fixed ssh forwarding to git.geokkjer.eu
This commit is contained in:
Geir Okkenhaug Jerstad
parent
f6eb588ccd
commit
2a25c42063
2 changed files with 34 additions and 13 deletions
|
|
@ -1,10 +1,26 @@
|
||||||
{ pkgs, config, ... }:
|
|
||||||
{
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
# Create the git user before Forgejo tries to use it
|
||||||
|
users.users.git = {
|
||||||
|
isSystemUser = true;
|
||||||
|
group = "git";
|
||||||
|
shell = pkgs.bash;
|
||||||
|
home = "/var/lib/forgejo";
|
||||||
|
createHome = true;
|
||||||
|
description = "Forgejo Git Service";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.git = {};
|
||||||
|
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
user = "git"; # Explicitly set to 'git' user for SSH compatibility
|
user = "git"; # Use the git user we created above
|
||||||
|
group = "git";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.forgejo.settings = {
|
services.forgejo.settings = {
|
||||||
DEFAULT = {
|
DEFAULT = {
|
||||||
RUN_MODE = "prod";
|
RUN_MODE = "prod";
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,10 @@
|
||||||
{ pkgs, config, lib, ... }:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
./gandicloud.nix
|
./gandicloud.nix
|
||||||
../../modules/common/base.nix
|
../../modules/common/base.nix
|
||||||
../../modules/network/extraHosts.nix
|
../../modules/network/extraHosts.nix
|
||||||
|
|
@ -10,7 +13,9 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
neovim fastfetch tailscale
|
neovim
|
||||||
|
fastfetch
|
||||||
|
tailscale
|
||||||
];
|
];
|
||||||
|
|
||||||
# Hostname configuration
|
# Hostname configuration
|
||||||
|
|
@ -21,8 +26,8 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
# Allow HTTP/HTTPS from external network and Git SSH on port 2222
|
# Allow HTTP/HTTPS from external network and Git SSH on port 2222
|
||||||
# Temporarily allow SSH from everywhere - rely on fail2ban for protection
|
# Temporarily allow SSH from everywhere - rely on fail2ban for protection
|
||||||
allowedTCPPorts = [ 22 80 443 2222 ];
|
allowedTCPPorts = [22 80 443 2222];
|
||||||
allowedUDPPorts = [ ];
|
allowedUDPPorts = [];
|
||||||
# Explicitly block all other traffic
|
# Explicitly block all other traffic
|
||||||
rejectPackets = true;
|
rejectPackets = true;
|
||||||
};
|
};
|
||||||
|
|
@ -51,7 +56,7 @@
|
||||||
ClientAliveCountMax = 2;
|
ClientAliveCountMax = 2;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# nginx reverse proxy
|
# nginx reverse proxy
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -79,7 +84,7 @@
|
||||||
upstream git_ssh_backend {
|
upstream git_ssh_backend {
|
||||||
server grey-area:22;
|
server grey-area:22;
|
||||||
}
|
}
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 2222;
|
listen 2222;
|
||||||
proxy_pass git_ssh_backend;
|
proxy_pass git_ssh_backend;
|
||||||
|
|
@ -93,7 +98,7 @@
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
defaults = {
|
defaults = {
|
||||||
email = "geir@geokkjer.eu";
|
email = "geir@geokkjer.eu";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue