fixed ssh forwarding to git.geokkjer.eu

machines/grey-area/services/forgejo.nix

@@ -1,8 +1,24 @@
-{ pkgs, config, ... }:
 {
+  pkgs,
+  config,
+  ...
+}: {
+  # Create the git user before Forgejo tries to use it
+  users.users.git = {
+    isSystemUser = true;
+    group = "git";
+    shell = pkgs.bash;
+    home = "/var/lib/forgejo";
+    createHome = true;
+    description = "Forgejo Git Service";
+  };
+
+  users.groups.git = {};
+
   services.forgejo = {
     enable = true;
-    user = "git";  # Explicitly set to 'git' user for SSH compatibility
+    user = "git"; # Use the git user we created above
+    group = "git";
   };
 
   services.forgejo.settings = {

machines/reverse-proxy/configuration.nix

@@ -1,6 +1,9 @@
-{ pkgs, config, lib, ... }:
-
 {
+  pkgs,
+  config,
+  lib,
+  ...
+}: {
   imports = [
     ./gandicloud.nix
     ../../modules/common/base.nix
@@ -10,7 +13,9 @@
   ];
 
   environment.systemPackages = with pkgs; [
-    neovim fastfetch tailscale
+    neovim
+    fastfetch
+    tailscale
   ];
 
   # Hostname configuration
@@ -21,8 +26,8 @@
     enable = true;
     # Allow HTTP/HTTPS from external network and Git SSH on port 2222
     # Temporarily allow SSH from everywhere - rely on fail2ban for protection
-    allowedTCPPorts = [ 22 80 443 2222 ];
-    allowedUDPPorts = [ ];
+    allowedTCPPorts = [22 80 443 2222];
+    allowedUDPPorts = [];
     # Explicitly block all other traffic
     rejectPackets = true;
   };
@@ -93,7 +98,7 @@
   security.acme = {
     acceptTerms = true;
     defaults = {
-    email = "geir@geokkjer.eu";
+      email = "geir@geokkjer.eu";
     };
   };
 }