Compare commits
4 Commits
v1.1.1
...
fd266ae24b
| Author | SHA1 | Date | |
|---|---|---|---|
fd266ae24b
|
|||
|
e2475f15b8
|
|||
|
184091c188
|
|||
|
68df9af0da
|
@@ -71,16 +71,18 @@ jobs:
|
|||||||
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
|
SOURCE_DATE_EPOCH: ${{ env.TIMESTAMP }}
|
||||||
|
|
||||||
- name: Kustomize manifests
|
- name: Kustomize manifests
|
||||||
|
if: gitea.ref_type == 'tag'
|
||||||
run: |
|
run: |
|
||||||
./kustomize build ./manifests | sed "s/\${DIGEST}/${{ steps.build.outputs.digest }}/" > ./manifests.yaml
|
./kustomize build ./manifests | sed "s/\${DIGEST}/${{ steps.build.outputs.digest }}/" > ./manifests.yaml
|
||||||
|
|
||||||
- name: Push manifests
|
- name: Push manifests
|
||||||
|
if: gitea.ref_type == 'tag'
|
||||||
run: |
|
run: |
|
||||||
flux push artifact oci://$OCI_REPO/manifests:${{ gitea.head_ref || gitea.ref_name }} \
|
flux push artifact oci://$OCI_REPO/manifests:latest \
|
||||||
--path="./manifests.yaml" \
|
--path="./manifests.yaml" \
|
||||||
--source="$(git config --get remote.origin.url)" \
|
--source="$(git config --get remote.origin.url)" \
|
||||||
--revision="$(git rev-parse HEAD)" \
|
--revision="$(git rev-parse HEAD)" \
|
||||||
$(echo "${{ steps.meta.outputs.labels }}" | sed -e 's/^/-a /')
|
$(echo "${{ steps.meta.outputs.labels }}" | sed -e 's/^/-a /')
|
||||||
|
|
||||||
flux tag artifact oci://$OCI_REPO/manifests:${{ gitea.head_ref || gitea.ref_name }} \
|
flux tag artifact oci://$OCI_REPO/manifests:latest \
|
||||||
$(echo "${{ steps.meta.outputs.tags }}" | sed -e 's/^.*:/--tag /')
|
$(echo "${{ steps.meta.outputs.tags }}" | sed -e 's/^.*:/--tag /')
|
||||||
|
|||||||
@@ -18,5 +18,5 @@ ENV RUSTC_BOOTSTRAP=1
|
|||||||
RUN cargo auditable build --release
|
RUN cargo auditable build --release
|
||||||
|
|
||||||
FROM gcr.io/distroless/cc-debian12:nonroot AS runtime
|
FROM gcr.io/distroless/cc-debian12:nonroot AS runtime
|
||||||
COPY --from=builder /app/target/release/siranga /siranga
|
COPY --from=builder /app/target/release/tunnel_rs /tunnel_rs
|
||||||
CMD ["/siranga"]
|
CMD ["/tunnel_rs"]
|
||||||
|
|||||||
@@ -40,7 +40,7 @@ By appending `-- --help` you can view the available command line options.
|
|||||||
|
|
||||||
### Tip
|
### Tip
|
||||||
|
|
||||||
To make connecting slightly easier I recommend adding the following to `~/.ssh/config`:
|
To make connecting slightly easier I recommend adding the following to `~/.ssh/config`.
