ryan.freumh.org / eilean-nix
Self-host your own digital island
fork atom

add gitea SSH port as config option

Ryan Gibb 41902786 b081183c

options
unified split
Changed files
+12 -7
modules
gitea.nix
+12 -7
modules/gitea.nix 
···

       
3

       
3

       
 

       
let


     

       
4

       
4

       
 

       
  cfg = config.eilean;


     

       
5

       
5

       
 

       
  domain = config.networking.domain;


     

       
6

       

       
-

       
  sshPort = 3001;


     

       
7

       
6

       
 

       
in {


     

       
8

       

       
-

       
  options.eilean.gitea.enable = lib.mkEnableOption "gitea";


     

       

       
7

       
+

       
  options.eilean.gitea = {


     

       

       
8

       
+

       
    enable = lib.mkEnableOption "gitea";


     

       

       
9

       
+

       
    sshPort = lib.mkOption {


     

       

       
10

       
+

       
      type = lib.types.int;


     

       

       
11

       
+

       
      default = 3001;


     

       

       
12

       
+

       
    };


     

       

       
13

       
+

       
  };


     

       
9

       
14

       
 

       



     

       
10

       
15

       
 

       
  config = lib.mkIf cfg.gitea.enable {


     

       
11

       
16

       
 

       
    services.nginx = {


     
···

       
97

       
102

       
 

       



     

       
98

       
103

       
 

       
    networking.firewall.extraCommands = ''


     

       
99

       
104

       
 

       
      # proxy all traffic on public interface to the gitea SSH server


     

       
100

       

       
-

       
      iptables -A PREROUTING -t nat -i ${config.eilean.publicInterface} -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString sshPort}


     

       
101

       

       
-

       
      ip6tables -A PREROUTING -t nat -i ${config.eilean.publicInterface} -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString sshPort}


     

       

       
105

       
+

       
      iptables -A PREROUTING -t nat -i ${config.eilean.publicInterface} -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.gitea.sshPort}


     

       

       
106

       
+

       
      ip6tables -A PREROUTING -t nat -i ${config.eilean.publicInterface} -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.gitea.sshPort}


     

       
102

       
107

       
 

       



     

       
103

       
108

       
 

       
      # proxy locally originating outgoing packets


     

       
104

       

       
-

       
      iptables -A OUTPUT -d ${config.eilean.serverIpv4} -t nat -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString sshPort}


     

       
105

       

       
-

       
      ip6tables -A OUTPUT -d ${config.eilean.serverIpv6} -t nat -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString sshPort}


     

       

       
109

       
+

       
      iptables -A OUTPUT -d ${config.eilean.serverIpv4} -t nat -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.gitea.sshPort}


     

       

       
110

       
+

       
      ip6tables -A OUTPUT -d ${config.eilean.serverIpv6} -t nat -p tcp --dport 22 -j REDIRECT --to-port ${builtins.toString cfg.gitea.sshPort}


     

       
106

       
111

       
 

       
    '';


     

       
107

       
112

       
 

       



     

       
108

       
113

       
 

       
    services.gitea.settings.server = {


     

       
109

       
114

       
 

       
      START_SSH_SERVER = true;


     

       
110

       

       
-

       
      SSH_LISTEN_PORT = sshPort;


     

       

       
115

       
+

       
      SSH_LISTEN_PORT = cfg.gitea.sshPort;


     

       
111

       
116

       
 

       
    };


     

       
112

       
117

       
 

       
  };


     

       
113

       
118

       
 

       
}