This commit is contained in:
Ellie 2026-02-15 15:51:28 -08:00
parent cfb31d3b01
commit 4f4302b7b7
2 changed files with 35 additions and 1 deletions

View file

@ -1,7 +1,10 @@
{ ... }:
{
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 3000 ];
networking.firewall.interfaces.wg0.allowedTCPPorts = [
3000
2222
];
services.forgejo = {
enable = true;
@ -11,6 +14,10 @@
ROOT_URL = "https://forgejo.ellie.town/";
HTTP_ADDR = "10.10.0.2";
HTTP_PORT = 3000;
START_SSH_SERVER = true;
SSH_DOMAIN = "forgejo.ellie.town";
SSH_PORT = 2222;
SSH_LISTEN_PORT = 2222;
};
};
}

View file

@ -9,6 +9,7 @@
networking.firewall.allowedTCPPorts = [
80
443
2222
6697
];
networking.firewall.allowedUDPPorts = [ 51820 ];
@ -83,6 +84,8 @@
};
streamConfig = ''
log_format forgejo_ssh '$remote_addr [$time_local] $protocol $status';
upstream ergo {
server 10.10.0.2:6667;
}
@ -92,6 +95,15 @@
ssl_certificate_key /var/lib/acme/irc.ellie.town/key.pem;
proxy_pass ergo;
}
upstream forgejo_ssh {
server 10.10.0.2:2222;
}
server {
listen 2222;
proxy_pass forgejo_ssh;
access_log /var/log/nginx/forgejo-ssh.log forgejo_ssh;
}
'';
virtualHosts."ellie.town" = {
@ -109,6 +121,21 @@
};
};
environment.etc."fail2ban/filter.d/forgejo-ssh.conf".text = ''
[Definition]
failregex = ^<HOST> \[.+\] TCP \d+
'';
services.fail2ban.jails.forgejo-ssh.settings = {
enabled = true;
filter = "forgejo-ssh";
logpath = "/var/log/nginx/forgejo-ssh.log";
maxretry = 10;
findtime = 60;
bantime = "1h";
port = 2222;
};
security.acme = {
acceptTerms = true;
defaults.email = "wizzeh@protonmail.com";