titan-iac/services/comms/wellknown.yaml

# services/comms/wellknown.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: matrix-wellknown
data:
  client.json: |
    {
      "m.homeserver": {
        "base_url": "https://matrix.live.bstein.dev"
      },
      "org.matrix.msc2965.authentication": {
        "issuer": "https://matrix.live.bstein.dev/",
        "account": "https://matrix.live.bstein.dev/account/"
      },
      "org.matrix.msc4143.rtc_foci": [
        {
          "type": "livekit",
          "livekit_service_url": "https://kit.live.bstein.dev/livekit/jwt"
        }
      ]
    }
  server.json: |
    {
      "m.server": "live.bstein.dev:443"
    }
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: matrix-wellknown-nginx
data:
  default.conf: |
    server {
      listen 80;
      server_name _;

      root /usr/share/nginx/html;

      # Some clients request a trailing slash; serve both.
      location ~ ^/\.well-known/matrix/client/?$ {
        default_type application/json;
        add_header Access-Control-Allow-Origin "*" always;
        try_files /.well-known/matrix/client =404;
      }

      location ~ ^/\.well-known/matrix/server/?$ {
        default_type application/json;
        add_header Access-Control-Allow-Origin "*" always;
        try_files /.well-known/matrix/server =404;
      }
    }
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: matrix-wellknown
  labels:
    app: matrix-wellknown
spec:
  replicas: 1
  selector:
    matchLabels:
      app: matrix-wellknown
  template:
    metadata:
      labels:
        app: matrix-wellknown
    spec:
      containers:
        - name: nginx
          image: nginx:1.27-alpine
          ports:
            - containerPort: 80
          volumeMounts:
            - name: wellknown
              mountPath: /usr/share/nginx/html/.well-known/matrix
              readOnly: true
            - name: nginx-config
              mountPath: /etc/nginx/conf.d
              readOnly: true
      volumes:
        - name: wellknown
          configMap:
            name: matrix-wellknown
            items:
              - key: client.json
                path: client
              - key: server.json
                path: server
        - name: nginx-config
          configMap:
            name: matrix-wellknown-nginx
            items:
              - key: default.conf
                path: default.conf
---
apiVersion: v1
kind: Service
metadata:
  name: matrix-wellknown
spec:
  selector:
    app: matrix-wellknown
  ports:
    - name: http
      port: 80
      targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: matrix-wellknown
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  tls:
    - hosts:
        - live.bstein.dev
      secretName: live-othrys-tls
  rules:
    - host: live.bstein.dev
      http:
        paths:
          - path: /.well-known/matrix/client
            pathType: Prefix
            backend:
              service:
                name: matrix-wellknown
                port:
                  number: 80
          - path: /.well-known/matrix/server
            pathType: Prefix
            backend:
              service:
                name: matrix-wellknown
                port:
                  number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: matrix-wellknown-matrix-live
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  tls:
    - hosts:
        - matrix.live.bstein.dev
      secretName: matrix-live-tls
  rules:
    - host: matrix.live.bstein.dev
      http:
        paths:
          - path: /.well-known/matrix/client
            pathType: Prefix
            backend:
              service:
                name: matrix-wellknown
                port:
                  number: 80
          - path: /.well-known/matrix/server
            pathType: Prefix
            backend:
              service:
                name: matrix-wellknown
                port:
                  number: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: matrix-wellknown-bstein-dev
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  tls:
    - hosts:
        - bstein.dev
      secretName: bstein-dev-home-tls
  rules:
    - host: bstein.dev
      http:
        paths:
          - path: /.well-known/matrix/client
            pathType: Prefix
            backend:
              service:
                name: matrix-wellknown
                port:
                  number: 80
          - path: /.well-known/matrix/server
            pathType: Prefix
            backend:
              service:
                name: matrix-wellknown
                port:
                  number: 80
comms: consolidate stack manifests 2026-01-08 01:55:58 -03:00			`# services/comms/wellknown.yaml`
communication: add Othrys stack via Flux 2025-12-31 12:00:12 -03:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: matrix-wellknown`
			`data:`
			`client.json: \|`
			`{`
			`"m.homeserver": {`
			`"base_url": "https://matrix.live.bstein.dev"`
			`},`
communication: enable MAS delegated auth 2025-12-31 15:53:35 -03:00			`"org.matrix.msc2965.authentication": {`
			`"issuer": "https://matrix.live.bstein.dev/",`
			`"account": "https://matrix.live.bstein.dev/account/"`
			`},`
communication: add Othrys stack via Flux 2025-12-31 12:00:12 -03:00			`"org.matrix.msc4143.rtc_foci": [`
			`{`
			`"type": "livekit",`
			`"livekit_service_url": "https://kit.live.bstein.dev/livekit/jwt"`
			`}`
			`]`
			`}`
			`server.json: \|`
			`{`
			`"m.server": "live.bstein.dev:443"`
			`}`
			`---`
communication: fix Matrix well-known auth JSON 2025-12-31 16:18:24 -03:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: matrix-wellknown-nginx`
			`data:`
			`default.conf: \|`
			`server {`
			`listen 80;`
			`server_name _;`

