From db6345ce01f763dee43a251a110e11df93d0a34d Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Fri, 16 Jul 2021 16:27:28 +0200
Subject: [PATCH 1/3] haproxy updates

---
 apps/haproxy/haproxy-v2.cfg | 36 ++++++++++++++++++++++++++++++++++++
 apps/haproxy/haproxy.cfg    |  2 +-
 2 files changed, 37 insertions(+), 1 deletion(-)
 create mode 100644 apps/haproxy/haproxy-v2.cfg

diff --git a/apps/haproxy/haproxy-v2.cfg b/apps/haproxy/haproxy-v2.cfg
new file mode 100644
index 0000000..bb245cb
--- /dev/null
+++ b/apps/haproxy/haproxy-v2.cfg
@@ -0,0 +1,36 @@
+global
+    log stdout format raw local0
+
+    # turn on stats unix socket
+    stats socket /var/lib/haproxy/stats
+
+resolvers mydns
+  parse-resolv-conf
+
+defaults
+    retries                 3
+    log global
+    timeout http-request    10s
+    timeout queue           1m
+    timeout connect         10s
+    timeout client          1m
+    timeout server          1m
+    timeout http-keep-alive 10s
+    timeout check           10s
+
+frontend f_https
+    bind ipv6@:6443
+    mode tcp
+
+    tcp-request inspect-delay 5s
+    tcp-request content accept if { req_ssl_hello_type 1 }
+    tcp-request content reject unless { req_ssl_sni -i k8s.ooo }
+    tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower
+
+    default_backend b_https
+
+backend b_https
+    mode tcp
+
+    tcp-request content set-dst var(txn.myip)
+    server tcp_https ipv6@*
diff --git a/apps/haproxy/haproxy.cfg b/apps/haproxy/haproxy.cfg
index 619c2a4..ed05f7f 100644
--- a/apps/haproxy/haproxy.cfg
+++ b/apps/haproxy/haproxy.cfg
@@ -48,9 +48,9 @@ frontend f_https
 
     tcp-request inspect-delay 5s
     tcp-request content accept if { req_ssl_hello_type 1 }
+    tcp-request deny unless { req_ssl_sni -i k8s.ooo }
     tcp-request content do-resolve(txn.myip,mydns,ipv6) req_ssl_sni,lower
 
-
     default_backend b_https
 
 backend b_https

From e016e10bf8e86e8c6e4aa9a8e29c98c5346661c2 Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Fri, 16 Jul 2021 16:27:34 +0200
Subject: [PATCH 2/3] Add alpine based pvc example

---
 generic/alpine-pvc-block.yaml | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 generic/alpine-pvc-block.yaml

diff --git a/generic/alpine-pvc-block.yaml b/generic/alpine-pvc-block.yaml
new file mode 100644
index 0000000..bd0b7ce
--- /dev/null
+++ b/generic/alpine-pvc-block.yaml
@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: alpine-sleep
+spec:
+  containers:
+  - name: busybox
+    image: alpine:3.14
+    args:
+    - sleep
+    - "1000000"
+    volumeMounts:
+      - mountPath: /data
+        name: alpine-data
+  volumes:
+    - name: alpine-data
+      persistentVolumeClaim:
+        claimName: alpine-data-rbd
+
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: alpine-data-rbd
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: rook-ceph-block

From 034885e0163663445299f333dd405ed6adc4acce Mon Sep 17 00:00:00 2001
From: Nico Schottelius <nico@nico-notebook.schottelius.org>
Date: Fri, 16 Jul 2021 16:28:54 +0200
Subject: [PATCH 3/3] [matrix] begin cleanup

---
 apps/matrix/Chart.yaml                | 13 ++-----------
 apps/matrix/templates/deployment.yaml | 19 +++++--------------
 apps/matrix/values.yaml               | 19 +++++++++++++++++--
 3 files changed, 24 insertions(+), 27 deletions(-)

diff --git a/apps/matrix/Chart.yaml b/apps/matrix/Chart.yaml
index d04256d..5512e73 100644
--- a/apps/matrix/Chart.yaml
+++ b/apps/matrix/Chart.yaml
@@ -1,15 +1,6 @@
 apiVersion: v2
-name: matrix
+name: ungleich-matrix
 description: ungleich managed matrix
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
 type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
@@ -21,4 +12,4 @@ version: 0.1.0
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.37.1"
+appVersion: "1.38.0"
diff --git a/apps/matrix/templates/deployment.yaml b/apps/matrix/templates/deployment.yaml
index 632ea7f..0aa4838 100644
--- a/apps/matrix/templates/deployment.yaml
+++ b/apps/matrix/templates/deployment.yaml
@@ -48,7 +48,7 @@ spec:
               mountPath: "/var/lib/postgresql/data"
               subPath: postgres
         - name: matrix
-          image: matrixdotorg/synapse:v1.37.1
+          image: matrixdotorg/synapse:v{{ .Values.synapseVersion }}
           ports:
             - containerPort: 8008
           env:
@@ -86,8 +86,6 @@ metadata:
 spec:
   type: ClusterIP
   ports:
-   - port: 22
-     name: ssh
    # Required for letsencrypt
    - port: 80
      name: http
@@ -95,13 +93,6 @@ spec:
      name: https
   selector:
    use-as-service: {{ .Release.Name }}
-# ---
-# apiVersion: v1
-# kind: ConfigMap
-# metadata:
-#   name: {{ tpl .Values.identifier . }}-matrixconfig
-# data:
-# {{ tpl (.Files.Glob "matrix/*").AsConfig . | indent 2 }}
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
@@ -189,7 +180,7 @@ data:
         ssl_certificate      /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/fullchain.pem;
         ssl_certificate_key  /etc/letsencrypt/live/{{ tpl .Values.fqdn . }}/privkey.pem;
 
-        client_max_body_size 256m;
+        client_max_body_size {{ .Values.max_filesize_in_mb }}m;
 
         location ~ /_matrix|/_synapse {
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -234,7 +225,7 @@ data:
         - '127.0.0.1'
 
         resources:
-          - names: [federation,client,metrics]
+          - names: [federation,client]
             compress: false
       - port: 9093
         bind_addresses:
@@ -259,8 +250,8 @@ data:
 
     enable_media_repo: true
     media_store_path: "/data"
-    max_upload_size: "100M"
-    enable_registration: false
+    max_upload_size: "{{ .Values.max_filesize_in_mb }}M"
+    enable_registration: {{ .Values.enable_registration }}
 
   log.yaml: |
     version: 1
diff --git a/apps/matrix/values.yaml b/apps/matrix/values.yaml
index 7f6c688..ac8c787 100644
--- a/apps/matrix/values.yaml
+++ b/apps/matrix/values.yaml
@@ -10,7 +10,22 @@ fqdn: "{{ .Release.Name }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain
 # This needs delegation / configuration on fn.nf
 server_name: "fn.nf"
 
-# Full URL
-web_client_location: "https://TBD"
+# Full URL -- for later, when external domains are supported
+# web_client_location: "https://TBD"
 
 enable_registration: false
+
+# Maximum size of one particular file
+max_filesize_in_mb: 100
+
+elementVersion: "1.7.32"
+synapseVersion: "1.38.0"
+
+#synapse_config:
+# ---
+# apiVersion: v1
+# kind: ConfigMap
+# metadata:
+#   name: {{ tpl .Values.identifier . }}-matrixconfig
+# data:
+# {{ tpl (.Files.Glob "matrix/*").AsConfig . | indent 2 }}