firewall chanegs, kube changes

kubernetes/gitea/0-namespace.yml

@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
+  labels:
+    name: gitea

kubernetes/gitea/db.yml

@@ -1,7 +1,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  namespace: projects
+  namespace: gitea
   name: gitea-db
 spec:
   replicas: 1
@@ -38,7 +38,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: gitea-db-svc
-  namespace: projects
+  namespace: gitea
   labels:
     app: gitea-db
 spec:

kubernetes/gitea/runner.yml

@@ -0,0 +1,59 @@
+# apiVersion: v1
+# kind: Secret
+# metadata:
+#   name: gitea-runner-secret
+#   namespace: gitea
+# type: Opaque
+# stringData:
+#   RUNNER_TOKEN: "<REPLACE_WITH_GITEA_RUNNER_TOKEN>"
+
+
+# kubectl create secret generic gitea-runner-secret \
+#   --namespace gitea \
+#   --from-literal=RUNNER_TOKEN=<REPLACE_WITH_GITEA_RUNNER_TOKEN>
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea-actions-runner
+  namespace: gitea
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: gitea-actions-runner
+  template:
+    metadata:
+      labels:
+        app: gitea-actions-runner
+    spec:
+      containers:
+        - name: runner
+          image: gitea/act_runner:latest
+          env:
+            - name: GITEA_INSTANCE_URL
+              value: "https://git.alexmickelson.guru"
+            - name: GITEA_RUNNER_REGISTRATION_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: gitea-runner-secret
+                  key: RUNNER_TOKEN
+            - name: GITEA_RUNNER_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: GITEA_RUNNER_LABELS
+              value: "docker,kubernetes"
+            - name: DOCKER_HOST
+              value: "unix:///var/run/docker.sock"
+          volumeMounts:
+            - name: docker-sock
+              mountPath: /var/run/docker.sock
+            - name: runner-data
+              mountPath: /data
+      volumes:
+        - name: docker-sock
+          hostPath:
+            path: /var/run/docker.sock
+        - name: runner-data
+          emptyDir: {}

kubernetes/gitea/web.yml

@@ -2,7 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: gitea-web
-  namespace: projects
+  namespace: gitea
 spec:
   replicas: 1
   selector:
@@ -35,7 +35,7 @@ spec:
             - name: GITEA__database__PASSWD
               value: wauiofnasufnweaiufbsdklfjb23456
             - name: GITEA__server__ROOT_URL
-              value: "https://gitea.alexmickelson.guru/"
+              value: "https://git.alexmickelson.guru/"
           volumeMounts:
             - name: gitea-data
               mountPath: /data
@@ -62,7 +62,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: gitea-web-svc
-  namespace: projects
+  namespace: gitea
   annotations:
     tailscale.com/expose: "true" # exposes IP directly
 spec:
@@ -81,7 +81,7 @@ apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: gitea
-  namespace: projects
+  namespace: gitea
   annotations:
     cert-manager.io/cluster-issuer: cloudflare-issuer
 spec:

nix/modules/k3s.nix

@@ -23,6 +23,7 @@
   networking.firewall.allowedTCPPorts = [
     443
     80
+    10250
   ];
   networking.firewall.allowedUDPPorts = [
     443