Add Authentik v2026.x with embedded PostgreSQL in new namespace. Includes HelmRelease with valuesFrom injection for encrypted credentials, cert-manager Certificate for auth.axion1337.chat, and Traefik IngressRoute. Authentik serves as OIDC provider for MAS; registration via invitation links only.
DNS A-record setup and Authentik UI configuration (OIDC provider creation) are manual post-deployment steps.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
Add coturn Deployment with hostNetwork mode and init container for secret substitution. Include SOPS-encrypted shared secret, TLS certificate for turn.axion1337.chat, and Synapse TURN configuration with proper relay URIs and credentials.
Resolves DTLS timeout issues in RTC video calls by providing media relay for clients behind NAT/Firewall.
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Change from v1beta2 to v1 (v1beta2 is deprecated)
- Resolves dry-run failure in monitoring Kustomization
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Allow all users to publish public rooms in room list
- Fixes 403 'Not allowed to publish room' error
- Applies to rooms with join_rule: public
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Rename property from auto-join-rooms to auto_join (underscore instead of dash)
- Keep YAML structure with embedded config
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Use simpler property name 'retention' instead of 'retention-config'
- Helm Chart schema may not allow 'retention-config' naming convention
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Create index.html with styled setup guide and download links
- Update init-container to copy index.html to nginx
- Configure nginx to serve index.html as default for /docs/setup/
- Remove directory listing (autoindex), show proper HTML instead
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
- Remove duplicate nginx Ingress from element-web-docs-server.yaml (using Traefik instead)
- Traefik IngressRoute in apex-ingress.yaml now handles /docs/setup routing
- Deployment and Service remain unchanged for file serving
Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
