sshl

2026-03-23 16:29:42 -04:00 · 2026-03-13 17:43:08 -04:00 · 2026-03-13 17:43:08 -04:00 · 0a90e2f7b2
commit 0a90e2f7b2
parent 851a198428
2 changed files with 21 additions and 2 deletions
--- a/src/system/modules/forgejo/default.nix
+++ b/src/system/modules/forgejo/default.nix
@ -40,10 +40,14 @@ in
      stateDir = "/var/lib/forgejo";
      
      settings = {
+        service.REQUIRE_SIGNIN_VIEW = false;
        server = {
          PROTOCOL = "http+unix";
-          DOMAIN = "127.0.0.1";
+          DOMAIN = "git.ramos.codes";
          HTTP_ADDR = "/run/forgejo/forgejo.sock";
+          SSH_DOMAIN = "git.ramos.codes";
+          SSH_PORT = 443;
+          START_SSH_SERVER = false;
        };
      };

--- a/src/system/modules/nginx/default.nix
+++ b/src/system/modules/nginx/default.nix
@ -54,9 +54,20 @@ in
      };
    };

+    services.sslh = {
+      enable = true;
+      settings = {
+        listen = [{ host = "0.0.0.0"; port = 443; }];
+        protocols = [
+          { name = "ssh"; host = "127.0.0.1"; port = 22; probe = "builtin"; }
+          { name = "tls"; host = "127.0.0.1"; port = 4443; probe = "builtin"; }
+        ];
+      };
+    };
+
    services.nginx = {
      enable = true;
-      virtualHosts = 
+      virtualHosts =
      let
        certPath = config.security.acme.certs."ramos.codes".directory;
        sslCertificate = "${certPath}/fullchain.pem";
@ -64,6 +75,10 @@ in

        withSSL = hosts: mapAttrs (name: hostConfig: hostConfig // {
          inherit sslCertificate sslCertificateKey;
+          listen = [
+            { addr = "127.0.0.1"; port = 4443; ssl = true; }
+            { addr = "0.0.0.0"; port = 80; }
+          ];
          forceSSL = true;
        }) hosts;