From 35a881c6c1d7c26e1878cc38430af4a8a197bcc2 Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Thu, 27 Jul 2023 17:15:56 +0200
Subject: Add CSP header for nextcloud

---
 .../kube-system/treafik/middleware-headers-nextcloud.yaml    | 12 ++++++++++++
 .../mieshu/personal-services/nextcloud/ingress.yaml          |  1 +
 2 files changed, 13 insertions(+)
 create mode 100644 data.d/k3s-master/manifests.d/mieshu/kube-system/treafik/middleware-headers-nextcloud.yaml

(limited to 'data.d')

diff --git a/data.d/k3s-master/manifests.d/mieshu/kube-system/treafik/middleware-headers-nextcloud.yaml b/data.d/k3s-master/manifests.d/mieshu/kube-system/treafik/middleware-headers-nextcloud.yaml
new file mode 100644
index 0000000..e3b4179
--- /dev/null
+++ b/data.d/k3s-master/manifests.d/mieshu/kube-system/treafik/middleware-headers-nextcloud.yaml
@@ -0,0 +1,12 @@
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: headers-nextcloud
+  namespace: kube-system
+spec:
+  headers:
+    stsPreload: true
+    forceSTSHeader: true
+    contentSecurityPolicy: "default-src 'self' data: 'unsafe-inline';"
+...
diff --git a/data.d/k3s-master/manifests.d/mieshu/personal-services/nextcloud/ingress.yaml b/data.d/k3s-master/manifests.d/mieshu/personal-services/nextcloud/ingress.yaml
index 106926f..ac616a0 100644
--- a/data.d/k3s-master/manifests.d/mieshu/personal-services/nextcloud/ingress.yaml
+++ b/data.d/k3s-master/manifests.d/mieshu/personal-services/nextcloud/ingress.yaml
@@ -11,6 +11,7 @@ metadata:
     app.kubernetes.io/part-of: personal-services
   annotations:
     cert-manager.io/cluster-issuer: "letsencrypt-production"
+    traefik.ingress.kubernetes.io/router.middlewares: kube-system-headers-nextcloud@kubernetescrd
 spec:
   ingressClassName: traefik
   tls:
-- 
cgit v1.1