From 65049a09b557e2baf99ed72d1b9096c19fc04e94 Mon Sep 17 00:00:00 2001
From: xeruf <27jf@pm.me>
Date: Wed, 10 Apr 2024 15:12:14 +0200
Subject: [PATCH] Allow iframing from Nextcloud for more apps again

---
 .../forgejo/forgejo-values-configmap.yaml     |  4 ++-
 .../invoiceninja-values-configmap.yaml        |  2 +-
 .../zammad/zammad-values-configmap.yaml       |  2 ++
 overrides/kustomization.yaml                  |  9 ------
 overrides/stackspin-zulip-override.yaml       | 30 +++++++++++++++++--
 5 files changed, 33 insertions(+), 14 deletions(-)
 delete mode 100644 overrides/kustomization.yaml

diff --git a/apps/forge/forgejo/forgejo-values-configmap.yaml b/apps/forge/forgejo/forgejo-values-configmap.yaml
index 2900eb8..21dec41 100644
--- a/apps/forge/forgejo/forgejo-values-configmap.yaml
+++ b/apps/forge/forgejo/forgejo-values-configmap.yaml
@@ -10,6 +10,8 @@ data:
       annotations:
         kubernetes.io/tls-acme: "true"
         nginx.ingress.kubernetes.io/proxy-body-size: "5g"
+        nginx.ingress.kubernetes.io/configuration-snippet: |
+          more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}";
       hosts:
         - host: "${forgejo_domain}"
           paths:
@@ -84,7 +86,7 @@ data:
         cors:
           ENABLED: true
           SCHEME: "https"
-          ALLOW_DOMAIN: "files.ftt.gmbh"
+          ALLOW_DOMAIN: "files.${domain}"
           ALLOW_CREDENTIALS: true
         # log:
           # LEVEL: "Debug"
diff --git a/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml b/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
index 0c49dae..a171077 100644
--- a/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
+++ b/apps/ninja/invoiceninja/invoiceninja-values-configmap.yaml
@@ -17,7 +17,7 @@ data:
       certManager: true
       annotations:
         nginx.ingress.kubernetes.io/configuration-snippet: |
-          more_set_headers "Content-Security-Policy: frame-ancestors 'self' ${nextcloud_domain}";
+          more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}";
     commonLabels:
       stackspin.net/backupSet: "invoiceninja"
     podLabels:
diff --git a/apps/support/zammad/zammad-values-configmap.yaml b/apps/support/zammad/zammad-values-configmap.yaml
index a4383b9..7bd3d82 100644
--- a/apps/support/zammad/zammad-values-configmap.yaml
+++ b/apps/support/zammad/zammad-values-configmap.yaml
@@ -18,6 +18,8 @@ data:
       enabled: true
       annotations:
         kubernetes.io/tls-acme: "true"
+        nginx.ingress.kubernetes.io/configuration-snippet: |
+          more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}";
       hosts:
         - host: "${zammad_domain}"
           paths:
diff --git a/overrides/kustomization.yaml b/overrides/kustomization.yaml
deleted file mode 100644
index 805616c..0000000
--- a/overrides/kustomization.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
-apiVersion: kustomize.config.k8s.io/v1beta1
-kind: Kustomization
-resources:
-  #- stackspin-zulip-override.yaml # no push notifications for now
-  - stackspin-nextcloud-override.yaml
-  - stackspin-nginx-ingress-override.yaml
-  - stackspin-apps-custom.yaml
-  - storageclass-retain.yaml
-  - source-controller-patch.yaml
diff --git a/overrides/stackspin-zulip-override.yaml b/overrides/stackspin-zulip-override.yaml
index 4e72c8c..5acc8ea 100644
--- a/overrides/stackspin-zulip-override.yaml
+++ b/overrides/stackspin-zulip-override.yaml
@@ -5,6 +5,30 @@ metadata:
   name: stackspin-zulip-override
 data:
   values.yaml: |
-    zulip:
-      environment:
-        SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com'
+    ingress:
+      annotations:
+        nginx.ingress.kubernetes.io/configuration-snippet: |
+          more_set_headers "Content-Security-Policy: frame-ancestors 'self' files.${domain}";
+
+    #zulip:
+    #  environment:
+    #    SETTING_PUSH_NOTIFICATION_BOUNCER_URL: 'https://push.zulipchat.com'
+    ## https://github.com/zulip/docker-zulip/blob/main/kubernetes/chart/zulip/values.yaml
+    #ingress:
+    #  enabled: true
+    #  annotations:
+    #    # Tell cert-manager to automatically get a TLS certificate
+    #    kubernetes.io/tls-acme: "true"
+    #    # Allow bigger uploads, for image and file attaching.
+    #    # 25M is the default limit of Zulip itself, so we just follow that
+    #    # suggestion here. If you want to increase this further, you'd have to
+    #    # configure that limit in Zulip as well.
+    #    nginx.ingress.kubernetes.io/proxy-body-size: "25m"
+    #  hosts:
+    #    - host: "${zulip_domain}"
+    #      paths:
+    #        - path: "/"
+    #  tls:
+    #    - hosts:
+    #        - "${zulip_domain}"
+    #      secretName: stackspin-zulip
-- 
GitLab