cloudflare/gateway-policies.yaml

# Cloudflare Gateway Policies
# DNS filtering and network security policies

apiVersion: v1
kind: ConfigMap
metadata:
  name: cloudflare-gateway-policies
  namespace: default
data:
  # DNS Policies
  dns-policies: |
    {
      "policies": [
        {
          "name": "Block Malicious Domains",
          "action": "block",
          "precedence": 1,
          "filters": [
            {
              "type": "dns",
              "categories": [
                "malware",
                "phishing",
                "command-and-control",
                "ransomware",
                "spyware"
              ]
            }
          ]
        },
        {
          "name": "Block Adult Content",
          "action": "block",
          "precedence": 2,
          "filters": [
            {
              "type": "dns",
              "categories": [
                "adult"
              ]
            }
          ],
          "identity": {
            "groups": [
              {
                "name": "employees"
              }
            ]
          }
        },
        {
          "name": "Allow All for Admins",
          "action": "allow",
          "precedence": 100,
          "identity": {
            "groups": [
              {
                "name": "admins"
              }
            ]
          }
        }
      ]
    }

  # Network Policies
  network-policies: |
    {
      "policies": [
        {
          "name": "Block High Risk Ports",
          "action": "block",
          "precedence": 1,
          "rules": [
            {
              "protocol": "tcp",
              "ports": [
                "22",
                "23",
                "135",
                "139",
                "445",
                "1433",
                "3306",
                "3389",
                "5432"
              ]
            }
          ],
          "identity": {
            "groups": [
              {
                "name": "employees"
              }
            }
          }
        },
        {
          "name": "Allow Admin Access",
          "action": "allow",
          "precedence": 100,
          "identity": {
            "groups": [
              {
                "name": "admins"
              },
              {
                "name": "platform-engineers"
              }
            }
          }
        }
      ]
    }

  # Logging Configuration
  logging-config: |
    {
      "dns": {
        "enabled": true,
        "log_all": true,
        "log_blocks": true
      },
      "network": {
        "enabled": true,
        "log_all": true,
        "log_blocks": true
      },
      "retention": {
        "days": 30
      }
    }

  # Split DNS Configuration
  split-dns: |
    {
      "domains": [
        "sankofa.nexus",
        "*.sankofa.nexus",
        "*.svc.cluster.local",
        "*.local"
      ],
      "dns_servers": [
        "10.0.0.53",
        "10.1.0.53",
        "10.2.0.53"
      ]
    }
Initial Phoenix Sankofa Cloud setup - Complete project structure with Next.js frontend - GraphQL API backend with Apollo Server - Portal application with NextAuth - Crossplane Proxmox provider - GitOps configurations - CI/CD pipelines - Testing infrastructure (Vitest, Jest, Go tests) - Error handling and monitoring - Security hardening - UI component library - Documentation 2025-11-28 12:54:33 -08:00			`# Cloudflare Gateway Policies`
			`# DNS filtering and network security policies`

			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`name: cloudflare-gateway-policies`
			`namespace: default`
			`data:`
			`# DNS Policies`
			`dns-policies: \|`
			`{`
			`"policies": [`
			`{`
			`"name": "Block Malicious Domains",`
			`"action": "block",`
			`"precedence": 1,`
			`"filters": [`
			`{`
			`"type": "dns",`
			`"categories": [`
			`"malware",`
			`"phishing",`
			`"command-and-control",`
			`"ransomware",`
			`"spyware"`
			`]`
			`}`
			`]`
			`},`
			`{`
			`"name": "Block Adult Content",`
			`"action": "block",`
			`"precedence": 2,`
			`"filters": [`
			`{`
			`"type": "dns",`
			`"categories": [`
			`"adult"`
			`]`
			`}`
			`],`
			`"identity": {`
			`"groups": [`
			`{`
			`"name": "employees"`
			`}`
			`]`
			`}`
			`},`
			`{`
			`"name": "Allow All for Admins",`
			`"action": "allow",`
			`"precedence": 100,`
			`"identity": {`
			`"groups": [`
			`{`
			`"name": "admins"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`

			`# Network Policies`
			`network-policies: \|`
			`{`
			`"policies": [`
			`{`
			`"name": "Block High Risk Ports",`
			`"action": "block",`
			`"precedence": 1,`
			`"rules": [`
			`{`
			`"protocol": "tcp",`
			`"ports": [`
			`"22",`
			`"23",`
			`"135",`
			`"139",`
			`"445",`
			`"1433",`
			`"3306",`
			`"3389",`
			`"5432"`
			`]`
			`}`
			`],`
			`"identity": {`
			`"groups": [`
			`{`
			`"name": "employees"`
			`}`
			`}`
			`}`
			`},`
			`{`
			`"name": "Allow Admin Access",`
			`"action": "allow",`
			`"precedence": 100,`
			`"identity": {`
			`"groups": [`
			`{`
			`"name": "admins"`
			`},`
			`{`
			`"name": "platform-engineers"`
			`}`
			`}`
			`}`
			`}`
			`]`
			`}`

			`# Logging Configuration`
			`logging-config: \|`
			`{`
			`"dns": {`
			`"enabled": true,`
			`"log_all": true,`
			`"log_blocks": true`
			`},`
			`"network": {`
			`"enabled": true,`
			`"log_all": true,`
			`"log_blocks": true`
			`},`
			`"retention": {`
			`"days": 30`
			`}`
			`}`

			`# Split DNS Configuration`
			`split-dns: \|`
			`{`
			`"domains": [`
Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements - Add comprehensive database migrations (001-024) for schema evolution - Enhance API schema with expanded type definitions and resolvers - Add new middleware: audit logging, rate limiting, MFA enforcement, security, tenant auth - Implement new services: AI optimization, billing, blockchain, compliance, marketplace - Add adapter layer for cloud integrations (Cloudflare, Kubernetes, Proxmox, storage) - Update Crossplane provider with enhanced VM management capabilities - Add comprehensive test suite for API endpoints and services - Update frontend components with improved GraphQL subscriptions and real-time updates - Enhance security configurations and headers (CSP, CORS, etc.) - Update documentation and configuration files - Add new CI/CD workflows and validation scripts - Implement design system improvements and UI enhancements 2025-12-12 18:01:35 -08:00			`"sankofa.nexus",`
			`"*.sankofa.nexus",`
Initial Phoenix Sankofa Cloud setup - Complete project structure with Next.js frontend - GraphQL API backend with Apollo Server - Portal application with NextAuth - Crossplane Proxmox provider - GitOps configurations - CI/CD pipelines - Testing infrastructure (Vitest, Jest, Go tests) - Error handling and monitoring - Security hardening - UI component library - Documentation 2025-11-28 12:54:33 -08:00			`"*.svc.cluster.local",`
			`"*.local"`
			`],`
			`"dns_servers": [`
			`"10.0.0.53",`
			`"10.1.0.53",`
			`"10.2.0.53"`
			`]`
			`}`