diff --git a/apps/forge/forgejo/forgejo-values-configmap.yaml b/apps/forge/forgejo/forgejo-values-configmap.yaml
index 2900eb8fa006d304387631c54330b3a970b81a2b..21dec41cdeab742998d1a14f56a51758c30c69a9 100644
--- a/apps/forge/forgejo/forgejo-values-configmap.yaml
+++ b/apps/forge/forgejo/forgejo-values-configmap.yaml
@@ -10,6 +10,8 @@ data:
annotations:
kubernetes.io/tls-acme: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "5g"
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}";
hosts:
- host: "${forgejo_domain}"
paths:
@@ -84,7 +86,7 @@ data:
cors:
ENABLED: true
SCHEME: "https"
- ALLOW_DOMAIN: "files.ftt.gmbh"
+ ALLOW_DOMAIN: "files.${domain}"
ALLOW_CREDENTIALS: true
# log:
# LEVEL: "Debug"
diff --git a/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml b/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
index 0c49daee2efbda527ace3a78eee9afd11b92d259..a171077fa26e196690041efbbbbf4692b40cb06c 100644
--- a/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
+++ b/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
@@ -17,7 +17,7 @@ data:
certManager: true
annotations:
nginx.ingress.kubernetes.io/configuration-snippet: |
- more_set_headers "Content-Security-Policy: frame-ancestors 'self' ${nextcloud_domain}";
+ more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}";
commonLabels:
stackspin.net/backupSet: "invoiceninja"
podLabels:
diff --git a/apps/support/zammad/zammad-values-configmap.yaml b/apps/support/zammad/zammad-values-configmap.yaml
index a4383b9c53fb216b98333ffacaf84a88d0a689cb..7bd3d829f0d79ff88dfbba67043f4ff524e2d61b 100644
--- a/apps/support/zammad/zammad-values-configmap.yaml
+++ b/apps/support/zammad/zammad-values-configmap.yaml
@@ -18,6 +18,8 @@ data:
enabled: true
annotations:
kubernetes.io/tls-acme: "true"
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}";
hosts:
- host: "${zammad_domain}"
paths:
diff --git a/overrides/kustomization.yaml b/overrides/kustomization.yaml
deleted file mode 100644
index 805616c760e169a67219914e42f0fa036ebfea64..0000000000000000000000000000000000000000
--- a/overrides/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
- #- stackspin-zulip-override.yaml # no push notifications for now
- - stackspin-nextcloud-override.yaml
- - stackspin-nginx-ingress-override.yaml
- - stackspin-apps-custom.yaml
- - storageclass-retain.yaml
- - source-controller-patch.yaml
diff --git a/overrides/stackspin-zulip-override.yaml b/overrides/stackspin-zulip-override.yaml
index 4e72c8c1552e0d758c1abef0aca10eac17d36394..5acc8eab9c897f46b49084635a9a155ff952bb64 100644
--- a/overrides/stackspin-zulip-override.yaml
+++ b/overrides/stackspin-zulip-override.yaml
@@ -5,6 +5,30 @@ metadata:
name: stackspin-zulip-override
data:
values.yaml: |
- zulip:
- environment:
- SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com'
+ ingress:
+ annotations:
+ nginx.ingress.kubernetes.io/configuration-snippet: |
+ more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}";
+
+ #zulip:
+ # environment:
+ # SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com'
+ ## https://github.com/zulip/docker-zulip/blob/main/kubernetes/chart/zulip/values.yaml
+ #ingress:
+ # enabled: true
+ # annotations:
+ # # Tell cert-manager to automatically get a TLS certificate
+ # kubernetes.io/tls-acme: "true"
+ # # Allow bigger uploads, for image and file attaching.
+ # # 25M is the default limit of Zulip itself, so we just follow that
+ # # suggestion here. If you want to increase this further, you'd have to
+ # # configure that limit in Zulip as well.
+ # nginx.ingress.kubernetes.io/proxy-body-size: "25m"
+ # hosts:
+ # - host: "${zulip_domain}"
+ # paths:
+ # - path: "/"
+ # tls:
+ # - hosts:
+ # - "${zulip_domain}"
+ # secretName: stackspin-zulip