feat: Expose git

.envrc

@@ -0,0 +1 @@
+use flake

.gitignore

@@ -1,4 +1,9 @@
 .env
+.direnv
+
 /secrets.yml
+
 venv
+.venv
+
 age.agekey

flake.lock

@@ -0,0 +1,25 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1739736696,
+        "narHash": "sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb+P+R4S8Jsw=",
+        "rev": "d74a2335ac9c133d6bbec9fc98d91a77f1604c1f",
+        "revCount": 754461,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.754461%2Brev-d74a2335ac9c133d6bbec9fc98d91a77f1604c1f/01951426-5a87-7b75-8413-1a0d9ec5ff04/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,25 @@
+{
+  description = "A Nix-flake-based Python development environment";
+
+  inputs.nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1.tar.gz";
+
+  outputs = { self, nixpkgs }:
+    let
+      supportedSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
+      forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f {
+        pkgs = import nixpkgs { inherit system; };
+      });
+    in
+    {
+      devShells = forEachSupportedSystem ({ pkgs }: {
+        default = pkgs.mkShell {
+          venvDir = ".venv";
+          packages = with pkgs; [ python311 ] ++
+            (with pkgs.python311Packages; [
+              pip
+              venvShellHook
+            ]);
+        };
+      });
+    };
+}

k8s/apps/cloudflared/cloudflared-mnke.yaml

@@ -124,6 +124,8 @@ data:
       service: https://vault.mnke.org
     - hostname: authentik.mnke.org
       service: https://authentik.mnke.org
+    - hostname: git.mnke.org
+      service: https://git.mnke.org
     - hostname: nc.mnke.org
       service: https://nc.mnke.org
     - hostname: clotho_moirai.mnke.org

k8s/apps/ingressroutes/external/build/gitea.yaml

@@ -0,0 +1,35 @@
+---
+# This file was automatically generated. Do not modify.
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-external
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: git.jumper.mnke.org
+  ports:
+    - name: gitea-external
+      port: 443
+      targetPort: 443
+
+---
+# This file was automatically generated. Do not modify.
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea-external
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`git.mnke.org`)
+      kind: Rule
+      services:
+        - kind: Service
+          name: gitea-external
+          port: 443
+          passHostHeader: True
+  tls:
+    secretName: wildcard-mnke-org-tls

k8s/apps/ingressroutes/external/build/kustomization.yaml

@@ -8,6 +8,7 @@ resources:
   - seerr-tonydu.yaml
   - wizarr-tonydu.yaml
   - dns-dolo-mnke.yaml
+  - gitea.yaml
   - vaultwarden.yaml
   - panel.yaml
   - clotho-moirai.yaml

k8s/apps/ingressroutes/external/templater/values.yaml

@@ -58,6 +58,13 @@ proxies:
     upstream_port: 5380
     pass_host_header: false
 
+  - service_name: gitea
+    tls_secret_name: wildcard-mnke-org-tls
+    listen_host: git.mnke.org
+    upstream_host: git.jumper.mnke.org
+    upstream_port: 443
+    pass_host_header: true
+
   - service_name: vaultwarden
     tls_secret_name: wildcard-mnke-org-tls
     listen_host: vault.mnke.org