WIP: forgejo: run internal ssh server on port 22 #131
|
|
@ -41,6 +41,9 @@
|
||||||
|
|
||||||
users.groups.gitea = {};
|
users.groups.gitea = {};
|
||||||
|
|
||||||
|
# Expose SSH port only for forgejo SSH
|
||||||
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
|
||||||
services.forgejo = {
|
services.forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
user = "gitea";
|
user = "gitea";
|
||||||
|
|
@ -63,6 +66,7 @@
|
||||||
DOMAIN = "git.pub.solar";
|
DOMAIN = "git.pub.solar";
|
||||||
HTTP_ADDR = "127.0.0.1";
|
HTTP_ADDR = "127.0.0.1";
|
||||||
HTTP_PORT = 3000;
|
HTTP_PORT = 3000;
|
||||||
|
START_SSH_SERVER = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
log.LEVEL = "Warn";
|
log.LEVEL = "Warn";
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,11 @@
|
||||||
{ pkgs, lib, ... }: {
|
{ pkgs, lib, ... }: {
|
||||||
# Don't expose SSH via public interfaces
|
# Don't expose SSH via public interfaces
|
||||||
networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 22 ];
|
networking.firewall.interfaces.wg-ssh.allowedTCPPorts = [ 2222 ];
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = lib.mkDefault false;
|
openFirewall = lib.mkDefault false;
|
||||||
|
ports = [ 2222 ];
|
||||||
settings = {
|
settings = {
|
||||||
PermitRootLogin = "prohibit-password";
|
PermitRootLogin = "prohibit-password";
|
||||||
PasswordAuthentication = false;
|
PasswordAuthentication = false;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue