From f5495de7c0d9826bb06455458ffcdb794ef2362c Mon Sep 17 00:00:00 2001
From: Danny Grove <danny@drgrovellc.com>
Date: Sun, 21 Jan 2024 23:35:17 -0800
Subject: [PATCH] k/matrix/element: initial commit

---
 kustomizations/matrix/element/deployment.yaml | 61 +++++++++++++++++++
 .../matrix/element/files/config.json          | 44 +++++++++++++
 .../matrix/element/files/default.conf         | 44 +++++++++++++
 .../matrix/element/files/nginx.conf           | 28 +++++++++
 .../matrix/element/kustomization.yaml         | 16 +++++
 kustomizations/matrix/element/service.yaml    | 10 +++
 6 files changed, 203 insertions(+)
 create mode 100644 kustomizations/matrix/element/deployment.yaml
 create mode 100644 kustomizations/matrix/element/files/config.json
 create mode 100644 kustomizations/matrix/element/files/default.conf
 create mode 100644 kustomizations/matrix/element/files/nginx.conf
 create mode 100644 kustomizations/matrix/element/kustomization.yaml
 create mode 100644 kustomizations/matrix/element/service.yaml

diff --git a/kustomizations/matrix/element/deployment.yaml b/kustomizations/matrix/element/deployment.yaml
new file mode 100644
index 0000000..904e82f
--- /dev/null
+++ b/kustomizations/matrix/element/deployment.yaml
@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: element-web
+spec:
+  template:
+    spec:
+      securityContext:
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+      containers:
+        - name: element-web
+          image: vectorim/element-web
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          volumeMounts:
+            - mountPath: /app/config.json
+              name: config
+              subPath: config.json
+              readOnly: true
+            - mountPath: /etc/nginx/nginx.conf
+              name: config
+              subPath: nginx.conf
+              readOnly: true
+            - mountPath: /etc/nginx/conf.d/default.conf
+              name: config
+              subPath: default.conf
+              readOnly: true
+            - mountPath: /var/cache/nginx
+              name: ephemeral
+              subPath: cache
+            - mountPath: /var/run/pid
+              name: ephemeral
+              subPath: pid
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          startupProbe:
+            httpGet:
+              path: /
+              port: http
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+      volumes:
+        - name: config
+          configMap:
+            name: element-web-config
+        - name: ephemeral
+          emptyDir: {}
diff --git a/kustomizations/matrix/element/files/config.json b/kustomizations/matrix/element/files/config.json
new file mode 100644
index 0000000..3373a71
--- /dev/null
+++ b/kustomizations/matrix/element/files/config.json
@@ -0,0 +1,44 @@
+{
+  "default_server_config": {
+    "m.homeserver": {
+      "base_url": "https://matrix.distrust.co",
+      "server_name": "distrust.co"
+    }
+  },
+  "brand": "Distrust Chat",
+  "branding": {
+    "default_theme": "dark"
+  },
+  "showLabsSettings": true,
+  "features": {
+    "feature_new_spinner": true,
+    "feature_pinning": true,
+    "feature_custom_status": true,
+    "feature_custom_tags": true,
+    "feature_state_counters": true,
+    "feature_many_integration_managers": true,
+    "feature_mjolnir": true,
+    "feature_dm_verification": true,
+    "feature_bridge_state": true,
+    "feature_presence_in_room_list": true,
+    "feature_custom_themes": true,
+    "feature_oidc_native_flow": true
+  },
+  "roomDirectory": {
+    "servers": [
+      "matrix.org",
+      "distrust.co"
+    ]
+  },
+  "integrations_ui_url": "https://scalar.vector.im/",
+  "integrations_rest_url": "https://scalar.vector.im/api",
+  "integrations_widgets_urls": [
+    "https://scalar.vector.im/_matrix/integrations/v1",
+    "https://scalar.vector.im/api",
+    "https://scalar-staging.vector.im/_matrix/integrations/v1",
+    "https://scalar-staging.vector.im/api",
+    "https://scalar-staging.riot.im/scalar/api"
+  ],
+  "defaultCountryCode": "EN",
+  "default_theme": "dark"
+}
diff --git a/kustomizations/matrix/element/files/default.conf b/kustomizations/matrix/element/files/default.conf
new file mode 100644
index 0000000..d5b4170
--- /dev/null
+++ b/kustomizations/matrix/element/files/default.conf
@@ -0,0 +1,44 @@
+server {
+	listen       8080;
+	server_name  localhost;
+
+	#charset koi8-r;
+	#access_log  /var/log/nginx/host.access.log  main;
+
+	location / {
+			root   /usr/share/nginx/html;
+			index  index.html index.htm;
+	}
+
+	#error_page  404              /404.html;
+
+	# redirect server error pages to the static page /50x.html
+	#
+	error_page   500 502 503 504  /50x.html;
+	location = /50x.html {
+			root   /usr/share/nginx/html;
+	}
+
+	# proxy the PHP scripts to Apache listening on 127.0.0.1:80
+	#
+	#location ~ \.php$ {
+	#    proxy_pass   http://127.0.0.1;
+	#}
+
+	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
+	#
+	#location ~ \.php$ {
+	#    root           html;
+	#    fastcgi_pass   127.0.0.1:9000;
+	#    fastcgi_index  index.php;
+	#    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
+	#    include        fastcgi_params;
+	#}
+
+	# deny access to .htaccess files, if Apache's document root
+	# concurs with nginx's one
+	#
+	#location ~ /\.ht {
+	#    deny  all;
+	#}
+}
diff --git a/kustomizations/matrix/element/files/nginx.conf b/kustomizations/matrix/element/files/nginx.conf
new file mode 100644
index 0000000..9630928
--- /dev/null
+++ b/kustomizations/matrix/element/files/nginx.conf
@@ -0,0 +1,28 @@
+worker_processes  auto;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/pid/nginx.pid;
+
+events {
+	worker_connections  1024;
+}
+
+http {
+	include       /etc/nginx/mime.types;
+	default_type  application/octet-stream;
+
+	log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+	'$status $body_bytes_sent "$http_referer" '
+	'"$http_user_agent" "$http_x_forwarded_for"';
+
+	access_log  /var/log/nginx/access.log  main;
+
+	sendfile        on;
+	#tcp_nopush     on;
+
+	keepalive_timeout  65;
+
+	#gzip  on;
+
+	include /etc/nginx/conf.d/*.conf;
+}
diff --git a/kustomizations/matrix/element/kustomization.yaml b/kustomizations/matrix/element/kustomization.yaml
new file mode 100644
index 0000000..f08a205
--- /dev/null
+++ b/kustomizations/matrix/element/kustomization.yaml
@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+labels:
+- includeSelectors: true
+  pairs:
+    app.kubernetes.io/name: element-web
+    app.kubernetes.io/part-of: matrix
+resources:
+- deployment.yaml
+- service.yaml
+configMapGenerator:
+  - name: element-web-config
+    files:
+      - files/config.json
+      - files/nginx.conf
+      - files/default.conf
diff --git a/kustomizations/matrix/element/service.yaml b/kustomizations/matrix/element/service.yaml
new file mode 100644
index 0000000..2b86688
--- /dev/null
+++ b/kustomizations/matrix/element/service.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: element-web
+spec:
+  ports:
+    - name: default
+      protocol: TCP
+      port: 80
+      targetPort: http