From 851a19842893026b8593329095b282b1458eef83 Mon Sep 17 00:00:00 2001
From: Bryan Ramos <bryan@ramos.codes>
Date: Wed, 5 Mar 2025 14:22:41 -0500
Subject: [PATCH 1/2] changed to nvidia 550

---
 flake.nix                                    | 1 +
 src/system/machines/workstation/hardware.nix | 8 +++++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/flake.nix b/flake.nix
index 5f5d66a..be74977 100644
--- a/flake.nix
+++ b/flake.nix
@@ -24,6 +24,7 @@
       inherit system;
       config = {
         allowUnfree = true;
+	nvidia.acceptLicense = true;
       };
       overlays = [
         nur.overlays.default
diff --git a/src/system/machines/workstation/hardware.nix b/src/system/machines/workstation/hardware.nix
index b85333a..0ad7c54 100644
--- a/src/system/machines/workstation/hardware.nix
+++ b/src/system/machines/workstation/hardware.nix
@@ -83,13 +83,19 @@
       enable = true;
       enable32Bit = true;
     };
+
     nvidia = {
       open = false;
       powerManagement.enable = false;
       powerManagement.finegrained = false;
       modesetting.enable = true;
       nvidiaSettings = true;
-      package = config.boot.kernelPackages.nvidiaPackages.stable;
+      package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
+	version = "550.120";
+	sha256_64bit = "sha256-gBkoJ0dTzM52JwmOoHjMNwcN2uBN46oIRZHAX8cDVpc=";
+	settingsSha256 = "sha256-fPfIPwpIijoUpNlAUt9C8EeXR5In633qnlelL+btGbU=";
+	persistencedSha256 = lib.fakeSha256;
+      };
     };
   };
 

From 0a90e2f7b27d68747e091f2fe4cc299d6e284609 Mon Sep 17 00:00:00 2001
From: Bryan Ramos <bryan@ramos.codes>
Date: Fri, 13 Mar 2026 17:43:08 -0400
Subject: [PATCH 2/2] sshl

---
 src/system/modules/forgejo/default.nix |  6 +++++-
 src/system/modules/nginx/default.nix   | 17 ++++++++++++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/system/modules/forgejo/default.nix b/src/system/modules/forgejo/default.nix
index f9a3eca..f5063ae 100644
--- a/src/system/modules/forgejo/default.nix
+++ b/src/system/modules/forgejo/default.nix
@@ -40,10 +40,14 @@ in
       stateDir = "/var/lib/forgejo";
       
       settings = {
+        service.REQUIRE_SIGNIN_VIEW = false;
         server = {
           PROTOCOL = "http+unix";
-          DOMAIN = "127.0.0.1";
+          DOMAIN = "git.ramos.codes";
           HTTP_ADDR = "/run/forgejo/forgejo.sock";
+          SSH_DOMAIN = "git.ramos.codes";
+          SSH_PORT = 443;
+          START_SSH_SERVER = false;
         };
       };
 
diff --git a/src/system/modules/nginx/default.nix b/src/system/modules/nginx/default.nix
index bb35cca..587e583 100644
--- a/src/system/modules/nginx/default.nix
+++ b/src/system/modules/nginx/default.nix
@@ -54,9 +54,20 @@ in
       };
     };
 
+    services.sslh = {
+      enable = true;
+      settings = {
+        listen = [{ host = "0.0.0.0"; port = 443; }];
+        protocols = [
+          { name = "ssh"; host = "127.0.0.1"; port = 22; probe = "builtin"; }
+          { name = "tls"; host = "127.0.0.1"; port = 4443; probe = "builtin"; }
+        ];
+      };
+    };
+
     services.nginx = {
       enable = true;
-      virtualHosts = 
+      virtualHosts =
       let
         certPath = config.security.acme.certs."ramos.codes".directory;
         sslCertificate = "${certPath}/fullchain.pem";
@@ -64,6 +75,10 @@ in
 
         withSSL = hosts: mapAttrs (name: hostConfig: hostConfig // {
           inherit sslCertificate sslCertificateKey;
+          listen = [
+            { addr = "127.0.0.1"; port = 4443; ssl = true; }
+            { addr = "0.0.0.0"; port = 80; }
+          ];
           forceSSL = true;
         }) hosts;