feat(gogs): expose SSH-clone via git.tammena.me
This commit is contained in:
parent
addfd6453d
commit
a358103a43
|
|
@ -70,6 +70,9 @@ in {
|
||||||
[auth]
|
[auth]
|
||||||
DISABLE_REGISTRATION = true
|
DISABLE_REGISTRATION = true
|
||||||
SHOW_REGISTRATION_BUTTON = false
|
SHOW_REGISTRATION_BUTTON = false
|
||||||
|
|
||||||
|
[server]
|
||||||
|
SSH_PORT = 22222
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."git.home" = mkVirtHost "git-home" {
|
services.nginx.virtualHosts."git.home" = mkVirtHost "git-home" {
|
||||||
|
|
@ -408,8 +411,8 @@ in {
|
||||||
|
|
||||||
# All services that run here, that should be exposed need to be exposed on the VPN
|
# All services that run here, that should be exposed need to be exposed on the VPN
|
||||||
networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = let
|
networking.firewall.interfaces.${config.services.tailscale.interfaceName}.allowedTCPPorts = let
|
||||||
selectPort = name: config: config.port;
|
selectPort = _: config: config.port;
|
||||||
filterRunningHereAndExposed = lib.attrsets.filterAttrs (name: conf: conf.host == config.networking.hostName && conf ? external && conf.external);
|
filterRunningHereAndExposed = lib.attrsets.filterAttrs (_: conf: conf.host == config.networking.hostName && conf ? external && conf.external);
|
||||||
in
|
in
|
||||||
lib.attrsets.mapAttrsToList selectPort (filterRunningHereAndExposed config.state.services);
|
lib.attrsets.mapAttrsToList selectPort (filterRunningHereAndExposed config.state.services);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@
|
||||||
config,
|
config,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
|
state = builtins.import ../state.nix;
|
||||||
mkVirtHost = lib.attrsets.recursiveUpdate {
|
mkVirtHost = lib.attrsets.recursiveUpdate {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
@ -45,7 +46,7 @@ in {
|
||||||
services.radicaleWithInfcloud.enable = true;
|
services.radicaleWithInfcloud.enable = true;
|
||||||
|
|
||||||
services.nginx.virtualHosts = let
|
services.nginx.virtualHosts = let
|
||||||
services = (builtins.import ../state.nix).services;
|
services = state.services;
|
||||||
removeUnexposed = lib.attrsets.filterAttrs (_: config: config ? "external" && config.external);
|
removeUnexposed = lib.attrsets.filterAttrs (_: config: config ? "external" && config.external);
|
||||||
createVirtHost = name: config: {
|
createVirtHost = name: config: {
|
||||||
name = "${name}.tammena.me";
|
name = "${name}.tammena.me";
|
||||||
|
|
@ -58,6 +59,18 @@ in {
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
lib.mapAttrs' createVirtHost (removeUnexposed services);
|
lib.mapAttrs' createVirtHost (removeUnexposed services);
|
||||||
|
services.nginx.appendConfig = ''
|
||||||
|
stream {
|
||||||
|
upstream ssh {
|
||||||
|
server ${state.services.git.host}:22;
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
listen 22222;
|
||||||
|
# server_name git.tammena.me;
|
||||||
|
proxy_pass ssh;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
|
||||||
sops.secrets =
|
sops.secrets =
|
||||||
lib.mapAttrs' (name: _: {
|
lib.mapAttrs' (name: _: {
|
||||||
|
|
@ -118,7 +131,7 @@ in {
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
networking.firewall.allowedTCPPorts = [53];
|
networking.firewall.allowedTCPPorts = [53 22222];
|
||||||
networking.firewall.allowedUDPPorts = [53];
|
networking.firewall.allowedUDPPorts = [53];
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue