base/ingress/pingora-config.yaml

apiVersion: v1
kind: ConfigMap
metadata:
  name: pingora-config
  namespace: ingress
data:
  config.toml: |
    # Pingora hostname routing table
    # The domain suffix (sunbeam.pt / <LIMA_IP>.sslip.io) is patched per overlay.
    # TLS cert source (rustls-acme / mkcert) is patched per overlay.

    [tls]
    cert_path = "/etc/tls/tls.crt"
    key_path  = "/etc/tls/tls.key"
    # acme = true  # Uncommented in production overlay (rustls-acme + Let's Encrypt)
    acme = false

    [listen]
    http  = "0.0.0.0:80"
    https = "0.0.0.0:443"

    [turn]
    backend             = "livekit.media.svc.cluster.local:7880"
    udp_listen          = "0.0.0.0:3478"
    relay_port_start    = 49152
    relay_port_end      = 49252

    # Host-prefix → backend mapping.
    # Pingora matches on the subdomain prefix regardless of domain suffix,
    # so these routes work identically for sunbeam.pt and *.sslip.io.

    [[routes]]
    host_prefix = "docs"
    backend     = "http://docs.lasuite.svc.cluster.local:8000"
    websocket   = true   # Y.js CRDT sync

    [[routes]]
    host_prefix = "meet"
    backend     = "http://meet.lasuite.svc.cluster.local:8000"
    websocket   = true   # LiveKit signaling

    [[routes]]
    host_prefix = "drive"
    backend     = "http://drive.lasuite.svc.cluster.local:8000"

    [[routes]]
    host_prefix = "mail"
    backend     = "http://messages.lasuite.svc.cluster.local:8000"

    [[routes]]
    host_prefix = "chat"
    backend     = "http://conversations.lasuite.svc.cluster.local:8000"
    websocket   = true   # Vercel AI SDK streaming

    [[routes]]
    host_prefix = "people"
    backend     = "http://people.lasuite.svc.cluster.local:8000"

    [[routes]]
    host_prefix = "src"
    backend     = "http://gitea.devtools.svc.cluster.local:3000"
    websocket   = true   # Gitea Actions runner

    [[routes]]
    host_prefix = "auth"
    backend     = "http://hydra.ory.svc.cluster.local:4444"

    [[routes]]
    host_prefix = "s3"
    backend     = "http://seaweedfs-filer.storage.svc.cluster.local:8333"
chore: initial infrastructure scaffold Kustomize base + overlays for the full Sunbeam k3s stack: - base/mesh — Linkerd edge (crds + control-plane + viz) - base/ingress — custom Pingora edge proxy - base/ory — Kratos 0.60.1 + Hydra 0.60.1 + login-ui - base/data — CloudNativePG 0.27.1, Valkey 8, OpenSearch 2 - base/storage — SeaweedFS master + volume + filer (S3 on :8333) - base/lasuite — Hive sync daemon + La Suite app placeholders - base/media — LiveKit livekit-server 1.9.0 - base/devtools — Gitea 12.5.0 (external PG + Valkey) overlays/local — sslip.io domain, mkcert TLS, Lima hostPort overlays/production — stub (TODOs for sunbeam.pt values) scripts/ — local-up/down/certs/urls helpers justfile — up / down / certs / urls targets 2026-02-28 13:42:27 +00:00			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: pingora-config`
			`namespace: ingress`
			`data:`
			`config.toml: \|`
			`# Pingora hostname routing table`
			`# The domain suffix (sunbeam.pt / <LIMA_IP>.sslip.io) is patched per overlay.`
			`# TLS cert source (rustls-acme / mkcert) is patched per overlay.`

			`[tls]`
			`cert_path = "/etc/tls/tls.crt"`
			`key_path = "/etc/tls/tls.key"`
			`# acme = true # Uncommented in production overlay (rustls-acme + Let's Encrypt)`
			`acme = false`

			`[listen]`
			`http = "0.0.0.0:80"`
			`https = "0.0.0.0:443"`

			`[turn]`
			`backend = "livekit.media.svc.cluster.local:7880"`
			`udp_listen = "0.0.0.0:3478"`
			`relay_port_start = 49152`
			`relay_port_end = 49252`

			`# Host-prefix → backend mapping.`
			`# Pingora matches on the subdomain prefix regardless of domain suffix,`
			`# so these routes work identically for sunbeam.pt and *.sslip.io.`

			`[[routes]]`
			`host_prefix = "docs"`
			`backend = "http://docs.lasuite.svc.cluster.local:8000"`
			`websocket = true # Y.js CRDT sync`

			`[[routes]]`
			`host_prefix = "meet"`
			`backend = "http://meet.lasuite.svc.cluster.local:8000"`
			`websocket = true # LiveKit signaling`

			`[[routes]]`
			`host_prefix = "drive"`
			`backend = "http://drive.lasuite.svc.cluster.local:8000"`

			`[[routes]]`
			`host_prefix = "mail"`
			`backend = "http://messages.lasuite.svc.cluster.local:8000"`

			`[[routes]]`
			`host_prefix = "chat"`
			`backend = "http://conversations.lasuite.svc.cluster.local:8000"`
			`websocket = true # Vercel AI SDK streaming`

			`[[routes]]`
			`host_prefix = "people"`
			`backend = "http://people.lasuite.svc.cluster.local:8000"`

			`[[routes]]`
			`host_prefix = "src"`
			`backend = "http://gitea.devtools.svc.cluster.local:3000"`
			`websocket = true # Gitea Actions runner`

			`[[routes]]`
			`host_prefix = "auth"`
			`backend = "http://hydra.ory.svc.cluster.local:4444"`

			`[[routes]]`
			`host_prefix = "s3"`
			`backend = "http://seaweedfs-filer.storage.svc.cluster.local:8333"`