titan-iac/services/communication/wellknown.yaml

# services/communication/wellknown.yaml
apiVersion: v1
kind: ConfigMap
metadata:
  name: matrix-wellknown
  namespace: communication
data:
  client.json: |
    {
      "m.homeserver": {
        "base_url": "https://matrix.live.bstein.dev"
      },
      "org.matrix.msc4143.rtc_foci": [
        {
          "type": "livekit",
          "livekit_service_url": "https://kit.live.bstein.dev/livekit/jwt"
        }
      ]
    }
  server.json: |
    {
      "m.server": "live.bstein.dev:443"
    }
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: matrix-wellknown
  namespace: communication
  labels:
    app: matrix-wellknown
spec:
  replicas: 1
  selector:
    matchLabels:
      app: matrix-wellknown
  template:
    metadata:
      labels:
        app: matrix-wellknown
    spec:
      containers:
        - name: nginx
          image: nginx:1.27-alpine
          ports:
            - containerPort: 80
          volumeMounts:
            - name: wellknown
              mountPath: /usr/share/nginx/html/.well-known/matrix/client
              subPath: client.json
            - name: wellknown
              mountPath: /usr/share/nginx/html/.well-known/matrix/server
              subPath: server.json
      volumes:
        - name: wellknown
          configMap:
            name: matrix-wellknown
            items:
              - key: client.json
                path: client.json
              - key: server.json
                path: server.json
---
apiVersion: v1
kind: Service
metadata:
  name: matrix-wellknown
  namespace: communication
spec:
  selector:
    app: matrix-wellknown
  ports:
    - name: http
      port: 80
      targetPort: 80
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: matrix-wellknown
  namespace: communication
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    cert-manager.io/cluster-issuer: letsencrypt
spec:
  tls:
    - hosts:
        - live.bstein.dev
      secretName: live-othrys-tls
  rules:
    - host: live.bstein.dev
      http:
        paths:
          - path: /.well-known/matrix/client
            pathType: Prefix
            backend:
              service:
                name: matrix-wellknown
                port:
                  number: 80
          - path: /.well-known/matrix/server
            pathType: Prefix
            backend:
              service:
                name: matrix-wellknown
                port:
                  number: 80