			`root /usr/share/nginx/html;`

communication: serve matrix well-known with trailing slash 2025-12-31 19:13:08 -03:00			`# Some clients request a trailing slash; serve both.`
communication: fix well-known nginx regex escaping 2025-12-31 19:15:01 -03:00			`location ~ ^/\.well-known/matrix/client/?$ {`
communication: fix Matrix well-known auth JSON 2025-12-31 16:18:24 -03:00			`default_type application/json;`
communication: serve matrix well-known with trailing slash 2025-12-31 19:13:08 -03:00			`add_header Access-Control-Allow-Origin "*" always;`
			`try_files /.well-known/matrix/client =404;`
communication: fix Matrix well-known auth JSON 2025-12-31 16:18:24 -03:00			`}`

communication: fix well-known nginx regex escaping 2025-12-31 19:15:01 -03:00			`location ~ ^/\.well-known/matrix/server/?$ {`
communication: fix Matrix well-known auth JSON 2025-12-31 16:18:24 -03:00			`default_type application/json;`
communication: serve matrix well-known with trailing slash 2025-12-31 19:13:08 -03:00			`add_header Access-Control-Allow-Origin "*" always;`
			`try_files /.well-known/matrix/server =404;`
communication: fix Matrix well-known auth JSON 2025-12-31 16:18:24 -03:00			`}`
			`}`
			`---`
communication: add Othrys stack via Flux 2025-12-31 12:00:12 -03:00			`apiVersion: apps/v1`
			`kind: Deployment`
			`metadata:`
			`name: matrix-wellknown`
			`labels:`
			`app: matrix-wellknown`
			`spec:`
			`replicas: 1`
			`selector:`
			`matchLabels:`
			`app: matrix-wellknown`
			`template:`
			`metadata:`
			`labels:`
			`app: matrix-wellknown`
			`spec:`
			`containers:`
			`- name: nginx`
			`image: nginx:1.27-alpine`
			`ports:`
			`- containerPort: 80`
			`volumeMounts:`
			`- name: wellknown`
communication: fix Matrix well-known auth JSON 2025-12-31 16:18:24 -03:00			`mountPath: /usr/share/nginx/html/.well-known/matrix`
			`readOnly: true`
			`- name: nginx-config`
communication: fix well-known trailing slash and reload config 2025-12-31 19:17:31 -03:00			`mountPath: /etc/nginx/conf.d`
			`readOnly: true`
communication: add Othrys stack via Flux 2025-12-31 12:00:12 -03:00			`volumes:`
			`- name: wellknown`
			`configMap:`
			`name: matrix-wellknown`
			`items:`
			`- key: client.json`
communication: fix Matrix well-known auth JSON 2025-12-31 16:18:24 -03:00			`path: client`
communication: add Othrys stack via Flux 2025-12-31 12:00:12 -03:00			`- key: server.json`
communication: fix Matrix well-known auth JSON 2025-12-31 16:18:24 -03:00			`path: server`
			`- name: nginx-config`
			`configMap:`
			`name: matrix-wellknown-nginx`
			`items:`
			`- key: default.conf`
			`path: default.conf`
communication: add Othrys stack via Flux 2025-12-31 12:00:12 -03:00			`---`
			`apiVersion: v1`
			`kind: Service`
			`metadata:`
			`name: matrix-wellknown`
			`spec:`
			`selector:`
			`app: matrix-wellknown`
			`ports:`
			`- name: http`
			`port: 80`
			`targetPort: 80`
			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: matrix-wellknown`
			`annotations:`
			`kubernetes.io/ingress.class: traefik`
			`traefik.ingress.kubernetes.io/router.entrypoints: websecure`
			`traefik.ingress.kubernetes.io/router.tls: "true"`
			`cert-manager.io/cluster-issuer: letsencrypt`
			`spec:`
			`tls:`
			`- hosts:`
			`- live.bstein.dev`
			`secretName: live-othrys-tls`
			`rules:`
			`- host: live.bstein.dev`
			`http:`
			`paths:`
			`- path: /.well-known/matrix/client`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: matrix-wellknown`
			`port:`
			`number: 80`
			`- path: /.well-known/matrix/server`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: matrix-wellknown`
			`port:`
			`number: 80`
communication: serve matrix well-known on matrix.live 2025-12-31 19:19:44 -03:00			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: matrix-wellknown-matrix-live`
			`annotations:`
			`kubernetes.io/ingress.class: traefik`
			`traefik.ingress.kubernetes.io/router.entrypoints: websecure`
			`traefik.ingress.kubernetes.io/router.tls: "true"`
			`spec:`
			`tls:`
			`- hosts:`
			`- matrix.live.bstein.dev`
			`secretName: matrix-live-tls`
			`rules:`
			`- host: matrix.live.bstein.dev`
			`http:`
			`paths:`
			`- path: /.well-known/matrix/client`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: matrix-wellknown`
			`port:`
			`number: 80`
			`- path: /.well-known/matrix/server`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: matrix-wellknown`
			`port:`
			`number: 80`
comms: consolidate stack manifests 2026-01-08 01:55:58 -03:00			`---`
			`apiVersion: networking.k8s.io/v1`
			`kind: Ingress`
			`metadata:`
			`name: matrix-wellknown-bstein-dev`
			`annotations:`
			`kubernetes.io/ingress.class: traefik`
			`traefik.ingress.kubernetes.io/router.entrypoints: websecure`
			`traefik.ingress.kubernetes.io/router.tls: "true"`
			`cert-manager.io/cluster-issuer: letsencrypt`
			`spec:`
			`tls:`
			`- hosts:`
			`- bstein.dev`
			`secretName: bstein-dev-home-tls`
			`rules:`
			`- host: bstein.dev`
			`http:`
			`paths:`
			`- path: /.well-known/matrix/client`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: matrix-wellknown`
			`port:`
			`number: 80`
			`- path: /.well-known/matrix/server`
			`pathType: Prefix`
			`backend:`
			`service:`
			`name: matrix-wellknown`
			`port:`
			`number: 80`