app/matrix: allow not7cd access to matrix-0x3c
Change-Id: Iba9edfdfd2d05701e1266c279ec2f4881fa3505e
diff --git a/app/matrix/global.jsonnet b/app/matrix/global.jsonnet
new file mode 100644
index 0000000..a829745
--- /dev/null
+++ b/app/matrix/global.jsonnet
@@ -0,0 +1,24 @@
+local kube = import "../../kube/kube.libsonnet";
+
+// Global resources specific to Matrix deployments. Currently this is only RBAC objects.
+
+{
+ // Allow non-staff admin access to matrix.0x3c.pl.
+ admin0x3c: kube.RoleBinding("admins") {
+ metadata+: {
+ namespace: "matrix-0x3c",
+ },
+ roleRef: {
+ apiGroup: "rbac.authorization.k8s.io",
+ kind: "ClusterRole",
+ name: "system:admin-namespace",
+ },
+ subjects: [
+ {
+ apiGroup: "rbac.authorization.k8s.io",
+ kind: "User",
+ name: "not7cd@hackerspace.pl",
+ },
+ ],
+ },
+}