From ae93cac1d683fd34fed1659484fd17f927f3ba01 Mon Sep 17 00:00:00 2001
From: Ellie <6687206+wizzeh@users.noreply.github.com>
Date: Tue, 24 Feb 2026 21:52:15 -0800
Subject: [PATCH] whatever

---
 common.nix                   |  8 +-------
 services/forgejo.nix         | 14 +++-----------
 services/wireguard-outer.nix |  2 +-
 3 files changed, 5 insertions(+), 19 deletions(-)

diff --git a/common.nix b/common.nix
index 82c30e3..6c6fa21 100644
--- a/common.nix
+++ b/common.nix
@@ -24,14 +24,8 @@
       PasswordAuthentication = false;
       KbdInteractiveAuthentication = false;
       PermitRootLogin = "no";
-      AllowUsers = [ "ellie" "forgejo" "borg" ];
+      AllowUsers = [ "ellie" "borg" ];
     };
-    extraConfig = ''
-      Match User forgejo Address 10.10.0.1
-        AllowTcpForwarding no
-        X11Forwarding no
-        PermitTunnel no
-    '';
   };
 
   services.fail2ban = {
diff --git a/services/forgejo.nix b/services/forgejo.nix
index e34b984..0009360 100644
--- a/services/forgejo.nix
+++ b/services/forgejo.nix
@@ -1,17 +1,8 @@
 { ... }:
 
 {
-  systemd.services.forgejo = {
-    wants = [ "network-online.target" ];
-    after = [ "network-online.target" ];
-    preStart = ''
-      mkdir -p /var/lib/forgejo/.ssh
-      chmod 700 /var/lib/forgejo/.ssh
-    '';
-  };
-
   networking.firewall.interfaces.wg0.allowedTCPPorts = [
-    22
+    2222
     3000
   ];
 
@@ -24,9 +15,10 @@
       ROOT_URL = "https://forgejo.ellie.town/";
       HTTP_ADDR = "10.10.0.2";
       HTTP_PORT = 3000;
-      START_SSH_SERVER = false;
+      START_SSH_SERVER = true;
       SSH_DOMAIN = "forgejo.ellie.town";
       SSH_PORT = 2222;
+      SSH_LISTEN_PORT = 2222;
     };
   };
 }
diff --git a/services/wireguard-outer.nix b/services/wireguard-outer.nix
index c4b80bc..1c6d072 100644
--- a/services/wireguard-outer.nix
+++ b/services/wireguard-outer.nix
@@ -110,7 +110,7 @@
       }
 
       upstream forgejo_ssh {
-        server 10.10.0.2:22;
+        server 10.10.0.2:2222;
       }
       server {
         listen 2222;