From 73feb9cc4690c06e19ecdf55d5df1e3eb10ebdc4 Mon Sep 17 00:00:00 2001
From: Viktor Barzin <vbarzin@gmail.com>
Date: Thu, 18 Dec 2025 10:56:44 +0000
Subject: [PATCH] update CSP to allow rybbit for some ingresses [ci skip]

---
 modules/kubernetes/privatebin/main.tf | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/modules/kubernetes/privatebin/main.tf b/modules/kubernetes/privatebin/main.tf
index 8dea2445..7ec3186f 100644
--- a/modules/kubernetes/privatebin/main.tf
+++ b/modules/kubernetes/privatebin/main.tf
@@ -89,10 +89,13 @@ resource "kubernetes_service" "privatebin" {
 }
 
 module "ingress" {
-  source          = "../ingress_factory"
-  namespace       = "privatebin"
-  name            = "privatebin"
-  host            = "pb"
-  tls_secret_name = var.tls_secret_name
-  rybbit_site_id  = "3ae810b0476d"
+  source                           = "../ingress_factory"
+  namespace                        = "privatebin"
+  name                             = "privatebin"
+  host                             = "pb"
+  tls_secret_name                  = var.tls_secret_name
+  rybbit_site_id                   = "3ae810b0476d"
+  additional_configuration_snippet = <<-EOF
+    more_set_headers "Content-Security-Policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' 'wasm-unsafe-eval' https://rybbit.viktorbarzin.me";
+  EOF
 }