                port:
+                  name: http
+    - host: matrix-fed.distrust.co
+      http:
+        paths:
+          - path: /_matrix/
+            pathType: Prefix
+            backend:
+              service:
+                name: synapse
+                port:
+                  name: http
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: element-web
+  labels:
+    app.kubernetes.io/name: element-web
+    app.kubernetes.io/part-of: matrix
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      add_header X-Frame-Options SAMEORIGIN;
+      add_header X-Content-Type-Options nosniff;
+      add_header X-XSS-Protection "1; mode=block";
+      add_header Content-Security-Policy "frame-ancestors 'self'";
+spec:
+  ingressClassName: nginx
+  tls:
+    - hosts:
+      - chat.distrust.co
+      secretName: element-distrust-co-tls
+  rules:
+    - host: chat.distrust.co
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: element-web
+                port:
+                  name: http
+
diff --git a/kustomizations/matrix/kustomization.yaml b/kustomizations/matrix/kustomization.yaml
new file mode 100644
index 0000000..9130507
--- /dev/null
+++ b/kustomizations/matrix/kustomization.yaml
@@ -0,0 +1,18 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: matrix
+resources:
+- synapse
+- coturn
+- element
+- matrix-media-repo
+- bridges/matrix-appservice-slack
+- bridges/mautrix-telegram
+- ingress.yaml
+images:
+  - name: matrixdotdog/synapse
+    newTag: v1.98.0@sha256:8d962e48a1d88d2fb646c82b1babf4dd0ed765b21a4cf15600d77e90e46dc413
+  - name: coturn/coturn
+    newTag: 4.6.2@sha256:9a5d44d1aebf28f1a96de4595bbab3eadc1ebd6bda705ca040df907f353f9fb2
+  - name: dock.mau.dev/mautrix/slack
+    newTag: 4530ff397d08d93b673cd71da4c2a75d969ca0df-amd64@sha256:7db11f874c655dd8be77a75fb07bd6071cc0d7e92bc564e1397f5b2e0e1883c7