From caaf30779a7eaafae7c1ff73694e8dabdc54c448 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Fri, 4 Mar 2022 21:51:26 +0100
Subject: [PATCH] fix(matrix): Enable modsecurity

---
 apps/k8s01/matrix/matrix-synapse-values.yaml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/apps/k8s01/matrix/matrix-synapse-values.yaml b/apps/k8s01/matrix/matrix-synapse-values.yaml
index 2e5cb6d95..162026b57 100644
--- a/apps/k8s01/matrix/matrix-synapse-values.yaml
+++ b/apps/k8s01/matrix/matrix-synapse-values.yaml
@@ -57,6 +57,14 @@ spec:
                 password: ENC[AES256_GCM,data:tRxm78USp+qWMAzpnBx2kGqiutnL+ZGr31ngnrPoloCZqRWIuo/6zQ==,iv:+Lo4i3itTL8WK8rh48eRiEBkOPQ4VPLF4yKYRQ6If/0=,tag:W+YOtuyx50mS606FzvUfgg==,type:str]
         ingress:
             enabled: true
+            annotations:
+                nginx.ingress.kubernetes.io/proxy-body-size: 10m
+                nginx.ingress.kubernetes.io/use-regex: "true"
+                nginx.ingress.kubernetes.io/enable-modsecurity: "true"
+                nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true"
+                nginx.ingress.kubernetes.io/modsecurity-transaction-id: $request_id
+                nginx.ingress.kubernetes.io/modsecurity-snippet: |
+                    SecRuleEngine On
             hosts:
                 - ENC[AES256_GCM,data:xBwjUfo+b3uBTCqPlx3XZ/IKkTxFXvbgy0w=,iv:ZN/5A/YHSPW7c3Fcx1Fi75uMYBijX0styxTuthv3p2E=,tag:sZ9tihrcgy4pHobebszDTg==,type:str]
             includeServerName: ENC[AES256_GCM,data:U6KM0h8=,iv:+MkU2Bq56rlvL0NXVpJI3du8uA+pQ7/7opsQbNCoO5E=,tag:mJhCmEtymqAJtAfSBWdg5g==,type:bool]
@@ -71,8 +79,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2022-02-20T00:29:27Z"
-    mac: ENC[AES256_GCM,data:tU+6Y9qEumpb3vBo7ZgrY5FRHe0uEo/L53rh0SJoZ2J3SAUMjqh5MQTk2YwLGd6AN8TafiW99T3mqP8Na0h+UaYZfV6mSVoVAnMPMDE0dDegixYs89wAnfKY0H0D4DzdGRXhXlMtkLR2e93jYzLS6eFzZCR9hsu/nIsr8O+fWks=,iv:ajnOG4pCk9Ir1i0G9Vm5/xqh3Yd/5ajUiBy2y603pSc=,tag:vYOaqORpgvySzXl/USCtEw==,type:str]
+    lastmodified: "2022-03-04T20:50:57Z"
+    mac: ENC[AES256_GCM,data:GKNWDvY0yytwF5RUCNNBE1mKDHLtmA85Ogpy3aBOFVFxFoaJgZ9QHysW9fihEH+c3lm3IUXLXO+NsbjldovV9+jKDScJZvvApULYARGmREDVEVi/v7lBjDyu1cX9MXb0AqRSG0Hy94QETnBqZKcLGUjb9H08cDgjjdK1Yn/pwrg=,iv:XVCA6o3dph+FVJJQ754GZSQtxrud2i/uIxlOgE9+WmM=,tag:f/icntdqN4QHcH1D8q8UrQ==,type:str]
     pgp:
         - created_at: "2022-02-18T22:15:21Z"
           enc: |-
-- 
GitLab