From 4a532538002a9e80356f32283dbbd295e121d18e Mon Sep 17 00:00:00 2001
From: Henry-Hiles <henry@henryhiles.com>
Date: Wed, 9 Jul 2025 10:51:07 -0400
Subject: [PATCH] Fix forgejo

---
 clients/quadraticserver/caddy.nix   |  2 +-
 clients/quadraticserver/forgejo.nix | 28 +++++++++++++++-------------
 modules/desktop/ssh.nix             |  7 +++++++
 modules/server/ssh.nix              |  6 +++++-
 4 files changed, 28 insertions(+), 15 deletions(-)
 create mode 100644 modules/desktop/ssh.nix

diff --git a/clients/quadraticserver/caddy.nix b/clients/quadraticserver/caddy.nix
index 8844a46..ec91a84 100644
--- a/clients/quadraticserver/caddy.nix
+++ b/clients/quadraticserver/caddy.nix
@@ -1,4 +1,5 @@
 {pkgs, ...}: {
+  networking.firewall.allowedTCPPorts = [443];
   services.caddy = {
     enable = true;
     email = "henry@henryhiles.com";
@@ -8,5 +9,4 @@
       hash = "sha256-sdhX/dAQ7lIxBo/ZW6XYX8SRuacLO9HobtIVKD/cw0o=";
     };
   };
-  networking.firewall.allowedTCPPorts = [2222 443]; # Git SSH, HTTPS, and Matrix
 }
diff --git a/clients/quadraticserver/forgejo.nix b/clients/quadraticserver/forgejo.nix
index 264438b..58ff81f 100644
--- a/clients/quadraticserver/forgejo.nix
+++ b/clients/quadraticserver/forgejo.nix
@@ -1,4 +1,9 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}: {
+  networking.firewall.allowedTCPPorts = [22];
   services = let
     domain = "git.federated.nexus";
     socket = "/run/forgejo/socket";
@@ -21,7 +26,6 @@
           PROTOCOL = "http+unix";
 
           START_SSH_SERVER = true;
-          SSH_LISTEN_PORT = 2222;
           BUILTIN_SSH_SERVER_USER = "git";
 
           LANDING_PAGE = "explore";
@@ -31,17 +35,15 @@
       };
     };
 
-    # gitea-actions-runner = {
-    #   package = pkgs.forgejo-actions-runner;
-    #   instances.default = {
-    #     enable = true;
-    #     name = "monolith";
-    #     url = domain;
-    #     tokenFile = config.age.secrets."runnerToken.age".path;
-    #     labels = ["native:host"];
-    #   };
-    # };
-
     caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
   };
+
+  systemd.sockets.forgejo = {
+    requiredBy = ["forgejo.service"];
+    wantedBy = ["sockets.target"];
+
+    listenStreams = [
+      (toString config.services.forgejo.settings.server.SSH_PORT)
+    ];
+  };
 }
diff --git a/modules/desktop/ssh.nix b/modules/desktop/ssh.nix
new file mode 100644
index 0000000..43faeeb
--- /dev/null
+++ b/modules/desktop/ssh.nix
@@ -0,0 +1,7 @@
+{
+  programs.ssh.extraConfig = ''
+    Host server
+      HostName ssh.federated.nexus
+      Port 2222
+  '';
+}
diff --git a/modules/server/ssh.nix b/modules/server/ssh.nix
index 577e782..ae26895 100644
--- a/modules/server/ssh.nix
+++ b/modules/server/ssh.nix
@@ -1,7 +1,11 @@
-{
+let
+  port = 2222;
+in {
+  networking.firewall.allowedTCPPorts = [port];
   users.users.quadradical.openssh.authorizedKeys.keys = import ../../secrets/keys.nix;
   services.openssh = {
     enable = true;
+    ports = [port];
     settings = {
       PasswordAuthentication = false;
       AllowUsers = ["quadradical"];