redaction (#1)

Add the redacted source file for demo purposes

Reviewed-on: https://source.michaeldileo.org/michael_dileo/Keybard-Vagabond-Demo/pulls/1
Co-authored-by: Michael DiLeo <michael_dileo@proton.me>
Co-committed-by: Michael DiLeo <michael_dileo@proton.me>

.cursor/rules/zero-trust-ingress-template.yaml

@@ -0,0 +1,54 @@
+# Zero Trust Ingress Template
+# Use this template for all new applications deployed via Cloudflare tunnels
+
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: app-ingress
+  namespace: app-namespace
+  annotations:
+    # Basic NGINX Configuration only - no cert-manager or external-dns
+    kubernetes.io/ingress.class: nginx
+    nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
+    
+    # Optional: Extended timeouts for long-running requests
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
+    nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
+    
+    # Optional: ActivityPub rate limiting for fediverse applications
+    nginx.ingress.kubernetes.io/server-snippet: |
+      limit_req_zone $binary_remote_addr zone=app_inbox:100m rate=10r/s;
+    nginx.ingress.kubernetes.io/configuration-snippet: |
+      location ~* ^/(inbox|users/.*/inbox) {
+        limit_req zone=app_inbox burst=300;
+      }
+
+spec:
+  ingressClassName: nginx
+  tls: []  # Empty - TLS handled by Cloudflare edge
+  rules:
+  - host: app.keyboardvagabond.com
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: app-service
+            port:
+              number: 80
+
+---
+# Service template
+apiVersion: v1
+kind: Service
+metadata:
+  name: app-service
+  namespace: app-namespace
+spec:
+  selector:
+    app: app-name
+  ports:
+  - name: http
+    port: 80
+    targetPort: 8080