From 92a024d74467e16337a795ac48ad6aab19535da1 Mon Sep 17 00:00:00 2001
From: Eric Meehan <eric@eom.dev>
Date: Thu, 6 Nov 2025 11:35:51 -0500
Subject: [PATCH] Misc. changes

---
 tasks/grafana-matrix-forwarder.yaml | 15 ++++++++++---
 tasks/openldap.yaml                 | 34 +++++++++++++++++++++++++++++
 tasks/owncast.yaml                  |  1 +
 3 files changed, 47 insertions(+), 3 deletions(-)

diff --git a/tasks/grafana-matrix-forwarder.yaml b/tasks/grafana-matrix-forwarder.yaml
index 8c1e9cc..6c3a71f 100644
--- a/tasks/grafana-matrix-forwarder.yaml
+++ b/tasks/grafana-matrix-forwarder.yaml
@@ -1,5 +1,14 @@
 ---
 # tasks file for grafana-matrix-forwarder
+- name: Create Grafana Matrix Forwarder namespace
+  k8s:
+    state: present
+    definition:
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: grafana-matrix-forwarder
+
 - name: Create a Deployment for Grafana Matrix Forwarder
   k8s:
     definition:
@@ -7,7 +16,7 @@
       kind: Deployment
       metadata:
         name: matrix-forwarder
-        namespace: grafana
+        namespace: grafana-matrix-forwarder
       spec:
         replicas: 1
         selector:
@@ -29,7 +38,7 @@
                   - name: GMF_MATRIX_PASSWORD
                     value: "{{ grafana_admin_password }}"
                   - name: GMF_MATRIX_HOMESERVER
-                    value: eom.dev
+                    value: synapse.eom.dev
                   - name: GMF_RESOLVE_MODE
                     value: reply
 
@@ -40,7 +49,7 @@
       kind: Service
       metadata:
         name: matrix-forwarder
-        namespace: grafana
+        namespace: grafana-matrix-forwarder
       spec:
         selector:
           app: matrix-forwarder
diff --git a/tasks/openldap.yaml b/tasks/openldap.yaml
index 69b9604..d4e6d53 100644
--- a/tasks/openldap.yaml
+++ b/tasks/openldap.yaml
@@ -41,6 +41,36 @@
           requests:
             storage: 32Gi
 
+- name: Request a certificate for OpenLDAP
+  k8s:
+    state: present
+    definition:
+      apiVersion: cert-manager.io/v1
+      kind: Certificate
+      metadata:
+        name: openldap
+        namespace: openldap
+      spec:
+        secretName: openldap
+        privateKey:
+          algorithm: RSA
+          encoding: PKCS1
+          size: 2048
+        duration: 2160h # 90d
+        renewBefore: 360h # 15d
+        isCA: false
+        usages:
+          - server auth
+          - client auth
+        subject:
+          organizations:
+            - EOM
+        dnsNames:
+          - openldap.eom.dev
+        issuerRef:
+          name: ca-issuer
+          kind: ClusterIssuer
+
 - name: Create Deployment for OpenLDAP
   k8s:
     definition:
@@ -75,6 +105,10 @@
                     value: "{{ openldap_readonly_password }}"
                   - name: LDAP_TLS_VERIFY_CLIENT
                     value: never
+                  - name: LDAP_TLS_CRT_FILENAME
+                    value: tls.crt
+                  - name: LDAP_TLS_KEY_FILENAME
+                    value: tls.key
                 volumeMounts:
                   - name: config
                     mountPath: /etc/ldap/slapd.d
diff --git a/tasks/owncast.yaml b/tasks/owncast.yaml
index a81ebfb..58bdbea 100644
--- a/tasks/owncast.yaml
+++ b/tasks/owncast.yaml
@@ -81,6 +81,7 @@
             name: rtmp
           - port: 8080
             name: http
+        externalTrafficPolicy: Local
         type: LoadBalancer
 
 - name: Create Ingress