feat: add dendrite and webserver that hosts well-known file for matrix

cluster/apps/default/dendrite/helm-release.yaml

@@ -0,0 +1,88 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: dendrite
+  namespace: default
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.1.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjws-charts
+        namespace: flux-system
+
+  values:
+    controllers:
+      main:
+#        pod:
+#          securityContext:
+#            runAsNonRoot: true
+#            runAsUser: 10000
+#            runAsGroup: 10000
+#            fsGroup: 10000
+#            fsGroupChangePolicy: OnRootMismatch
+
+        containers:
+          main:
+            image:
+              repository: matrixdotorg/dendrite-monolith
+              tag: v0.13.7
+
+    service:
+      app:
+        controller: main
+
+        ports:
+          http:
+            port: 8008
+
+    ingress:
+      main:
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+
+        hosts:
+        - host: "matrix.${SECRET_NEW_DOMAIN}"
+          paths:
+          - path: /
+            service:
+              identifier: app
+              port: http
+        - host: "${SECRET_NEW_DOMAIN}"
+          paths:
+          - path: /_matrix
+            service:
+              identifier: app
+              port: http
+
+    persistence:
+      config:
+        type: configMap
+        # mounts 'matrix_key.pem' and 'config.yaml'
+        name: dendrite-config
+        defaultMode: 0664
+        globalMounts:
+          - path: /etc/dendrite
+
+      searchindex:
+        type: hostPath
+        hostPath: /mnt/MainPool/Kubernetes/matrix/searchindex
+        globalMounts:
+          - path: /var/dendrite/searchindex
+
+      media-store:
+        type: hostPath
+        hostPath: /mnt/MainPool/Kubernetes/matrix/media
+        globalMounts:
+          - path: /var/dendrite/media_store
+
+      jetstream:
+        type: hostPath
+        hostPath: /mnt/MainPool/Kubernetes/matrix/jetstream
+        globalMounts:
+          - path: /var/dendrite/jetstream

cluster/apps/default/dendrite/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./config.sops.yaml
+- ./helm-release.yaml

cluster/apps/default/kustomization.yaml

@@ -6,4 +6,6 @@ resources:
 - ./trilium
 - ./mealie
 - ./huginn
-- ./exim
+- ./exim
+- ./well-known-site
+- ./dendrite

