diff --git a/hosts/bifrost/network/firewall.nix b/hosts/bifrost/network/firewall.nix index fff12a0..fdeee3e 100644 --- a/hosts/bifrost/network/firewall.nix +++ b/hosts/bifrost/network/firewall.nix @@ -6,11 +6,11 @@ _: { ruleset = '' table ip nat { chain PREROUTING { - type nat hook prerouting priority -100 ; - iifname ens3 tcp dport 42069 dnat to 10.10.10.13 + type nat hook prerouting priority dstnat; + iifname ens3 tcp dport 22 dnat to 10.10.10.13:2222 } chain POSTROUTING { - type nat hook postrouting priority 100 ; + type nat hook postrouting priority srcnat; ip daddr 10.10.10.13 masquerade }; } diff --git a/hosts/bifrost/services/apps/forgejo.nix b/hosts/bifrost/services/apps/forgejo.nix index 1f1383c..29a9324 100644 --- a/hosts/bifrost/services/apps/forgejo.nix +++ b/hosts/bifrost/services/apps/forgejo.nix @@ -1,5 +1,5 @@ _: -let domainName = "forge.acomputer.lol"; in { +let domainName = "git.ironyofprivacy.org"; in { services = { caddy.virtualHosts."${domainName}" = { extraConfig = '' diff --git a/hosts/rico2/services/apps/forgejo-actions-runner.nix b/hosts/rico2/services/apps/forgejo-actions-runner.nix index 37c6916..75adaa6 100644 --- a/hosts/rico2/services/apps/forgejo-actions-runner.nix +++ b/hosts/rico2/services/apps/forgejo-actions-runner.nix @@ -19,7 +19,7 @@ "aarch64-linux:docker://ubuntu:latest" ]; tokenFile = config.sops.secrets."forgejo/runner_registration_token_file".path; - url = "https://forge.acomputer.lol"; + url = "https://git.ironyofprivacy.org"; settings = { log.level = "info"; cache = { diff --git a/hosts/wynne/services/apps/forgejo.nix b/hosts/wynne/services/apps/forgejo.nix index 6d6e133..0d2da02 100644 --- a/hosts/wynne/services/apps/forgejo.nix +++ b/hosts/wynne/services/apps/forgejo.nix @@ -1,7 +1,7 @@ { pkgs, config, lib, ... }: let cfg = config.services.forgejo; - domainName = "forge.acomputer.lol"; + domainName = "git.ironyofprivacy.org"; in { sops.secrets = { @@ -52,7 +52,8 @@ in DISABLE_SSH = false; START_SSH_SERVER = true; BUILTIN_SSH_SERVER_USER = "forge"; - SSH_PORT = 42069; + SSH_PORT = 22; + SSH_LISTEN_PORT = 2222; SSH_LISTEN_HOST = "10.10.10.13"; HTTP_ADDR = "10.10.10.13"; HTTP_PORT = 3000; diff --git a/secrets.yaml b/secrets.yaml index 88146a8..f058119 100644 --- a/secrets.yaml +++ b/secrets.yaml @@ -19,7 +19,7 @@ wireguard: caddy: env_file: ENC[AES256_GCM,data:PKtILX7o0D3rj78JXIXad9UcQz0ZiihXK1nY/kb08fh3i54hYrFyJyGt04b9mAufxTnhDV4=,iv:I/EtxopCFmRxgsGJIcFDufTiM1JyPPoIQkgKIDiCP24=,tag:5QlGMp839p9RYKB09tr61A==,type:str] forgejo: - runner_registration_token_file: ENC[AES256_GCM,data:CM5hQEd1YHuCpzN6ZVGVzxRgQcUuq/KZ+o5JcB3kRAyVJVYjCyRfNPD2SA/ruw==,iv:L3tLN0C/d3lztvnBHyRzSFdkjtR8bnd5IrROGBSw/0E=,tag:R+o7E47DNvRr8S+hqR+v5w==,type:str] + runner_registration_token_file: ENC[AES256_GCM,data:d5XFp9ParWMnh7GWsVNcPeReuO3EdvUSHsXxEm2T9UfQ17q8RHmHCo3qg74zfA==,iv:0JdHc8NexQjIjs07WR+132hcedpvS1w8jOsLSHKIsGU=,tag:UheHd+Hgjs4p9WQsWLU95w==,type:str] sops: kms: [] gcp_kms: [] @@ -98,8 +98,8 @@ sops: WUc1Tm4wMkxUM2xybjFKK2VqWU9GSFEKVhMLzPF5CT/W0PC5jsNzpIE8wtRrUdfH QHKId9QbaEaz8c85iXppJwONJJ2eTWUElj4ZVLUacgiqyS+rBiyuFw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-16T14:09:27Z" - mac: ENC[AES256_GCM,data:jadem1cX0PbeWeCUxZy8svPB0PbthNfKKomvsEILTbl99rlsQJmeiFtA5eaewu4qjC+UUfJrrLrArJDCDweYrCGMyCnfwh5+xN+q5SF4dCoWon1DeE4G+OZ3R6Kv4XPfdg7l/mDblndIp7WbhlsCEoZM4Sl2e7VheXfnFtacpK4=,iv:v/vEBnnLirIItGiUqAHs5CYzMduw7u3TK5UpiaNCjmE=,tag:t5fKPnJYg9Zm0uAOsi9N/g==,type:str] + lastmodified: "2024-11-19T13:34:08Z" + mac: ENC[AES256_GCM,data:FR3DRBTfCeE5+rjizNqowRhIEv8rVPrxBhbdLy+8EsiK0zZW++CjPEMB8wnJw3T9JD+r4MmnPb+kxb9R26lS/k48uNioexW5PIa7d/Hnwf5k3cKfXeUvCc71RXdmxzdw5/5QRweN8Pm9HTMP00ze1PJGBfUkt79eIS8IiWrSm8I=,iv:m7g4j4Zqp8fqM2LzOR6ChgZ4MSGVZSICLJ3LdiqA+ag=,tag:yL5dNCIue7EGlNdeq+71DQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1