Compare commits
2 commits
753d9a581e
...
ae93cac1d6
| Author | SHA1 | Date | |
|---|---|---|---|
|
ae93cac1d6 | ||
|
|
ad0c74b801 |
4 changed files with 18 additions and 20 deletions
|
|
@ -24,14 +24,8 @@
|
|||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
PermitRootLogin = "no";
|
||||
AllowUsers = [ "ellie" "forgejo" ];
|
||||
AllowUsers = [ "ellie" "borg" ];
|
||||
};
|
||||
extraConfig = ''
|
||||
Match User forgejo Address 10.10.0.1
|
||||
AllowTcpForwarding no
|
||||
X11Forwarding no
|
||||
PermitTunnel no
|
||||
'';
|
||||
};
|
||||
|
||||
services.fail2ban = {
|
||||
|
|
|
|||
|
|
@ -86,7 +86,6 @@
|
|||
./services/coturn.nix
|
||||
./services/wireguard-outer.nix
|
||||
./services/borgbackup-vps.nix
|
||||
./services/syncthing-relay.nix
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1,17 +1,8 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
systemd.services.forgejo = {
|
||||
wants = [ "network-online.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
preStart = ''
|
||||
mkdir -p /var/lib/forgejo/.ssh
|
||||
chmod 700 /var/lib/forgejo/.ssh
|
||||
'';
|
||||
};
|
||||
|
||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [
|
||||
22
|
||||
2222
|
||||
3000
|
||||
];
|
||||
|
||||
|
|
@ -24,9 +15,10 @@
|
|||
ROOT_URL = "https://forgejo.ellie.town/";
|
||||
HTTP_ADDR = "10.10.0.2";
|
||||
HTTP_PORT = 3000;
|
||||
START_SSH_SERVER = false;
|
||||
START_SSH_SERVER = true;
|
||||
SSH_DOMAIN = "forgejo.ellie.town";
|
||||
SSH_PORT = 2222;
|
||||
SSH_LISTEN_PORT = 2222;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
|
||||
{
|
||||
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
|
||||
|
||||
sops.secrets."wireguard/private_key" = {
|
||||
sopsFile = ./secrets/wireguard_vps.yaml;
|
||||
mode = "0400";
|
||||
|
|
@ -21,9 +23,20 @@
|
|||
|
||||
peers = [
|
||||
{
|
||||
# Home server
|
||||
publicKey = "s2plHABMTF83iqrCHlQ+o5ieJSAfudx3upm3v77y1DI=";
|
||||
allowedIPs = [ "10.10.0.2/32" ];
|
||||
}
|
||||
{
|
||||
# Desktop
|
||||
publicKey = "nMQY5RsyTkUi3p6i8pElY9b2Z0vFEeSUdqtw7eQnbQM=";
|
||||
allowedIPs = [ "10.10.0.3/32" ];
|
||||
}
|
||||
{
|
||||
# Phone
|
||||
publicKey = "4MDcBaF7oafv5ZC2fjgFHuXnrpwaRglM7fmSw7zo6CQ=";
|
||||
allowedIPs = [ "10.10.0.4/32" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -97,7 +110,7 @@
|
|||
}
|
||||
|
||||
upstream forgejo_ssh {
|
||||
server 10.10.0.2:22;
|
||||
server 10.10.0.2:2222;
|
||||
}
|
||||
server {
|
||||
listen 2222;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue