alex/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

firewall chanegs, kube changes

Browse Source
This commit is contained in:
Alex Mickelson
2026-01-24 14:18:13 -07:00
parent adc40a0ab3
commit eb6c9e7b10
5 changed files with 72 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
kubernetes/gitea/0-namespace.yml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
name: gitea
labels:
name: gitea

4
kubernetes/gitea/db.yml
View File

@@ -1,7 +1,7 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
namespace: projects namespace: gitea
name: gitea-db name: gitea-db
spec: spec:
replicas: 1 replicas: 1
@@ -38,7 +38,7 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: gitea-db-svc name: gitea-db-svc
namespace: projects namespace: gitea
labels: labels:
app: gitea-db app: gitea-db
spec: spec:

59
kubernetes/gitea/runner.yml Normal file
View File

@@ -0,0 +1,59 @@
# apiVersion: v1
# kind: Secret
# metadata:
# name: gitea-runner-secret
# namespace: gitea
# type: Opaque
# stringData:
# RUNNER_TOKEN: "<REPLACE_WITH_GITEA_RUNNER_TOKEN>"
# kubectl create secret generic gitea-runner-secret \
# --namespace gitea \
# --from-literal=RUNNER_TOKEN=<REPLACE_WITH_GITEA_RUNNER_TOKEN>
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: gitea-actions-runner
namespace: gitea
spec:
replicas: 1
selector:
matchLabels:
app: gitea-actions-runner
template:
metadata:
labels:
app: gitea-actions-runner
spec:
containers:
- name: runner
image: gitea/act_runner:latest
env:
- name: GITEA_INSTANCE_URL
value: "https://git.alexmickelson.guru"
- name: GITEA_RUNNER_REGISTRATION_TOKEN
valueFrom:
secretKeyRef:
name: gitea-runner-secret
key: RUNNER_TOKEN
- name: GITEA_RUNNER_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: GITEA_RUNNER_LABELS
value: "docker,kubernetes"
- name: DOCKER_HOST
value: "unix:///var/run/docker.sock"
volumeMounts:
- name: docker-sock
mountPath: /var/run/docker.sock
- name: runner-data
mountPath: /data
volumes:
- name: docker-sock
hostPath:
path: /var/run/docker.sock
- name: runner-data
emptyDir: {}

8
kubernetes/gitea/web.yml
View File

@@ -2,7 +2,7 @@ apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: gitea-web name: gitea-web
namespace: projects namespace: gitea
spec: spec:
replicas: 1 replicas: 1
selector: selector:
@@ -35,7 +35,7 @@ spec:
- name: GITEA__database__PASSWD - name: GITEA__database__PASSWD
value: wauiofnasufnweaiufbsdklfjb23456 value: wauiofnasufnweaiufbsdklfjb23456
- name: GITEA__server__ROOT_URL - name: GITEA__server__ROOT_URL
value: "https://gitea.alexmickelson.guru/" value: "https://git.alexmickelson.guru/"
volumeMounts: volumeMounts:
- name: gitea-data - name: gitea-data
mountPath: /data mountPath: /data
@@ -62,7 +62,7 @@ apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: gitea-web-svc name: gitea-web-svc
namespace: projects namespace: gitea
annotations: annotations:
tailscale.com/expose: "true" # exposes IP directly tailscale.com/expose: "true" # exposes IP directly
spec: spec:
@@ -81,7 +81,7 @@ apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: gitea name: gitea
namespace: projects namespace: gitea
annotations: annotations:
cert-manager.io/cluster-issuer: cloudflare-issuer cert-manager.io/cluster-issuer: cloudflare-issuer
spec: spec:

1
nix/modules/k3s.nix
View File

@@ -23,6 +23,7 @@
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
443 443
80 80
10250
]; ];
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [
443 443