attempt at changing the forgejo ssh port

2024-08-26 23:16:38 +02:00 · 2024-08-26 23:16:38 +02:00 · 3ae589a77c
commit 3ae589a77c
parent d1f639e88e
2 changed files with 14 additions and 8 deletions
--- a/hosts/chmura/configuration.nix
+++ b/hosts/chmura/configuration.nix
@ -47,7 +47,7 @@ in {
        oci-containers.backend = "podman";
    };

-    networking.firewall.allowedTCPPorts = [ 80 443 22 ];
+    networking.firewall.allowedTCPPorts = [ 80 443 ];

    poz = {
        other.home-manager.enable = true;
@ -70,7 +70,7 @@ in {
                agent.enable = false;
                daemon = {
                    enable = true;
-                    ports = [ 7312 ];
+                    ports = [ 7312 22 ];
                };
            };
            syncthing.enable = true;
--- a/hosts/chmura/services/forgejo.nix
+++ b/hosts/chmura/services/forgejo.nix
@ -5,6 +5,8 @@
    ...
 }: let
    inherit (lib.attrsets) attrValues;
+
+    srv = config.services.forgejo.settings.server;
 in {
    age.secrets.forgejo-runner-token.file = ../../../secrets/forgejo-runner-token.age;

@ -22,12 +24,14 @@ in {
                    APP_NAME = "fuck it we code";
                };

-                server = rec {
+                server = {
                    DOMAIN = "git.jacekpoz.pl";
                    HTTP_PORT = 1849;
-                    PROTOCOL = "http";
-                    SSH_PORT = 8236;
-                    ROOT_URL = "${PROTOCOL}://${DOMAIN}/";
+                    ROOT_URL = "https://${srv.DOMAIN}/";
+
+                    # START_SSH_SERVER = true;
+                    # SSH_PORT = 8236;
+                    # SSH_LISTEN_PORT = 8236;
                };
                service = {
                    DISABLE_REGISTRATION = true;
@ -47,7 +51,7 @@ in {
                chmura = {
                    enable = true;
                    name = config.networking.hostName;
-                    url = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
+                    url = "http://localhost:${toString srv.HTTP_PORT}";
                    tokenFile = config.age.secrets.forgejo-runner-token.path;
                    labels = [
                        "native:host"
@ -82,10 +86,12 @@ in {
        ReadWritePaths = "/srv/web";
    };

+    # networking.firewall.allowedTCPPorts = [ srv.SSH_PORT ];
+
    services.caddy = {
        enable = true;
        virtualHosts."git.jacekpoz.pl".extraConfig = ''
-            reverse_proxy * localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
+            reverse_proxy * localhost:${toString srv.HTTP_PORT}
        '';
    };
 }