From eb6c9e7b108f4a40e3afe93f9a41f676a1200010 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Sat, 24 Jan 2026 14:18:13 -0700 Subject: [PATCH] firewall chanegs, kube changes --- kubernetes/gitea/0-namespace.yml | 6 ++++ kubernetes/gitea/db.yml | 4 +-- kubernetes/gitea/runner.yml | 59 ++++++++++++++++++++++++++++++++ kubernetes/gitea/web.yml | 8 ++--- nix/modules/k3s.nix | 1 + 5 files changed, 72 insertions(+), 6 deletions(-) create mode 100644 kubernetes/gitea/0-namespace.yml create mode 100644 kubernetes/gitea/runner.yml diff --git a/kubernetes/gitea/0-namespace.yml b/kubernetes/gitea/0-namespace.yml new file mode 100644 index 0000000..177837c --- /dev/null +++ b/kubernetes/gitea/0-namespace.yml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: gitea + labels: + name: gitea \ No newline at end of file diff --git a/kubernetes/gitea/db.yml b/kubernetes/gitea/db.yml index 4557699..385f39b 100644 --- a/kubernetes/gitea/db.yml +++ b/kubernetes/gitea/db.yml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - namespace: projects + namespace: gitea name: gitea-db spec: replicas: 1 @@ -38,7 +38,7 @@ apiVersion: v1 kind: Service metadata: name: gitea-db-svc - namespace: projects + namespace: gitea labels: app: gitea-db spec: diff --git a/kubernetes/gitea/runner.yml b/kubernetes/gitea/runner.yml new file mode 100644 index 0000000..d19c124 --- /dev/null +++ b/kubernetes/gitea/runner.yml @@ -0,0 +1,59 @@ +# apiVersion: v1 +# kind: Secret +# metadata: +# name: gitea-runner-secret +# namespace: gitea +# type: Opaque +# stringData: +# RUNNER_TOKEN: "" + + +# kubectl create secret generic gitea-runner-secret \ +# --namespace gitea \ +# --from-literal=RUNNER_TOKEN= +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitea-actions-runner + namespace: gitea +spec: + replicas: 1 + selector: + matchLabels: + app: gitea-actions-runner + template: + metadata: + labels: + app: gitea-actions-runner + spec: + containers: + - name: runner + image: gitea/act_runner:latest + env: + - name: GITEA_INSTANCE_URL + value: "https://git.alexmickelson.guru" + - name: GITEA_RUNNER_REGISTRATION_TOKEN + valueFrom: + secretKeyRef: + name: gitea-runner-secret + key: RUNNER_TOKEN + - name: GITEA_RUNNER_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: GITEA_RUNNER_LABELS + value: "docker,kubernetes" + - name: DOCKER_HOST + value: "unix:///var/run/docker.sock" + volumeMounts: + - name: docker-sock + mountPath: /var/run/docker.sock + - name: runner-data + mountPath: /data + volumes: + - name: docker-sock + hostPath: + path: /var/run/docker.sock + - name: runner-data + emptyDir: {} \ No newline at end of file diff --git a/kubernetes/gitea/web.yml b/kubernetes/gitea/web.yml index fb4a87b..41c2b66 100644 --- a/kubernetes/gitea/web.yml +++ b/kubernetes/gitea/web.yml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: gitea-web - namespace: projects + namespace: gitea spec: replicas: 1 selector: @@ -35,7 +35,7 @@ spec: - name: GITEA__database__PASSWD value: wauiofnasufnweaiufbsdklfjb23456 - name: GITEA__server__ROOT_URL - value: "https://gitea.alexmickelson.guru/" + value: "https://git.alexmickelson.guru/" volumeMounts: - name: gitea-data mountPath: /data @@ -62,7 +62,7 @@ apiVersion: v1 kind: Service metadata: name: gitea-web-svc - namespace: projects + namespace: gitea annotations: tailscale.com/expose: "true" # exposes IP directly spec: @@ -81,7 +81,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: gitea - namespace: projects + namespace: gitea annotations: cert-manager.io/cluster-issuer: cloudflare-issuer spec: diff --git a/nix/modules/k3s.nix b/nix/modules/k3s.nix index b5d14d6..651eac3 100644 --- a/nix/modules/k3s.nix +++ b/nix/modules/k3s.nix @@ -23,6 +23,7 @@ networking.firewall.allowedTCPPorts = [ 443 80 + 10250 ]; networking.firewall.allowedUDPPorts = [ 443