|
||||||
|
|
||||||
```
|
```
|
||||||
Host tunnel
|
Host tunnel
|
||||||
|
|||||||
@@ -1,7 +0,0 @@
|
|||||||
apiVersion: authelia.huizinga.dev/v1
|
|
||||||
kind: AccessControlRule
|
|
||||||
metadata:
|
|
||||||
name: tunnel
|
|
||||||
spec:
|
|
||||||
domain: "*.tunnel.${domain}"
|
|
||||||
policy: one_factor
|
|
||||||
10
manifests/config-map-authelia-acl.yaml
Normal file
10
manifests/config-map-authelia-acl.yaml
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
apiVersion: v1
|
||||||
|
kind: ConfigMap
|
||||||
|
metadata:
|
||||||
|
name: authelia-acl
|
||||||
|
annotations:
|
||||||
|
config.huizinga.dev/fragment: authelia-acl
|
||||||
|
data:
|
||||||
|
rules: |
|
||||||
|
- domain: "*.tunnel.${domain}"
|
||||||
|
policy: one_factor
|
||||||
@@ -17,8 +17,6 @@ spec:
|
|||||||
annotations:
|
annotations:
|
||||||
kubectl.kubernetes.io/default-container: siranga
|
kubectl.kubernetes.io/default-container: siranga
|
||||||
spec:
|
spec:
|
||||||
# Service links cause issues with the HTTP_PORT and SSH_PORT env variables
|
|
||||||
enableServiceLinks: false
|
|
||||||
containers:
|
containers:
|
||||||
- name: siranga
|
- name: siranga
|
||||||
image: git.huizinga.dev/dreaded_x/siranga@${DIGEST}
|
image: git.huizinga.dev/dreaded_x/siranga@${DIGEST}
|
||||||
|
|||||||
@@ -10,6 +10,6 @@ spec:
|
|||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: http
|
- name: http
|
||||||
port: http
|
port: 3000
|
||||||
tls:
|
tls:
|
||||||
secretName: tunnel-tls
|
secretName: tunnel-tls
|
||||||
|
|||||||
@@ -4,9 +4,9 @@ namespace: siranga
|
|||||||
resources:
|
resources:
|
||||||
- ./namespace.yaml
|
- ./namespace.yaml
|
||||||
- ./service-user.yaml
|
- ./service-user.yaml
|
||||||
- ./secret-siranga-key.yaml
|
- ./secret-tunnel-key.yaml
|
||||||
- ./deployment.yaml
|
- ./deployment.yaml
|
||||||
- ./service.yaml
|
- ./service.yaml
|
||||||
- ./certificate.yaml
|
- ./certificate.yaml
|
||||||
- ./ingress-route.yaml
|
- ./ingress-route.yaml
|
||||||
- ./access-control-rule.yaml
|
- ./config-map-authelia-acl.yaml
|
||||||
|
|||||||
@@ -4,8 +4,9 @@ metadata:
|
|||||||
name: http
|
name: http
|
||||||
spec:
|
spec:
|
||||||
ports:
|
ports:
|
||||||
- name: http
|
- name: "3000"
|
||||||
port: 3000
|
port: 3000
|
||||||
|
targetPort: 3000
|
||||||
selector:
|
selector:
|
||||||
app: siranga
|
app: siranga
|
||||||
---
|
---
|
||||||
@@ -18,7 +19,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
type: LoadBalancer
|
type: LoadBalancer
|
||||||
ports:
|
ports:
|
||||||
- name: ssh
|
- name: "2222"
|
||||||
port: 22
|
port: 22
|
||||||
targetPort: 2222
|
targetPort: 2222
|
||||||
selector:
|
selector:
|
||||||
|
|||||||
12
src/main.rs
12
src/main.rs
@@ -24,19 +24,11 @@ async fn main() -> color_eyre::Result<()> {
|
|||||||
|
|
||||||
let env_filter = EnvFilter::try_from_default_env().or_else(|_| EnvFilter::try_new("info"))?;
|
let env_filter = EnvFilter::try_from_default_env().or_else(|_| EnvFilter::try_new("info"))?;
|
||||||
|
|
||||||
if std::env::var("CARGO").is_ok() {
|
|
||||||
let logger = tracing_subscriber::fmt::layer().compact();
|
let logger = tracing_subscriber::fmt::layer().compact();
|
||||||
tracing_subscriber::Registry::default()
|
tracing_subscriber::Registry::default()
|
||||||
.with(logger)
|
.with(logger)
|
||||||
.with(env_filter)
|
.with(env_filter)
|
||||||
.init();
|
.init();
|
||||||
} else {
|
|
||||||
let logger = tracing_subscriber::fmt::layer().json();
|
|
||||||
tracing_subscriber::Registry::default()
|
|
||||||
.with(logger)
|
|
||||||
.with(env_filter)
|
|
||||||
.init();
|
|
||||||
}
|
|
||||||
|
|
||||||
info!(
|
info!(
|
||||||
"Starting {} ({})",
|
"Starting {} ({})",
|
||||||
@@ -53,10 +45,10 @@ async fn main() -> color_eyre::Result<()> {
|
|||||||
};
|
};
|
||||||
|
|
||||||
let http_port = std::env::var("HTTP_PORT")
|
let http_port = std::env::var("HTTP_PORT")
|
||||||
.map(|port| port.parse().wrap_err_with(|| format!("HTTP_PORT={port}")))
|
.map(|port| port.parse())
|
||||||
.unwrap_or(Ok(3000))?;
|
.unwrap_or(Ok(3000))?;
|
||||||
let ssh_port = std::env::var("SSH_PORT")
|
let ssh_port = std::env::var("SSH_PORT")
|
||||||
.map(|port| port.parse().wrap_err_with(|| format!("SSH_PORT={port}")))
|
.map(|port| port.parse())
|
||||||
.unwrap_or(Ok(2222))?;
|
.unwrap_or(Ok(2222))?;
|
||||||
|
|
||||||
let domain =
|
let domain =
|
||||||
|
|||||||
Reference in New Issue
Block a user