Enable the firewall.

2026-04-18 15:49:08 -04:00
parent 44ddc84237
commit 145ff42a1f
4 changed files with 94 additions and 18 deletions
--- a/nix/kubernetes/keys/package/deploy-script/package.nix
+++ b/nix/kubernetes/keys/package/deploy-script/package.nix
@@ -53,6 +53,33 @@ let
      group = "11236";
      mode = "0600";
    })
+    + (lib.concatMapStringsSep "\n" create_pv_dir [
+      {
+        path = "manual-pv/gitea-psql";
+        owner = "26";
+        group = "26";
+        mode = "0777";
+      }
+      # {
+      #   path = "manual-pv/gitea";
+      #   owner = "1000";
+      #   group = "1000";
+      #   mode = "0777";
+      # }
+      # {
+      #   path = "manual-pv/gitea/gitea";
+      #   owner = "1000";
+      #   group = "1000";
+      #   mode = "0700";
+      # }
+      # {
+      #   path = "manual-pv/gitea/gitea/public";
+      #   owner = "1000";
+      #   group = "1000";
+      #   mode = "0755";
+      # }
+    ])
+
  );
  deploy_script = (writeShellScript "deploy-script" deploy_script_body);
  deploy_file = (
@@ -287,6 +314,20 @@ let
         echo "${public_key_name} is already trusted in ${destination}"
      fi
    '';
+  create_pv_dir =
+    {
+      path,
+      owner,
+      group,
+      mode,
+    }:
+    ''
+      ##
+      ## create pv directory ${path}
+      ##
+      ${openssh}/bin/ssh mrmanager doas install -d -o "${owner}" -g "${group}" -m "${mode}" "/nk8spv/${path}"
+    '';
+
 in
 stdenv.mkDerivation (finalAttrs: {
  name = "deploy-script";