# services/comms/wellknown.yaml apiVersion: v1 kind: ConfigMap metadata: name: matrix-wellknown data: client.json: | { "m.homeserver": { "base_url": "https://matrix.live.bstein.dev" }, "org.matrix.msc2965.authentication": { "issuer": "https://matrix.live.bstein.dev/", "account": "https://matrix.live.bstein.dev/account/" }, "org.matrix.msc4143.rtc_foci": [ { "type": "livekit", "livekit_service_url": "https://kit.live.bstein.dev/livekit/jwt" } ] } server.json: | { "m.server": "live.bstein.dev:443" } --- apiVersion: v1 kind: ConfigMap metadata: name: matrix-wellknown-nginx data: default.conf: | server { listen 80; server_name _; root /usr/share/nginx/html; # Some clients request a trailing slash; serve both. location ~ ^/\.well-known/matrix/client/?$ { default_type application/json; add_header Access-Control-Allow-Origin "*" always; try_files /.well-known/matrix/client =404; } location ~ ^/\.well-known/matrix/server/?$ { default_type application/json; add_header Access-Control-Allow-Origin "*" always; try_files /.well-known/matrix/server =404; } } --- apiVersion: apps/v1 kind: Deployment metadata: name: matrix-wellknown labels: app: matrix-wellknown spec: replicas: 1 selector: matchLabels: app: matrix-wellknown template: metadata: labels: app: matrix-wellknown spec: containers: - name: nginx image: nginx:1.27-alpine ports: - containerPort: 80 volumeMounts: - name: wellknown mountPath: /usr/share/nginx/html/.well-known/matrix readOnly: true - name: nginx-config mountPath: /etc/nginx/conf.d readOnly: true volumes: - name: wellknown configMap: name: matrix-wellknown items: - key: client.json path: client - key: server.json path: server - name: nginx-config configMap: name: matrix-wellknown-nginx items: - key: default.conf path: default.conf --- apiVersion: v1 kind: Service metadata: name: matrix-wellknown spec: selector: app: matrix-wellknown ports: - name: http port: 80 targetPort: 80 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: matrix-wellknown annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" cert-manager.io/cluster-issuer: letsencrypt spec: tls: - hosts: - live.bstein.dev secretName: live-othrys-tls rules: - host: live.bstein.dev http: paths: - path: /.well-known/matrix/client pathType: Prefix backend: service: name: matrix-wellknown port: number: 80 - path: /.well-known/matrix/server pathType: Prefix backend: service: name: matrix-wellknown port: number: 80 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: matrix-wellknown-matrix-live annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" spec: tls: - hosts: - matrix.live.bstein.dev secretName: matrix-live-tls rules: - host: matrix.live.bstein.dev http: paths: - path: /.well-known/matrix/client pathType: Prefix backend: service: name: matrix-wellknown port: number: 80 - path: /.well-known/matrix/server pathType: Prefix backend: service: name: matrix-wellknown port: number: 80 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: matrix-wellknown-bstein-dev annotations: kubernetes.io/ingress.class: traefik traefik.ingress.kubernetes.io/router.entrypoints: websecure traefik.ingress.kubernetes.io/router.tls: "true" cert-manager.io/cluster-issuer: letsencrypt spec: tls: - hosts: - bstein.dev secretName: bstein-dev-home-tls rules: - host: bstein.dev http: paths: - path: /.well-known/matrix/client pathType: Prefix backend: service: name: matrix-wellknown port: number: 80 - path: /.well-known/matrix/server pathType: Prefix backend: service: name: matrix-wellknown port: number: 80