bvm-forgejo: enable SSH server
This commit is contained in:
parent
2f786ed2da
commit
ad8bc97d0c
1 changed files with 12 additions and 0 deletions
|
@ -99,6 +99,11 @@ in {
|
||||||
server = {
|
server = {
|
||||||
DOMAIN = "git.lukegb.com";
|
DOMAIN = "git.lukegb.com";
|
||||||
ROOT_URL = "https://git.lukegb.com/";
|
ROOT_URL = "https://git.lukegb.com/";
|
||||||
|
|
||||||
|
START_SSH_SERVER = true;
|
||||||
|
BUILTIN_SSH_SERVER_USER = "git";
|
||||||
|
SSH_TRUSTED_USER_CA_KEYS = builtins.readFile ../../secrets/client-ca.pub;
|
||||||
|
SSH_AUTHORIZED_PRINCIPALS_ALLOW = "username";
|
||||||
};
|
};
|
||||||
session = {
|
session = {
|
||||||
COOKIE_SECURE = true;
|
COOKIE_SECURE = true;
|
||||||
|
@ -134,6 +139,13 @@ in {
|
||||||
log.LEVEL = "Trace";
|
log.LEVEL = "Trace";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
systemd.services.forgejo.serviceConfig = {
|
||||||
|
PrivateUsers = lib.mkForce false;
|
||||||
|
|
||||||
|
# Allow forgejo to bind port 22.
|
||||||
|
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
||||||
|
CapabilityBoundingSet = lib.mkForce "CAP_NET_BIND_SERVICE";
|
||||||
|
};
|
||||||
|
|
||||||
system.stateVersion = "24.11";
|
system.stateVersion = "24.11";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue