Fix forgejo

clients/quadraticserver/caddy.nix

@@ -1,4 +1,5 @@
 {pkgs, ...}: {
+  networking.firewall.allowedTCPPorts = [443];
   services.caddy = {
     enable = true;
     email = "henry@henryhiles.com";
@@ -8,5 +9,4 @@
       hash = "sha256-sdhX/dAQ7lIxBo/ZW6XYX8SRuacLO9HobtIVKD/cw0o=";
     };
   };
-  networking.firewall.allowedTCPPorts = [2222 443]; # Git SSH, HTTPS, and Matrix
 }

clients/quadraticserver/forgejo.nix

@@ -1,4 +1,9 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}: {
+  networking.firewall.allowedTCPPorts = [22];
   services = let
     domain = "git.federated.nexus";
     socket = "/run/forgejo/socket";
@@ -21,7 +26,6 @@
           PROTOCOL = "http+unix";
 
           START_SSH_SERVER = true;
-          SSH_LISTEN_PORT = 2222;
           BUILTIN_SSH_SERVER_USER = "git";
 
           LANDING_PAGE = "explore";
@@ -31,17 +35,15 @@
       };
     };
 
-    # gitea-actions-runner = {
-    #   package = pkgs.forgejo-actions-runner;
-    #   instances.default = {
-    #     enable = true;
-    #     name = "monolith";
-    #     url = domain;
-    #     tokenFile = config.age.secrets."runnerToken.age".path;
-    #     labels = ["native:host"];
-    #   };
-    # };
-
     caddy.virtualHosts."${domain}".extraConfig = "reverse_proxy unix/${socket}";
   };
+
+  systemd.sockets.forgejo = {
+    requiredBy = ["forgejo.service"];
+    wantedBy = ["sockets.target"];
+
+    listenStreams = [
+      (toString config.services.forgejo.settings.server.SSH_PORT)
+    ];
+  };
 }

modules/desktop/ssh.nix

@@ -0,0 +1,7 @@
+{
+  programs.ssh.extraConfig = ''
+    Host server
+      HostName ssh.federated.nexus
+      Port 2222
+  '';
+}

modules/server/ssh.nix

@@ -1,7 +1,11 @@
-{
+let
+  port = 2222;
+in {
+  networking.firewall.allowedTCPPorts = [port];
   users.users.quadradical.openssh.authorizedKeys.keys = import ../../secrets/keys.nix;
   services.openssh = {
     enable = true;
+    ports = [port];
     settings = {
       PasswordAuthentication = false;
       AllowUsers = ["quadradical"];