geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: geir:1fd6de255131ff45972ed05e75591045a1ec8015
Branches Tags
geir:main
...
compare: geir:f6eb588ccdfd29f985178d50ad41d272a3342132
Branches Tags
geir:main

3 commits
1fd6de2551 ... f6eb588ccd

Author SHA1 Message Date
Geir Okkenhaug Jerstad
f6eb588ccd Update instruction file with corrected Git SSH configuration 
- Change port from 1337 to 2222
- Update user from forgejo to git for SSH compatibility
- Fix URL and remote configuration examples
 2025-06-10 22:43:49 +02:00
Geir Okkenhaug Jerstad
1f222f2997 Change Git SSH port from 1337 to 2222 
- Port 1337 appears to be blocked by VPS provider
- Port 2222 is more commonly allowed for SSH services
- Update both reverse-proxy and Forgejo configurations
- This should resolve the SSH timeout issues
 2025-06-10 22:42:13 +02:00
Geir Okkenhaug Jerstad
f2c9eed794 Fix Forgejo SSH user configuration 
- Set explicit git user for Forgejo service
- Add SSH_USER configuration for proper SSH handling
- Ensure compatibility with system SSH server
 2025-06-10 22:40:01 +02:00
6 changed files with 72 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

8
instruction.md
View file

@ -92,13 +92,13 @@ Home-lab/
### Git/Forgejo Configuration ### Git/Forgejo Configuration
- **Primary repository**: Hosted on self-hosted Forgejo instance - **Primary repository**: Hosted on self-hosted Forgejo instance
- **Forgejo URL**: `ssh://forgejo@git.geokkjer.eu:1337/geir/Home-lab.git` - **Forgejo URL**: `ssh://git@git.geokkjer.eu:2222/geir/Home-lab.git`
- **SSH port**: 1337 (proxied through reverse-proxy to grey-area:22) - **SSH port**: 2222 (proxied through reverse-proxy to grey-area:22)
- **User**: Must use `forgejo` user, not `git` user - **User**: Must use `git` user for SSH compatibility
- **GitHub mirror**: `git@github.com:geokkjer/Home-lab.git` (secondary/backup) - **GitHub mirror**: `git@github.com:geokkjer/Home-lab.git` (secondary/backup)
- **Remote configuration**: - **Remote configuration**:
```bash ```bash
git remote add origin ssh://forgejo@git.geokkjer.eu:1337/geir/Home-lab.git git remote add origin ssh://git@git.geokkjer.eu:2222/geir/Home-lab.git
git remote add github git@github.com:geokkjer/Home-lab.git git remote add github git@github.com:geokkjer/Home-lab.git
``` ```
- **Pushing**: Primary pushes to Forgejo origin, manual sync to GitHub as needed - **Pushing**: Primary pushes to Forgejo origin, manual sync to GitHub as needed

8
machines/grey-area/services/forgejo.nix
View file

@ -2,7 +2,7 @@
{ {
services.forgejo = { services.forgejo = {
enable = true; enable = true;
# Use the default 'forgejo' user, not 'git' user = "git"; # Explicitly set to 'git' user for SSH compatibility
}; };
services.forgejo.settings = { services.forgejo.settings = {
@ -15,10 +15,12 @@
server = { server = {
ROOT_URL = "https://git.geokkjer.eu"; ROOT_URL = "https://git.geokkjer.eu";
SSH_DOMAIN = "git.geokkjer.eu"; SSH_DOMAIN = "git.geokkjer.eu";
SSH_PORT = 1337; SSH_PORT = 2222;
# Disable built-in SSH server, use system SSH instead # Use system SSH server instead of built-in
DISABLE_SSH = false; DISABLE_SSH = false;
START_SSH_SERVER = false; START_SSH_SERVER = false;
# Configure SSH user
SSH_USER = "git";
}; };
repository = { repository = {
ENABLE_PUSH_CREATE_USER = true; ENABLE_PUSH_CREATE_USER = true;