cluster/apps/default/well-known-site/config.sops.yaml

@@ -0,0 +1,71 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+    name: well-known-site
+    namespace: default
+data:
+    nginx.conf: ENC[AES256_GCM,data:axWUHKsftk7FO1GeoTB1BpViXfoSfprYOTjibwNAYhE9SK7Y+iOQqu1rIJ/iq50FN3t0kzxuvhPrtzcAHS27Esq5MtRxklnyxq/kTy6kMZmlUTe0UmGWGIgA9NQ1GgUzGCO7QgfP0MKaSC4rr066uQNtlneZnMh68Je1ERYIaiJHjf0FS2Ugv1LRrnSkDXv+sHjHzXE+2u64dfe3jLWPG18CFEa+eTFNFaueajBecyFuGjlreh8kwFTuZI7CR9J+rKlUoq8KUcc5qo5DswVhVtHJTh0J1UDH64myF5Po6odSgpCFfIaLsdcAnI9mn8TnagBYR7H/PdAXGx6m4Z/nJKXM9dEK4ChPgKFoGj2ZnWcPonHwxakiekLi+fSaUKEfuX/F2wYTFozOIrmOkxehslan8JLLah+6DwtxLyFa6nioSK1IQ46EY5stx2weO7t95UzHgI6SI7HA46nVYH2orBl7MLDy7xi4vQtuK+Fgl1P2IV2wWOWrv4Wwsp2ztRn2/n91LISOVgmvWeYIwx5WreLB8RSGad0Pt4FJXXa2iydERXGa6IcjR6etmjrysW0XTimBmQFIbHgL6zk2NiPwtY47uRfiLSt4z29mFK6b8RIQ8htnTJIhbv6kQdt3clmimVfu11YZuqgnkcr/zxDr+zR3jGpM41sg+1XyMX7fueNDuNxL3tA/kwmqaYX4oJKWodzzls1XusrL+lQkzQt2M29nf4vDsNmFGqIl0ZFnYaZ1QuvJrMs/1yWN+34Qh0vNMnRqHZVAx+DiGw2rDKUzJUSj/+lINyRozjDAbTSU/rObPWYnC/0zCmZLpFT6PdiXzTdHMRYLoFhPgSEy4HXjGdaCn7WWI/TcAZLKGHFfHrgMnc78PK+93iEoa/n9sBte4ZfSb90i8g+81I6Lq0qmC3R01jkaVePkVDw967H+egoa0fcb3zuxx91KKycvazWvwqntFpWIeH3m27WzPnkKHujn2UUKw/E1tSjyPWhc1Wzzkyc0oetU8u9I3NPKpw6moecvJGFwztodYYilAJalMPjDoClZwc7wRxObXiM+PH+jlRlsYrTts7H5AIz3PWrT+SsiWaSp5WuKXz9l48IPOQ0KijgqvWf90Weq9vbSedWO+ffmroyEpTwBRNqmqT5s7HHXqGKWWT7arIrBLNJcyXVA7Ame/7F7MOAVaRY0VAhtQTMDIOCCPz31C6bz8k0oq6n14EKDLTQxCzcXt+LGY/3yig56WK2CPjP8Mx97/sxBK/7kS76lqUTNdpFi2Rb81tRD6aB5GsURhzXWFSdPaATk+NmYGT7nGYqlF+uaXUdPRZJiHsZXvrGUcb8c0cOA3BUBpDOfFAr8DC8o22fOBK6h4GXA/sM36xepls8aFzz0XyKEQf9J7qsDLc6qs99mqUqGLoAH1JyZi5oz7FpP8FqBmtojOhCs4kMGU9C3TJ0ID+cfmURAbW+revNkpt3ovioN2ClAAztDRru9CtnGJ10fkw1YJr1KRTNy5zIoJDC7sBoenk53DZVbjI996D8sWaWIzl2g9g==,iv:qWsILqDVZTjH/tI/IW/gKKTsn2LVo9k4UtokBGnEFEw=,tag:mjBdSGPDQ4byxT8iaf3yjA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2024-07-03T20:16:25Z"
+    mac: ENC[AES256_GCM,data:FUx+4ZBrF9YwwAqhCCWnmec3VXUFT7wLx1weESsx4CGHvOPGoHE/ESJianpS+cYhCibbOn3gmP2axlPDNzXVwhXilSmGX6cz4BXsOeob2Z++cydbMtLAke5HZhCYJGZURKsFoG5c6zJNJAGASQxk9c6Xlg6CjOx6bjhEtqSUtic=,iv:LdOxS5SCWpEJT4l4OXsWZWWK5FIYo/bUzZtMiA1HhU8=,tag:lQ/Q8kP4xryW2wDXMEMKbg==,type:str]
+    pgp:
+        - created_at: "2024-07-03T20:16:25Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAyqlIeyoxYovAQ//XR0dmHqYjhjliN1sPdB+L1rlK4xaJPuguf87pAFfmxSW
+            Yqs46j3sQe/h/qqUMi0dWhUo/Jk0r96Jmkjrq1Bu2iqvwpHnMo4s3LaVLNw59dwN
+            QfPIY75IOSJnIm4eWr63qewZkTl1uwg3SfBBYrMHfC++eUZFXMziMUBCITf0Wi1J
+            O44hOK7E3+aMHHvRbRcMi0h2J0gjiuPROhKfaRwYNxXtaUK3yuTYwp0sdNUdOsmU
+            L5DkDQY8FQZjAJDi0elB/xuPvJwUKZ3flvnajm1zWs6Gp12RiPmxc3jIzmuMd+zq
+            Z13PmogTj2xTIeVLya8L92cjIEGHFyWkbYGKeYuYoNfAUmw/6o8q4/TGDlHawC/B
+            2rqSCSAepz+4+LPreAVNUQdxgulFB40NXGwLX6CXpSl886I6S1nKgAzlmjAZWmn/
+            kmK2VRKVeCSVsu+vNuWlJYBxdxr6nQhPsDcuMAb2cbzc1bIwlJJEfWkYGM5sWxfG
+            VAXik+Ru/803gRX4OgCVLc7+wQj8CZogANzFHk6sYSDUeOSNsywo5zoLhFDeyzR5
+            WbmWNTnBzu6N85giDAupP+UWQexqnVAvlX7mIsJ504RsKNqlEgexMJ+Tr6rZ58Ye
+            kQXui+CwxLpbSSPV/ir0iA+Wsw1B/8bPs6snGlZ/LkHWXb3ViyO8zCG/hKtEUTSF
+            AgwDXjg0p2IN1X8BEADb6FuwnGRu1xMQguJAXRKkzxJIBJmN1+eWJQPrF7XzMzRr
+            0uiMAn/SBNkEv6ATExHX25uRy+F107GNZ5pNaKwgkC+hDRQmgfhvyELsel+S38lz
+            hXEC4/CcxNetc8zZifPPdR6cK1fJLUMfgKUu8RH/2TNfwMJW+51WYS63PiLGRphk
+            mNO98gQ5kUjuOslBCLcwmG3dc/xh/zK5/AECVQHNXOuoUuRgfO75UzJ2NuLbDS9X
