Set up forgejo ssh
This commit is contained in:
parent
861f2e81e2
commit
a94ba0499d
SSH key fingerprint:
SHA256:WFp/cO76nbarETAoQcQXuV+0h7XJsEsOCI0UsyPIy6U
|
|
@ -1,5 +1,9 @@
|
|||
{ config, ... }:
|
||||
{ pkgs, lib, ... }:
|
||||
{
|
||||
programs.ssh.enable = true;
|
||||
satellite.persistence.at.state.apps.ssh.directories = [ ".ssh" ];
|
||||
|
||||
# This allows me to push/pull to my forgejo server via SSH.
|
||||
# See the docs for more details: https://developers.cloudflare.com/cloudflare-one/tutorials/gitlab/#configuring-ssh
|
||||
programs.ssh.matchBlocks."ssh.git.moonythm.dev".proxyCommand = "${lib.getExe pkgs.cloudflared} access ssh --hostname %h";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,5 +24,6 @@
|
|||
jupyterhub = 8420;
|
||||
guacamole = 8421;
|
||||
syncthing = 8422;
|
||||
forgejo-ssh = 8423;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,6 +7,10 @@
|
|||
};
|
||||
|
||||
satellite.cloudflared.at.git.port = config.satellite.ports.forgejo;
|
||||
satellite.cloudflared.at."ssh.git" = {
|
||||
protocol = "ssh";
|
||||
port = config.satellite.ports.forgejo-ssh;
|
||||
};
|
||||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
|
|
@ -29,6 +33,8 @@
|
|||
HTTP_PORT = config.satellite.cloudflared.at.git.port;
|
||||
ROOT_URL = config.satellite.cloudflared.at.git.url;
|
||||
LANDING_PAGE = "prescientmoon"; # Make my profile the landing page
|
||||
SSH_DOMAIN = config.satellite.cloudflared.at."ssh.git".host;
|
||||
SSH_PORT = config.satellite.ports.forgejo-ssh;
|
||||
};
|
||||
|
||||
cron.ENABLED = true;
|
||||
|
|
@ -45,9 +51,7 @@
|
|||
repository = {
|
||||
DISABLE_STARS = true;
|
||||
DISABLED_REPO_UNITS = "";
|
||||
DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [
|
||||
"repo.code"
|
||||
];
|
||||
DEFAULT_REPO_UNITS = lib.strings.concatStringsSep "," [ "repo.code" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
{ config, lib, ... }:
|
||||
let cfg = config.satellite.cloudflared;
|
||||
let
|
||||
cfg = config.satellite.cloudflared;
|
||||
in
|
||||
{
|
||||
options.satellite.cloudflared = {
|
||||
|
|
@ -17,7 +18,10 @@ in
|
|||
at = lib.mkOption {
|
||||
description = "List of hosts to set up ingress rules for";
|
||||
default = { };
|
||||
type = lib.types.attrsOf (lib.types.submodule ({ name, config, ... }: {
|
||||
type = lib.types.attrsOf (
|
||||
lib.types.submodule (
|
||||
{ name, config, ... }:
|
||||
{
|
||||
options = {
|
||||
subdomain = lib.mkOption {
|
||||
description = ''
|
||||
|
|
@ -39,6 +43,12 @@ in
|
|||
default = "${config.subdomain}.${cfg.domain}";
|
||||
};
|
||||
|
||||
protocol = lib.mkOption {
|
||||
description = "The protocol to redirect traffic through";
|
||||
type = lib.types.str;
|
||||
default = "http";
|
||||
};
|
||||
|
||||
url = lib.mkOption {
|
||||
description = "External https url used to access this host";
|
||||
type = lib.types.str;
|
||||
|
|
@ -46,23 +56,36 @@ in
|
|||
};
|
||||
|
||||
config.url = "https://${config.host}";
|
||||
}));
|
||||
}
|
||||
)
|
||||
);
|
||||
};
|
||||
};
|
||||
|
||||
config.services.cloudflared.tunnels.${cfg.tunnel}.ingress = lib.attrsets.mapAttrs'
|
||||
(_: { port, host, ... }: {
|
||||
config.services.cloudflared.tunnels.${cfg.tunnel}.ingress = lib.attrsets.mapAttrs' (
|
||||
_:
|
||||
{
|
||||
port,
|
||||
host,
|
||||
protocol,
|
||||
...
|
||||
}:
|
||||
{
|
||||
name = host;
|
||||
value = "http://localhost:${toString port}";
|
||||
})
|
||||
cfg.at;
|
||||
value = "${protocol}://localhost:${toString port}";
|
||||
}
|
||||
) cfg.at;
|
||||
|
||||
config.satellite.dns.records =
|
||||
let mkDnsRecord = { subdomain, ... }: {
|
||||
let
|
||||
mkDnsRecord =
|
||||
{ subdomain, ... }:
|
||||
{
|
||||
type = "CNAME";
|
||||
at = subdomain;
|
||||
zone = cfg.domain;
|
||||
value = "${cfg.tunnel}.cfargotunnel.com.";
|
||||
};
|
||||
in lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
|
||||
in
|
||||
lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue