From b397e5102a4df3bc1dd0c4acdb61e8704cffaa48 Mon Sep 17 00:00:00 2001
From: Alex Mickelson <alexmickelson96@gmail.com>
Date: Thu, 6 Mar 2025 20:28:33 -0700
Subject: [PATCH] ports

---
 kubernetes/ingress/values.yml |  9 +++++++++
 kubernetes/readme.md          | 10 +++++++++-
 nix/modules/k3s.nix           |  8 ++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 kubernetes/ingress/values.yml

diff --git a/kubernetes/ingress/values.yml b/kubernetes/ingress/values.yml
new file mode 100644
index 0000000..19505ff
--- /dev/null
+++ b/kubernetes/ingress/values.yml
@@ -0,0 +1,9 @@
+controller:
+  hostNetwork: true
+  dnsPolicy: ClusterFirstWithHostNet
+  # kind: DaemonSet
+  # hostPort:
+  #   enabled: true
+  #   ports:
+  #     http: 80
+  #     https: 443
diff --git a/kubernetes/readme.md b/kubernetes/readme.md
index 10b064e..aa9565b 100644
--- a/kubernetes/readme.md
+++ b/kubernetes/readme.md
@@ -37,4 +37,12 @@ Currently clouflare domains cannot be CNAME'd to tailscale domains:
 kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/baremetal/deploy.yaml
 ``
 
-I'll need to create a custom service to bring in port 80 and 443 later
\ No newline at end of file
+I'll need to create a custom service to bring in port 80 and 443 later
+
+```
+helm upgrade --install ingress-nginx ingress-nginx \
+  --repo https://kubernetes.github.io/ingress-nginx \
+  --namespace ingress-nginx \
+  --create-namespace \
+  -f values.yml
+```
diff --git a/nix/modules/k3s.nix b/nix/modules/k3s.nix
index 83b118c..f3e98f6 100644
--- a/nix/modules/k3s.nix
+++ b/nix/modules/k3s.nix
@@ -9,4 +9,12 @@
     "--disable=traefik"
     "--tls-san 100.122.128.107"
   ];
+  networking.firewall.allowedTCPPorts = [
+    443
+    80
+  ];
+  networking.firewall.allowedUDPPorts = [
+    443
+    80
+  ];
 }