k/matrix: initial commit

This commit is contained in:
Danny Grove 2024-01-21 23:39:49 -08:00
parent f5495de7c0
commit 9b012b72da
Signed by: drgrove
GPG Key ID: E1F4160251DB4C2E
2 changed files with 139 additions and 0 deletions

View File

@ -0,0 +1,121 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: matrix
labels:
app.kubernetes.io/name: matrix
app.kubernetes.io/part-of: matrix
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 110m
spec:
ingressClassName: nginx
tls:
- hosts:
- matrix.distrust.co
secretName: matrix-distrust-co-tls
- hosts:
- matrix-fed.distrust.co
secretName: matrix-fed-distrust-co-tls
rules:
- host: matrix.distrust.co
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: synapse
port:
name: http
- host: matrix-fed.distrust.co
http:
paths:
- path: /_matrix/
pathType: Prefix
backend:
service:
name: synapse
port:
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: matrix-media-repo
labels:
app.kubernetes.io/name: matrix
app.kubernetes.io/part-of: matrix
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/proxy-body-size: 110m
# This combination of configurations allows for the media-repo to function
# properly
nginx.ingress.kubernetes.io/upstream-vhost: distrust.co
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_input_headers 'Host: distrust.co';
more_set_input_headers 'X-Forwarded-Host: distrust.co';
spec:
ingressClassName: nginx
tls:
- hosts:
- matrix.distrust.co
secretName: matrix-distrust-co-tls
rules:
- host: matrix.distrust.co
http:
paths:
- path: /_matrix/media/
pathType: Prefix
backend:
service:
name: media-repo
port:
name: http
- host: matrix-fed.distrust.co
http:
paths:
- path: /_matrix/
pathType: Prefix
backend:
service:
name: synapse
port:
name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: element-web
labels:
app.kubernetes.io/name: element-web
app.kubernetes.io/part-of: matrix
annotations:
cert-manager.io/cluster-issuer: letsencrypt
nginx.ingress.kubernetes.io/configuration-snippet: |
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'self'";
spec:
ingressClassName: nginx
tls:
- hosts:
- chat.distrust.co
secretName: element-distrust-co-tls
rules:
- host: chat.distrust.co
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: element-web
port:
name: http

View File

@ -0,0 +1,18 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: matrix
resources:
- synapse
- coturn
- element
- matrix-media-repo
- bridges/matrix-appservice-slack
- bridges/mautrix-telegram
- ingress.yaml
images:
- name: matrixdotdog/synapse
newTag: v1.98.0@sha256:8d962e48a1d88d2fb646c82b1babf4dd0ed765b21a4cf15600d77e90e46dc413
- name: coturn/coturn
newTag: 4.6.2@sha256:9a5d44d1aebf28f1a96de4595bbab3eadc1ebd6bda705ca040df907f353f9fb2
- name: dock.mau.dev/mautrix/slack
newTag: 4530ff397d08d93b673cd71da4c2a75d969ca0df-amd64@sha256:7db11f874c655dd8be77a75fb07bd6071cc0d7e92bc564e1397f5b2e0e1883c7