From 620cb43697f9778b83a4d765b5864a018a6196d8 Mon Sep 17 00:00:00 2001
From: Toast <toast003@tutamail.com>
Date: Fri, 1 Mar 2024 10:55:49 +0100
Subject: [PATCH 1/2] Server/forgejo: use built in ssh server

---
 roles/server/forgejo.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/roles/server/forgejo.nix b/roles/server/forgejo.nix
index 3dd1ff3..3d15f08 100644
--- a/roles/server/forgejo.nix
+++ b/roles/server/forgejo.nix
@@ -10,6 +10,8 @@
       };
       server = {
         ROOT_URL = "http://git.everest.sable-pancake.ts.net";
+        START_SSH_SERVER = true;
+        SSH_PORT = 4222;
       };
     };
   };

From e7b6ebb54e801326ca2d374ceed11bda1b6556bd Mon Sep 17 00:00:00 2001
From: Toast <toast003@tutamail.com>
Date: Fri, 1 Mar 2024 12:24:57 +0100
Subject: [PATCH 2/2] Server/traefik: change systemd restart interval

---
 roles/server/traefik.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/roles/server/traefik.nix b/roles/server/traefik.nix
index 9550bb2..d611211 100644
--- a/roles/server/traefik.nix
+++ b/roles/server/traefik.nix
@@ -20,7 +20,14 @@
 		};
 	};
 
-	systemd.units.tailscaled.requiredBy = [ "traefik.service" ];
+	systemd = {
+		units.tailscaled.requiredBy = [ "traefik.service" ];
+		# We have somewhat frequent power outages, and our ISP router takes
+		# ages to boot up. If I don't add a delay, traefik tries to bind to
+		# the tailscale interface before it's ready, making it crash too much
+		# in too little time
+		services.traefik.serviceConfig.RestartSec = 120;
+	};
 
 	networking.firewall.allowedTCPPorts = [ 80 8080 ];
 }