fix: remove overwriting of forgejo port opening

2025-01-26 22:44:36 +01:00 · 2025-01-26 22:44:36 +01:00 · 7f536764b8
commit 7f536764b8
parent 2ec3341fec
3 changed files with 10 additions and 10 deletions
--- a/hosts/marr/default.nix
+++ b/hosts/marr/default.nix
@ -151,21 +151,18 @@

  security.polkit.enable = true;

-  virtualisation.libvirtd.enable = true;
-  programs.virt-manager.enable = true;
+  virtualisation = {
+    libvirtd.enable = true;
+  };

  programs.nix-ld.enable = true;

  environment.systemPackages = with pkgs; [
    shared-mime-info
    glib
-    wireguard-tools
    dconf
    xdg-utils
    brightnessctl
-    pop-icon-theme
-
-    kicad-small
  ];

  system.stateVersion = "24.11";
--- a/hosts/raptus/default.nix
+++ b/hosts/raptus/default.nix
@ -79,7 +79,7 @@ in

  networking = {
    nftables.enable = true;
-    firewall = lib.mkForce {
+    firewall = {
      enable = true;
      allowedTCPPorts = [
        80 # for acme challenges
@ -109,6 +109,8 @@ in
    port = 22;
  };

+  services.fail2ban.enable = true;
+
  environment.systemPackages = map lib.lowPrio [
    pkgs.curl
    pkgs.gitMinimal
--- a/hosts/raptus/forgejo.nix
+++ b/hosts/raptus/forgejo.nix
@ -1,6 +1,7 @@
 { config, pkgs, ... }:
 let
  domain = "git.ccnlc.eu";
+  sshPort = 2222;
 in
 {
  systemd.tmpfiles.rules =
@ -15,7 +16,7 @@ in
      "L+ ${config.services.forgejo.customDir}/public/robots.txt - - - - ${robots.outPath}"
    ];

-  networking.firewall.allowedTCPPorts = [ 2222 ];
+  networking.firewall.allowedTCPPorts = [ sshPort ];

  services.nginx = {
    enable = true;
@ -43,8 +44,8 @@ in

    settings = {
      server = {
-        SSH_PORT = 2222;
-        SSH_LISTEN_PORT = 2222;
+        SSH_PORT = sshPort;
+        SSH_LISTEN_PORT = sshPort;
        START_SSH_SERVER = true;
        DOMAIN = domain;
        HTTP_PORT = 3000;