From 3ae589a77c68a909f9c712161204270534bdb117 Mon Sep 17 00:00:00 2001
From: jacekpoz <jacekpoz@proton.me>
Date: Mon, 26 Aug 2024 23:16:38 +0200
Subject: [PATCH] attempt at changing the forgejo ssh port

---
 hosts/chmura/configuration.nix    |  4 ++--
 hosts/chmura/services/forgejo.nix | 18 ++++++++++++------
 2 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/hosts/chmura/configuration.nix b/hosts/chmura/configuration.nix
index 23d3d96..dc38b74 100644
--- a/hosts/chmura/configuration.nix
+++ b/hosts/chmura/configuration.nix
@@ -47,7 +47,7 @@ in {
         oci-containers.backend = "podman";
     };
 
-    networking.firewall.allowedTCPPorts = [ 80 443 22 ];
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
 
     poz = {
         other.home-manager.enable = true;
@@ -70,7 +70,7 @@ in {
                 agent.enable = false;
                 daemon = {
                     enable = true;
-                    ports = [ 7312 ];
+                    ports = [ 7312 22 ];
                 };
             };
             syncthing.enable = true;
diff --git a/hosts/chmura/services/forgejo.nix b/hosts/chmura/services/forgejo.nix
index fff5352..3684912 100644
--- a/hosts/chmura/services/forgejo.nix
+++ b/hosts/chmura/services/forgejo.nix
@@ -5,6 +5,8 @@
     ...
 }: let
     inherit (lib.attrsets) attrValues;
+
+    srv = config.services.forgejo.settings.server;
 in {
     age.secrets.forgejo-runner-token.file = ../../../secrets/forgejo-runner-token.age;
 
@@ -22,12 +24,14 @@ in {
                     APP_NAME = "fuck it we code";
                 };
 
-                server = rec {
+                server = {
                     DOMAIN = "git.jacekpoz.pl";
                     HTTP_PORT = 1849;
-                    PROTOCOL = "http";
-                    SSH_PORT = 8236;
-                    ROOT_URL = "${PROTOCOL}://${DOMAIN}/";
+                    ROOT_URL = "https://${srv.DOMAIN}/";
+
+                    # START_SSH_SERVER = true;
+                    # SSH_PORT = 8236;
+                    # SSH_LISTEN_PORT = 8236;
                 };
                 service = {
                     DISABLE_REGISTRATION = true;
@@ -47,7 +51,7 @@ in {
                 chmura = {
                     enable = true;
                     name = config.networking.hostName;
-                    url = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
+                    url = "http://localhost:${toString srv.HTTP_PORT}";
                     tokenFile = config.age.secrets.forgejo-runner-token.path;
                     labels = [
                         "native:host"
@@ -82,10 +86,12 @@ in {
         ReadWritePaths = "/srv/web";
     };
 
+    # networking.firewall.allowedTCPPorts = [ srv.SSH_PORT ];
+
     services.caddy = {
         enable = true;
         virtualHosts."git.jacekpoz.pl".extraConfig = ''
-            reverse_proxy * localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
+            reverse_proxy * localhost:${toString srv.HTTP_PORT}
         '';
     };
 }