Update instruction file with corrected Git SSH configuration

- Change port from 1337 to 2222 - Update user from forgejo to git for SSH compatibility - Fix URL and remote configuration examples
Change Git SSH port from 1337 to 2222
2025-06-10 22:43:49 +02:00 · 2025-06-10 22:42:13 +02:00 · 2025-06-10 22:40:01 +02:00
6 changed files with 72 additions and 63 deletions
--- a/instruction.md
+++ b/instruction.md
@ -92,13 +92,13 @@ Home-lab/
 ### Git/Forgejo Configuration
 - **Primary repository**: Hosted on self-hosted Forgejo instance
- **Forgejo URL**: `ssh://forgejo@git.geokkjer.eu:1337/geir/Home-lab.git`
+- **Forgejo URL**: `ssh://git@git.geokkjer.eu:2222/geir/Home-lab.git`
- **SSH port**: 1337 (proxied through reverse-proxy to grey-area:22)
+- **SSH port**: 2222 (proxied through reverse-proxy to grey-area:22)
- **User**: Must use `forgejo` user, not `git` user
+- **User**: Must use `git` user for SSH compatibility
 - **GitHub mirror**: `git@github.com:geokkjer/Home-lab.git` (secondary/backup)
 - **Remote configuration**:
  ```bash
-  git remote add origin ssh://forgejo@git.geokkjer.eu:1337/geir/Home-lab.git
+  git remote add origin ssh://git@git.geokkjer.eu:2222/geir/Home-lab.git
  git remote add github git@github.com:geokkjer/Home-lab.git
  ```
 - **Pushing**: Primary pushes to Forgejo origin, manual sync to GitHub as needed
--- a/machines/grey-area/services/forgejo.nix
+++ b/machines/grey-area/services/forgejo.nix
@ -2,7 +2,7 @@
 {
  services.forgejo = {
    enable = true;
-    # Use the default 'forgejo' user, not 'git'
+    user = "git";  # Explicitly set to 'git' user for SSH compatibility
  };
  services.forgejo.settings = {
@ -15,10 +15,12 @@
    server = {
      ROOT_URL = "https://git.geokkjer.eu";
      SSH_DOMAIN = "git.geokkjer.eu";
-      SSH_PORT = 1337;
+      SSH_PORT = 2222;
-      # Disable built-in SSH server, use system SSH instead
+      # Use system SSH server instead of built-in
      DISABLE_SSH = false;
      START_SSH_SERVER = false;
      # Configure SSH user
      SSH_USER = "git";
    };
    repository = {
      ENABLE_PUSH_CREATE_USER = true;
--- a/machines/reverse-proxy/configuration.nix
+++ b/machines/reverse-proxy/configuration.nix
@ -19,9 +19,9 @@
  # DMZ-specific firewall configuration - simplified for testing
  networking.firewall = {
    enable = true;
-    # Allow HTTP/HTTPS from external network and Git SSH on port 1337
+    # Allow HTTP/HTTPS from external network and Git SSH on port 2222
    # Temporarily allow SSH from everywhere - rely on fail2ban for protection
-    allowedTCPPorts = [ 22 80 443 1337 ];
+    allowedTCPPorts = [ 22 80 443 2222 ];
    allowedUDPPorts = [ ];
    # Explicitly block all other traffic
    rejectPackets = true;
@ -81,7 +81,7 @@
      }
      server {
-          listen 1337;
+          listen 2222;
          proxy_pass git_ssh_backend;
          proxy_timeout 300s;
          proxy_connect_timeout 10s;
--- a/modules/common/base.nix
+++ b/modules/common/base.nix
@ -1,54 +1,59 @@
 { config, pkgs, ... }:
 {
  config,
  pkgs,
  ...
