apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: matrix
  labels:
    app.kubernetes.io/name: matrix
    app.kubernetes.io/part-of: matrix
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: 110m
spec:
  ingressClassName: nginx
  tls:
    - hosts:
      - matrix.distrust.co
      secretName: matrix-distrust-co-tls
    - hosts:
      - matrix-fed.distrust.co
      secretName: matrix-fed-distrust-co-tls
  rules:
    - host: matrix.distrust.co
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: synapse
                port:
                  name: http
    - host: matrix-fed.distrust.co
      http:
        paths:
          - path: /_matrix/
            pathType: Prefix
            backend:
              service:
                name: synapse
                port:
                  name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: matrix-media-repo
  labels:
    app.kubernetes.io/name: matrix
    app.kubernetes.io/part-of: matrix
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/cors-allow-origin: https://chat.distrust.co,https:app.matrix.org
    nginx.ingress.kubernetes.io/enable-cors: "true"
    nginx.ingress.kubernetes.io/proxy-body-size: 110m
    # This combination of configurations allows for the media-repo to function
    # properly
    nginx.ingress.kubernetes.io/upstream-vhost: distrust.co
    nginx.ingress.kubernetes.io/configuration-snippet: |
      more_set_input_headers 'Host: distrust.co';
      more_set_input_headers 'X-Forwarded-Host: distrust.co';
spec:
  ingressClassName: nginx
  tls:
    - hosts:
      - matrix.distrust.co
      secretName: matrix-distrust-co-tls
  rules:
    - host: matrix.distrust.co
      http:
        paths:
          - path: /_matrix/media/
            pathType: Prefix
            backend:
              service:
                name: media-repo
                port:
                  name: http
    - host: matrix-fed.distrust.co
      http:
        paths:
          - path: /_matrix/
            pathType: Prefix
            backend:
              service:
                name: synapse
                port:
                  name: http
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: element-web
  labels:
    app.kubernetes.io/name: element-web
    app.kubernetes.io/part-of: matrix
  annotations:
    cert-manager.io/cluster-issuer: letsencrypt
    nginx.ingress.kubernetes.io/configuration-snippet: |
      add_header X-Frame-Options SAMEORIGIN;
      add_header X-Content-Type-Options nosniff;
      add_header X-XSS-Protection "1; mode=block";
      add_header Content-Security-Policy "frame-ancestors 'self'";
spec:
  ingressClassName: nginx
  tls:
    - hosts:
      - chat.distrust.co
      secretName: element-distrust-co-tls
  rules:
    - host: chat.distrust.co
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: element-web
                port:
                  name: http