cyplo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

allow gitea (and everyone else) to bind to low ports

Browse source
This commit is contained in:
Cyryl Płotnicki 2022-10-30 19:24:46 +00:00
parent 1114bb3fd1
commit a84141cf15
1 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
nixos/boxes/vpsfree1/gitea.nix
View file

@ -1,15 +1,17 @@
{ config, pkgs, inputs, lib, ... }: { config, pkgs, inputs, lib, ... }:
let let
httpPort = 8083; httpPort = 8083;
sshContainerPort = 22222; sshPort = 22;
sshHostPort = 22;
domain = "git.cyplo.dev"; domain = "git.cyplo.dev";
baseurl = "https://${domain}"; baseurl = "https://${domain}";
path = "/var/lib/gitea"; path = "/var/lib/gitea";
in { in {
imports = [ ../nginx.nix ]; imports = [ ../nginx.nix ];
networking.firewall.allowedTCPPorts = [ sshHostPort ]; boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 0; };
systemd.services.systemd-sysctl.enable = lib.mkForce true;
networking.firewall.allowedTCPPorts = [ sshPort ];
services.nginx = { services.nginx = {
virtualHosts = { virtualHosts = {
"${domain}" = { "${domain}" = {
@ -30,8 +32,8 @@ in {
hostPort = httpPort; hostPort = httpPort;
} }
{ {
containerPort = sshContainerPort; containerPort = sshPort;
hostPort = sshHostPort; hostPort = sshPort;
} }
]; ];
bindMounts = { bindMounts = {
@ -52,8 +54,8 @@ in {
settings = { settings = {
server = { server = {
START_SSH_SERVER = true; START_SSH_SERVER = true;
SSH_PORT = sshHostPort; SSH_PORT = sshPort;
SSH_LISTEN_PORT = sshContainerPort; SSH_LISTEN_PORT = sshPort;
DISABLE_SSH = false; DISABLE_SSH = false;
}; };
}; };