+            8bzjNlSBPp6mPI60LZrveuT8kgFHPVgxxqSAAzQcwIVMjx8q5qGpOZUOZsppYeqh
+            ejRBwPbNOx8+jrlkzsfvkO1B7Z2lgSHf6lWhhU7LMvw3NEoY7mnXY8TBww38Y73E
+            uwaMSUdmxStzVEqkoGyhtydZHkNf4uN97oWuVS9TPg0AmvkpicfhwLGZ6eqZROjY
+            sRnacfV1lNtqFgUaV68yz0khZRBsagfNZK0sWSfeIG6Y0JMWaimdqQlBWOoYBNK+
+            +UKcXUNHzy6B5pyxHWBxm2LrrdTBrlftWoLO57UuMeu5YAOFizWO02GztCtNv1NR
+            4TF0rkdsCBSrbt0kukAb6yQH4IEjWtve0b6x6zY8iGjbyseUuYWVUfXtKSifkX3Z
+            566/VaRQv93Bm3Hs/WgOYdln85n4QD/uS91SLk+iMbqqy8eFQfPcK4ATQVeva9Ro
+            AQkCEDNDyCBStpQg7D0pYMZV6MNnEoWy4t/XX3dV/TRyhs5ndjLk5+nRIJsN+Nbk
+            0Ikb154Mm4FUEJ4fC/yrJTfE84noY9loMsuwNmcFjhoBmOhUBL2hKXbzegE7GqeS
+            tWvPLQzkrUc=
+            =4iOt
+            -----END PGP MESSAGE-----
+          fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
+        - created_at: "2024-07-03T20:16:25Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hQIMAy5t8IMoPu4VAQ//XVCMS5Ss1fw56d+Gfbskcc13P8/YVhH3Pmh/KVxb6MIY
+            52I/RcUBwQb14fhYJ6FjSLPYyjlU85y3d60sp57cmbVts8S9NI8jkc/m91n94VgI
+            HvLidGcG0hBSlsfknf7ra2hdRjpgdzo21uKN6u1XrtjFTip9xTadI8EcDZopSwpX
+            FxjZCdd8zN4cAMdsNp9y32+OVQIUV6IAMp+BrPZMgqBXDQJ/hjU/t+7PCZo6+4Q7
+            RSqIoGldKAG9g+fGQ9HYN5q6sHbSH7k/2kOIaqyelgSA7N9Csv90UYSjIx3TlC5O
+            jc3WIoIi6jSKic5uMxX0mlfQoLCsQ6i/FWZMqQeaDCyZP0nny+6JD1OqVuPUtFa8
+            SbfNnuj3vZTGd20um3ttdv03e3/eqblJvlG41FpLPPo7CK9mUyCa2cWNCjwrLPo/
+            GCBTnHGjDSqFtG2D8NYmTnOVe5irCj05OZjWH4WmFeWr49RzOgQhrQRvaFAwjnJT
+            eFvKWPgD/zHT2yOPvwFfIFoWkNGKiHsxwJ+YJ969QI8qO6yinzpLQpmlXB3v3ucJ
+            gep5SOnOeWDVywAb6NTUMDimRhL4iLh+tnpoRU4D2N16RkQ2BVGuSbYgGHf4KYnc
+            d6KHFKkNEywR4JMiffHWo7bMZYWluydRcM9/pTmuH29h3Fxa5dXGwtlvkztcAIbU
+            aAEJAhDEcsZXQZtkdptMq/UmflbJXVF/y3T8PaZHfGWQ2Lk1Tj/1zmKjMns8mc9d
+            +ItVxpfReHej8hUkvjPdEIWKykuiClPSam6T7ncNc+WNTs56nPs4e8gQ/ijHqywa
+            L6k5MEgvpQCs
+            =qyn/
+            -----END PGP MESSAGE-----
+          fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1

cluster/apps/default/well-known-site/helm-release.yaml

@@ -0,0 +1,57 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: well-known-site
+  namespace: default
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.1.0
+      sourceRef:
+        kind: HelmRepository
+        name: bjws-charts
+        namespace: flux-system
+
+  values:
+    controllers:
+      main:
+
+        containers:
+          main:
+            image:
+              repository: nginxinc/nginx-unprivileged
+              tag: 1.27.0-alpine
+
+    service:
+      app:
+        controller: main
+
+        ports:
+          http:
+            port: 8080
+
+    ingress:
+      main:
+        annotations:
+          cert-manager.io/cluster-issuer: letsencrypt-production
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+
+        hosts:
+        - host: "${SECRET_NEW_DOMAIN}"
+          paths:
+          - path: /.well-known
+            service:
+              identifier: app
+              port: http
+
+    persistence:
+      config:
+        name: well-known-site
+        type: configMap
+        defaultMode: 0664
+        globalMounts:
+          - subPath: nginx.conf
+            path: /etc/nginx/nginx.conf

cluster/apps/default/well-known-site/kustomization.yaml

@@ -0,0 +1,5 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./config.sops.yaml
+- ./helm-release.yaml