allow gitea (and everyone else) to bind to low ports

This commit is contained in:
Cyryl Płotnicki 2022-10-30 19:24:46 +00:00
parent 1114bb3fd1
commit a84141cf15

View file

@ -1,15 +1,17 @@
{ config, pkgs, inputs, lib, ... }:
let
httpPort = 8083;
sshContainerPort = 22222;
sshHostPort = 22;
sshPort = 22;
domain = "git.cyplo.dev";
baseurl = "https://${domain}";
path = "/var/lib/gitea";
in {
imports = [ ../nginx.nix ];
networking.firewall.allowedTCPPorts = [ sshHostPort ];
boot.kernel.sysctl = { "net.ipv4.ip_unprivileged_port_start" = 0; };
systemd.services.systemd-sysctl.enable = lib.mkForce true;
networking.firewall.allowedTCPPorts = [ sshPort ];
services.nginx = {
virtualHosts = {
"${domain}" = {
@ -30,8 +32,8 @@ in {
hostPort = httpPort;
}
{
containerPort = sshContainerPort;
hostPort = sshHostPort;
containerPort = sshPort;
hostPort = sshPort;
}
];
bindMounts = {
@ -52,8 +54,8 @@ in {
settings = {
server = {
START_SSH_SERVER = true;
SSH_PORT = sshHostPort;
SSH_LISTEN_PORT = sshContainerPort;
SSH_PORT = sshPort;
SSH_LISTEN_PORT = sshPort;
DISABLE_SSH = false;
};
};