diff --git a/asset/sudoers.d/ui_gitea_ci b/asset/sudoers.d/ui_gitea_ci
new file mode 100644
index 0000000..335afe1
--- /dev/null
+++ b/asset/sudoers.d/ui_gitea_ci
@@ -0,0 +1,5 @@
+gitea_ci ALL=(root) NOPASSWD: /usr/bin/ln -sf /etc/nginx/sites-available/blekin.kosherinata.internal.conf /etc/nginx/sites-enabled/blekin.kosherinata.internal.conf
+gitea_ci ALL=(root) NOPASSWD: /usr/bin/nginx -t
+gitea_ci ALL=(root) NOPASSWD: /usr/bin/systemctl reload nginx.service
+gitea_ci ALL=(root) NOPASSWD: /usr/bin/rsync * /var/www/blekin.kosherinata.internal/
+gitea_ci ALL=(root) NOPASSWD: /usr/bin/rsync * /etc/nginx/sites-available/blekin.kosherinata.internal.conf
diff --git a/asset/sudoers.d/ws_gitea_ci b/asset/sudoers.d/ws_gitea_ci
new file mode 100644
index 0000000..17f4942
--- /dev/null
+++ b/asset/sudoers.d/ws_gitea_ci
@@ -0,0 +1,5 @@
+gitea_ci ALL=(root) NOPASSWD: /usr/bin/rsync * /usr/local/bin/ericrfb-proxy
+gitea_ci ALL=(root) NOPASSWD: /usr/bin/rsync * /etc/systemd/system/blekin.service
+gitea_ci ALL=(root) NOPASSWD: /usr/bin/systemctl start blekin.service
+gitea_ci ALL=(root) NOPASSWD: /usr/bin/systemctl stop blekin.service
+gitea_ci ALL=(root) NOPASSWD: /usr/bin/systemctl enable blekin.service
diff --git a/script/setup.sh b/script/setup.sh
index 9043227..6afbb0c 100755
--- a/script/setup.sh
+++ b/script/setup.sh
@@ -134,3 +134,11 @@ fi
 # sudo semanage fcontext -a -t httpd_sys_content_t "/var/www/blekin.kosherinata.internal(/.*)?"
 # sudo restorecon -Rv /var/www/blekin.kosherinata.internal/
 # sync asset/sudoers.d/ui_gitea_ci to /etc/sudoers.d/gitea_ci
+# # Create the service definition
+#sudo firewall-cmd --permanent --new-service=blekin
+#sudo firewall-cmd --permanent --service=blekin --set-description="blekin e-RIC RFB proxy"
+#sudo firewall-cmd --permanent --service=blekin --add-port=3000/tcp
+
+# Enable it in the active zone
+#sudo firewall-cmd --permanent --add-service=blekin
+#sudo firewall-cmd --reload