 }: {
  # Base system packages and aliases shared across all machines
  # This module consolidates common CLI tools to reduce duplication
  # across user configurations and machine-specific configs
-  
+
  environment.systemPackages = with pkgs; [
-    # Modern CLI tools (rust-based replacements) 
+    # Modern CLI tools (rust-based replacements)
-    tldr          # Better man pages
+    tldr # Better man pages
-    eza           # Better ls
+    eza # Better ls
-    bat           # Better cat  
+    bat # Better cat
-    ripgrep       # Better grep
+    ripgrep # Better grep
-    du-dust       # Better du
+    du-dust # Better du
-    bottom        # Better top
+    bottom # Better top
-    fd            # Better find
+    fd # Better find
-    fzf           # Fuzzy finder
+    fzf # Fuzzy finder
-    zoxide        # Better cd
+    zoxide # Better cd
-    uutils-coreutils-noprefix  # Modern coreutils
+    uutils-coreutils-noprefix # Modern coreutils
-    
+
    # Environment management
-    direnv        # Directory-based environment management
+    direnv # Directory-based environment management
-    nix-direnv    # Nix integration for direnv
+    nix-direnv # Nix integration for direnv
-    
+
    # Essential system tools
-    curl          # HTTP client
+    curl # HTTP client
-    wget          # Download utility
+    wget # Download utility
-    git           # Version control
+    git # Version control
-    htop          # Process viewer
+    htop # Process viewer
-    tree          # Directory tree viewer
+    tree # Directory tree viewer
-    file          # File type detection
+    file # File type detection
-    unzip         # Archive extraction
+    unzip # Archive extraction
-    zip           # Archive creation
+    zip # Archive creation
    fastfetch
    zellij
    glances
    systemctl-tui
    starship # Shell prompt
    btop # Resource monitor (better top)
    # Text processing and utilities
-    jq            # JSON processor
+    jq # JSON processor
-    yq            # YAML processor
+    yq # YAML processor
-    
+
    # Network utilities
-    nmap          # Network mapper
+    nmap # Network mapper
-    
+
    # System monitoring and diagnostics
-    lsof          # List open files
+    lsof # List open files
-    strace        # System call tracer
+    strace # System call tracer
-    ncdu          # Disk usage analyzer
+    ncdu # Disk usage analyzer
-    
+
    # Development basics
-    github-cli    # GitHub CLI
+    github-cli # GitHub CLI
  ];
  environment.shellAliases = {
    vi = "nvim";
@ -69,4 +74,4 @@
    gpa = "git remote | xargs -L1 git push";
    gl = "git log --oneline -10";
  };
-}
+}
--- a/modules/common/emacs.nix
+++ b/modules/common/emacs.nix
--- a/modules/users/common.nix
+++ b/modules/users/common.nix
@ -1,13 +1,15 @@
 # Common User Configuration
 # Shared settings for all users in the home lab
 { config, pkgs, ... }:
 {
  config,
  pkgs,
  ...
 }: {
  # Common user settings
  users = {
    # Use mutable users for flexibility
    mutableUsers = true;
-    
+
    # Default shell for all users
    defaultUserShell = pkgs.zsh;
  };
@ -17,34 +19,35 @@
    enable = true;
    autosuggestions.enable = true;
    syntaxHighlighting.enable = true;
-    
+
    # direnv integration
    interactiveShellInit = ''
      eval "$(starship init zsh)"
      eval "$(direnv hook zsh)"
    '';
-    
+
    # Common aliases for all users
    shellAliases = {
      # Modern CLI tool replacements (basic ones moved to base.nix)
      "ll" = "eza -l --color=auto --group-directories-first";
      "la" = "eza -la --color=auto --group-directories-first";
      "tree" = "eza --tree";
-      
+
      # Git shortcuts (basic ones moved to base.nix)
-      
+
      # System shortcuts (some moved to base.nix)
      "top" = "btop";
-      
+
      # Network
      "ping" = "ping -c 5";
      "myip" = "curl -s ifconfig.me";
-      
+
      # Safety
      "rm" = "rm -i";
      "mv" = "mv -i";
      "cp" = "cp -i";
    };
-    
+
    # Common environment variables
    sessionVariables = {
      EDITOR = "emacs";
@ -57,10 +60,10 @@
  environment.systemPackages = with pkgs; [
    # Essential CLI tools moved to base.nix
    # Adding user-specific tools here
-    
+
    # Communication
    firefox
-    
+
    # Development (basic tools moved to base.nix)
    # Additional utilities not in base.nix
  ];
@ -69,7 +72,7 @@
  security = {
    # Require password for sudo (can be overridden per user)
    sudo.wheelNeedsPassword = true;
-    
+
    # Polkit for desktop users
    polkit.enable = true;
  };
@ -81,12 +84,11 @@
      enable = true;
      settings = {
        PasswordAuthentication = false; # Key-based auth only
-        PermitRootLogin = "no";         # No root login
+        PermitRootLogin = "no"; # No root login
-        X11Forwarding = true;           # For GUI applications over SSH
+        X11Forwarding = true; # For GUI applications over SSH
      };
    };
-    
+
    # Enable sound
    pipewire = {
      enable = true;