6
machines/reverse-proxy/configuration.nix
View file

@ -19,9 +19,9 @@
# DMZ-specific firewall configuration - simplified for testing # DMZ-specific firewall configuration - simplified for testing
networking.firewall = { networking.firewall = {
enable = true; enable = true;
# Allow HTTP/HTTPS from external network and Git SSH on port 1337 # Allow HTTP/HTTPS from external network and Git SSH on port 2222
# Temporarily allow SSH from everywhere - rely on fail2ban for protection # Temporarily allow SSH from everywhere - rely on fail2ban for protection
allowedTCPPorts = [ 22 80 443 1337 ]; allowedTCPPorts = [ 22 80 443 2222 ];
allowedUDPPorts = [ ]; allowedUDPPorts = [ ];
# Explicitly block all other traffic # Explicitly block all other traffic
rejectPackets = true; rejectPackets = true;
@ -81,7 +81,7 @@
} }
server { server {
listen 1337; listen 2222;
proxy_pass git_ssh_backend; proxy_pass git_ssh_backend;
proxy_timeout 300s; proxy_timeout 300s;
proxy_connect_timeout 10s; proxy_connect_timeout 10s;

61
modules/common/base.nix
View file

@ -1,54 +1,59 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
# Base system packages and aliases shared across all machines # Base system packages and aliases shared across all machines
# This module consolidates common CLI tools to reduce duplication # This module consolidates common CLI tools to reduce duplication
# across user configurations and machine-specific configs # across user configurations and machine-specific configs
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# Modern CLI tools (rust-based replacements) # Modern CLI tools (rust-based replacements)
tldr # Better man pages tldr # Better man pages
eza # Better ls eza # Better ls
bat # Better cat bat # Better cat
ripgrep # Better grep ripgrep # Better grep
du-dust # Better du du-dust # Better du
bottom # Better top bottom # Better top
fd # Better find fd # Better find
fzf # Fuzzy finder fzf # Fuzzy finder
zoxide # Better cd zoxide # Better cd
uutils-coreutils-noprefix # Modern coreutils uutils-coreutils-noprefix # Modern coreutils
# Environment management # Environment management
direnv # Directory-based environment management direnv # Directory-based environment management
nix-direnv # Nix integration for direnv nix-direnv # Nix integration for direnv
# Essential system tools # Essential system tools
curl # HTTP client curl # HTTP client
wget # Download utility wget # Download utility
git # Version control git # Version control
htop # Process viewer htop # Process viewer
tree # Directory tree viewer tree # Directory tree viewer
file # File type detection file # File type detection
unzip # Archive extraction unzip # Archive extraction
zip # Archive creation zip # Archive creation
fastfetch fastfetch
zellij zellij
glances glances
systemctl-tui systemctl-tui
starship # Shell prompt
btop # Resource monitor (better top)
# Text processing and utilities # Text processing and utilities
jq # JSON processor jq # JSON processor
yq # YAML processor yq # YAML processor
# Network utilities # Network utilities
nmap # Network mapper nmap # Network mapper
# System monitoring and diagnostics # System monitoring and diagnostics
lsof # List open files lsof # List open files
strace # System call tracer strace # System call tracer
ncdu # Disk usage analyzer ncdu # Disk usage analyzer
# Development basics # Development basics
github-cli # GitHub CLI github-cli # GitHub CLI
]; ];
environment.shellAliases = { environment.shellAliases = {
vi = "nvim"; vi = "nvim";

0
modules/common/emacs.nix Normal file
View file

12
modules/users/common.nix
View file

@ -1,8 +1,10 @@
# Common User Configuration # Common User Configuration
# Shared settings for all users in the home lab # Shared settings for all users in the home lab
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
# Common user settings # Common user settings
users = { users = {
# Use mutable users for flexibility # Use mutable users for flexibility
@ -20,6 +22,7 @@
# direnv integration # direnv integration
interactiveShellInit = '' interactiveShellInit = ''
eval "$(starship init zsh)"
eval "$(direnv hook zsh)" eval "$(direnv hook zsh)"
''; '';
@ -81,12 +84,11 @@
enable = true; enable = true;
settings = { settings = {
PasswordAuthentication = false; # Key-based auth only PasswordAuthentication = false; # Key-based auth only
PermitRootLogin = "no"; # No root login PermitRootLogin = "no"; # No root login
X11Forwarding = true; # For GUI applications over SSH X11Forwarding = true; # For GUI applications over SSH
}; };
}; };
# Enable sound # Enable sound
pipewire = { pipewire = {
enable = true; enable = true;