From 538a0745fe157ed4f37604f8930f22cc5a68e309 Mon Sep 17 00:00:00 2001
From: Tony Du <tonydu121@hotmail.com>
Date: Fri, 28 Feb 2025 21:31:54 -0800
Subject: [PATCH] feat: Expose git

---
 .envrc                                        |  1 +
 .gitignore                                    |  5 +++
 flake.lock                                    | 25 +++++++++++++
 flake.nix                                     | 25 +++++++++++++
 k8s/apps/cloudflared/cloudflared-mnke.yaml    |  2 ++
 .../ingressroutes/external/build/gitea.yaml   | 35 +++++++++++++++++++
 .../external/build/kustomization.yaml         |  1 +
 .../external/templater/values.yaml            |  7 ++++
 8 files changed, 101 insertions(+)
 create mode 100644 .envrc
 create mode 100644 flake.lock
 create mode 100644 flake.nix
 create mode 100644 k8s/apps/ingressroutes/external/build/gitea.yaml

diff --git a/.envrc b/.envrc
new file mode 100644
index 0000000..3550a30
--- /dev/null
+++ b/.envrc
@@ -0,0 +1 @@
+use flake
diff --git a/.gitignore b/.gitignore
index 181ccba..7714ad4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,9 @@
 .env
+.direnv
+
 /secrets.yml
+
 venv
+.venv
+
 age.agekey
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..1d0fc86
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,25 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1739736696,
+        "narHash": "sha256-zON2GNBkzsIyALlOCFiEBcIjI4w38GYOb+P+R4S8Jsw=",
+        "rev": "d74a2335ac9c133d6bbec9fc98d91a77f1604c1f",
+        "revCount": 754461,
+        "type": "tarball",
+        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.754461%2Brev-d74a2335ac9c133d6bbec9fc98d91a77f1604c1f/01951426-5a87-7b75-8413-1a0d9ec5ff04/source.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..0c73716
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,25 @@
+{
+  description = "A Nix-flake-based Python development environment";
+
+  inputs.nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1.tar.gz";
+
+  outputs = { self, nixpkgs }:
+    let
+      supportedSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
+      forEachSupportedSystem = f: nixpkgs.lib.genAttrs supportedSystems (system: f {
+        pkgs = import nixpkgs { inherit system; };
+      });
+    in
+    {
+      devShells = forEachSupportedSystem ({ pkgs }: {
+        default = pkgs.mkShell {
+          venvDir = ".venv";
+          packages = with pkgs; [ python311 ] ++
+            (with pkgs.python311Packages; [
+              pip
+              venvShellHook
+            ]);
+        };
+      });
+    };
+}
diff --git a/k8s/apps/cloudflared/cloudflared-mnke.yaml b/k8s/apps/cloudflared/cloudflared-mnke.yaml
index d858d8f..9b54d5f 100644
--- a/k8s/apps/cloudflared/cloudflared-mnke.yaml
+++ b/k8s/apps/cloudflared/cloudflared-mnke.yaml
@@ -124,6 +124,8 @@ data:
       service: https://vault.mnke.org
     - hostname: authentik.mnke.org
       service: https://authentik.mnke.org
+    - hostname: git.mnke.org
+      service: https://git.mnke.org
     - hostname: nc.mnke.org
       service: https://nc.mnke.org
     - hostname: clotho_moirai.mnke.org
diff --git a/k8s/apps/ingressroutes/external/build/gitea.yaml b/k8s/apps/ingressroutes/external/build/gitea.yaml
new file mode 100644
index 0000000..ccf4205
--- /dev/null
+++ b/k8s/apps/ingressroutes/external/build/gitea.yaml
@@ -0,0 +1,35 @@
+---
+# This file was automatically generated. Do not modify.
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-external
+  namespace: default
+spec:
+  type: ExternalName
+  externalName: git.jumper.mnke.org
+  ports:
+    - name: gitea-external
+      port: 443
+      targetPort: 443
+
+---
+# This file was automatically generated. Do not modify.
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea-external
+  namespace: default
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`git.mnke.org`)
+      kind: Rule
+      services:
+        - kind: Service
+          name: gitea-external
+          port: 443
+          passHostHeader: True
+  tls:
+    secretName: wildcard-mnke-org-tls
diff --git a/k8s/apps/ingressroutes/external/build/kustomization.yaml b/k8s/apps/ingressroutes/external/build/kustomization.yaml
index 6e664ed..b832356 100644
--- a/k8s/apps/ingressroutes/external/build/kustomization.yaml
+++ b/k8s/apps/ingressroutes/external/build/kustomization.yaml
@@ -8,6 +8,7 @@ resources:
   - seerr-tonydu.yaml
   - wizarr-tonydu.yaml
   - dns-dolo-mnke.yaml
+  - gitea.yaml
   - vaultwarden.yaml
   - panel.yaml
   - clotho-moirai.yaml
diff --git a/k8s/apps/ingressroutes/external/templater/values.yaml b/k8s/apps/ingressroutes/external/templater/values.yaml
index b3c04f8..4d3af37 100644
--- a/k8s/apps/ingressroutes/external/templater/values.yaml
+++ b/k8s/apps/ingressroutes/external/templater/values.yaml
@@ -58,6 +58,13 @@ proxies:
     upstream_port: 5380
     pass_host_header: false
 
+  - service_name: gitea
+    tls_secret_name: wildcard-mnke-org-tls
+    listen_host: git.mnke.org
+    upstream_host: git.jumper.mnke.org
+    upstream_port: 443
+    pass_host_header: true
+
   - service_name: vaultwarden
     tls_secret_name: wildcard-mnke-org-tls
     listen_host: vault.mnke.org