instruction.md

@@ -92,13 +92,13 @@ Home-lab/
 
 ### Git/Forgejo Configuration
 - **Primary repository**: Hosted on self-hosted Forgejo instance
-- **Forgejo URL**: `ssh://git@git.geokkjer.eu:2222/geir/Home-lab.git`
+- **Forgejo URL**: `ssh://forgejo@git.geokkjer.eu:1337/geir/Home-lab.git`
-- **SSH port**: 2222 (proxied through reverse-proxy to grey-area:22)
+- **SSH port**: 1337 (proxied through reverse-proxy to grey-area:22)
-- **User**: Must use `git` user for SSH compatibility
+- **User**: Must use `forgejo` user, not `git` user
 - **GitHub mirror**: `git@github.com:geokkjer/Home-lab.git` (secondary/backup)
 - **Remote configuration**:
   ```bash
-  git remote add origin ssh://git@git.geokkjer.eu:2222/geir/Home-lab.git
+  git remote add origin ssh://forgejo@git.geokkjer.eu:1337/geir/Home-lab.git
   git remote add github git@github.com:geokkjer/Home-lab.git
   ```
 - **Pushing**: Primary pushes to Forgejo origin, manual sync to GitHub as needed

machines/grey-area/services/forgejo.nix

@@ -2,7 +2,7 @@
 {
   services.forgejo = {
     enable = true;
-    user = "git";  # Explicitly set to 'git' user for SSH compatibility
+    # Use the default 'forgejo' user, not 'git'
   };
    
   services.forgejo.settings = {
@@ -15,12 +15,10 @@
     server = {
       ROOT_URL = "https://git.geokkjer.eu";
       SSH_DOMAIN = "git.geokkjer.eu";
-      SSH_PORT = 2222;
+      SSH_PORT = 1337;
-      # Use system SSH server instead of built-in
+      # Disable built-in SSH server, use system SSH instead
       DISABLE_SSH = false;
       START_SSH_SERVER = false;
-      # Configure SSH user
-      SSH_USER = "git";
     };
     repository = {
       ENABLE_PUSH_CREATE_USER = true;

machines/reverse-proxy/configuration.nix

@@ -19,9 +19,9 @@
   # DMZ-specific firewall configuration - simplified for testing
   networking.firewall = {
     enable = true;
-    # Allow HTTP/HTTPS from external network and Git SSH on port 2222
+    # Allow HTTP/HTTPS from external network and Git SSH on port 1337
     # Temporarily allow SSH from everywhere - rely on fail2ban for protection
-    allowedTCPPorts = [ 22 80 443 2222 ];
+    allowedTCPPorts = [ 22 80 443 1337 ];
     allowedUDPPorts = [ ];
     # Explicitly block all other traffic
     rejectPackets = true;
@@ -81,7 +81,7 @@
       }
       
       server {
-          listen 2222;
+          listen 1337;
           proxy_pass git_ssh_backend;
           proxy_timeout 300s;
           proxy_connect_timeout 10s;

modules/common/base.nix

@@ -1,8 +1,5 @@
+{ config, pkgs, ... }:
 {
-  config,
-  pkgs,
-  ...
-}: {
   # Base system packages and aliases shared across all machines
   # This module consolidates common CLI tools to reduce duplication
   # across user configurations and machine-specific configs
@@ -37,8 +34,6 @@
     zellij
     glances
     systemctl-tui
-    starship # Shell prompt
-    btop # Resource monitor (better top)
 
     # Text processing and utilities
     jq            # JSON processor

modules/users/common.nix

@@ -1,10 +1,8 @@
 # Common User Configuration
 # Shared settings for all users in the home lab
+{ config, pkgs, ... }:
+
 {
-  config,
-  pkgs,
-  ...
-}: {
   # Common user settings
   users = {
     # Use mutable users for flexibility
@@ -22,7 +20,6 @@
     
     # direnv integration
     interactiveShellInit = ''
-      eval "$(starship init zsh)"
       eval "$(direnv hook zsh)"
     '';
     
@@ -89,6 +86,7 @@
       };
     };
     
+    
     # Enable sound
     pipewire = {
       enable = true;