cloudflare tunnel ingress

.gitea/workflows/apply-kubernetes.yml

@@ -50,6 +50,13 @@ jobs:
           kubectl apply -f kubernetes/homepage/
           kubectl rollout restart deployment/homepage -n homepage
 
+      - name: gitea
+        env:
+          CLOUDFLARED_GITEA_TOKEN: ${{ secrets.CLOUDFLARED_GITEA_TOKEN }}
+        run: |
+          for file in kubernetes/gitea/*.yml; do
+            cat "$file" | envsubst | kubectl apply -f -
+          done
 
   notify-on-failure:
     runs-on: home-server

kubernetes/gitea/gitea-cloudflare.yml

@@ -0,0 +1,44 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: cloudflared-gitea-token
+  namespace: gitea
+type: Opaque
+stringData:
+  token: $CLOUDFLARED_GITEA_TOKEN
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cloudflared-gitea
+  namespace: gitea
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: cloudflared-gitea
+  template:
+    metadata:
+      labels:
+        app: cloudflared-gitea
+    spec:
+      containers:
+        - name: cloudflared
+          image: cloudflare/cloudflared:latest
+          imagePullPolicy: Always
+          args:
+            - tunnel
+            - run
+          env:
+            - name: TUNNEL_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: cloudflared-gitea-token
+                  key: token
+          livenessProbe:
+            httpGet:
+              path: /ready
+              port: 2000
+            failureThreshold: 1
+            initialDelaySeconds: 10
+            periodSeconds: 10

nix/modules/gitea-runner.nix

@@ -28,6 +28,8 @@
         kubernetes-helm
         curl
         nodejs_24
+        openssl
+        gettext
       ];
       settings = {
         container = { 
@@ -49,6 +51,9 @@
     extraGroups = [ "docker" ];
     packages = with pkgs; [
       kubernetes-helm
+      nodejs_24
+      openssl
+      gettext
     ];
     shell = pkgs.bash;
   };
@@ -87,7 +92,10 @@
     User = lib.mkForce "gitea-runner";
     Group = lib.mkForce "gitea-runner";
     
-    Environment = lib.mkForce [ "PATH=/run/wrappers/bin:/run/current-system/sw/bin" ];
+    Environment = lib.mkForce [
+      "PATH=/run/wrappers/bin:/etc/profiles/per-user/gitea-runner/bin:/run/current-system/sw/bin"
+      "NIX_PATH=nixpkgs=${pkgs.path}"
+    ];
     
     DynamicUser = lib.mkForce false;
     PrivateDevices = lib.mkForce false;

nix/tv-computer.nix

@@ -5,7 +5,6 @@
 
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
-  #boot.kernelPackages = pkgs.linuxKernel.kernels.linux_6_6;
   # boot.extraModulePackages = with config.boot.kernelPackages; [ xpadneo ];
   # boot.kernelModules = [ "hid_xpadneo" ];
   # boot.kernelModules = [
@@ -13,7 +12,16 @@
   #   "uinput"
   # ];
   
-  boot.kernelPackages = pkgs.linuxPackages_6_1;
+  boot.kernelPackages = pkgs.linuxPackages_6_6;
+  # boot.kernelPackages = pkgs.linuxPackages_6_1;
+  services.xserver.enable = true;
+
+  services.xserver.displayManager.gdm = {
+    enable = true;
+    wayland = false;
+  };
+
+  services.xserver.desktopManager.gnome.enable = true;
   #boot.kernelParams = [
   #  "amdgpu.discovery=1"
   #];
@@ -38,9 +46,6 @@
     LC_TIME = "en_US.UTF-8";
   };
 
-  services.xserver.enable = true;
-  services.displayManager.gdm.enable = true;
-  services.desktopManager.gnome.enable = true;
   services.xserver.xkb = {
     layout = "us";
     variant = "";