Server/forgejo: expose to the internet

2025-06-06 18:54:14 +02:00 · 2025-06-06 18:54:14 +02:00 · a741b9b559
commit a741b9b559
parent bb801f4e4c
2 changed files with 7 additions and 13 deletions
--- a/roles/common/programs/git.nix
+++ b/roles/common/programs/git.nix
@ -1,6 +1,6 @@
 {...}: {
  programs.ssh.knownHosts = {
-    "[git.everest.tailscale]:4222".publicKey = ''
+    "[git.toast003.xyz]:4222".publicKey = ''
      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoUcWx56NZ3kqydN3d0gLNz6SlBm1ArkHhqR9Fwd8qs
    '';
  };
--- a/roles/server/forgejo.nix
+++ b/roles/server/forgejo.nix
@ -32,7 +32,7 @@ in {
      };
      server = {
        OFFLINE_MODE = false;
-        ROOT_URL = "https://git.everest.tailscale";
+        ROOT_URL = "https://git.toast003.xyz";
        START_SSH_SERVER = true;
        SSH_PORT = 4222;
        SSH_SERVER_HOST_KEYS = config.age.secrets.forgejo-host-key.path;
@ -49,24 +49,18 @@ in {
    };
  };

+  networking.firewall.allowedTCPPorts = with config; [
+    services.forgejo.settings.server.SSH_PORT
+  ];
+
  catppuccin.forgejo = {
    enable = true;
  };

-  # Add a record for forgejo
-  services.headscale.settings.dns.extra_records = [
-    {
-      name = "git.everest.tailscale";
-      type = "A";
-      value = "100.100.0.1";
-    }
-  ];
-
  # Set up caddy as the reverse proxy for Forgejo
  services.caddy.virtualHosts.forgejo = {
-    hostName = "git.everest.tailscale";
+    hostName = "git.toast003.xyz";
    extraConfig = ''
-      import tailscale
      reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
    '';
  };