Skip to content

Commit 0523880

Browse files
TarowTarow
committed
feat(forgejo): add option to proxy ssh traffic through traefik (#1044)
1 parent f498600 commit 0523880

File tree

2 files changed

+29
-2
lines changed

2 files changed

+29
-2
lines changed

modules/forgejo/README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ Self-hosted Git server
5555
5656
oidc = {
5757
enable = true;
58-
clientSecretFile = config.sops.secrets."fogejo/authelia/client_secret".path;
58+
clientSecretFile = config.sops.secrets."forgejo/authelia/client_secret".path;
5959
clientSecretHash = "$pbkdf2-sha512$...";
6060
};
6161
};

modules/forgejo/default.nix

Lines changed: 28 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@
1212

1313
ini = pkgs.formats.ini {};
1414

15+
sshHostPort = "2222";
16+
1517
category = "General";
1618
displayName = "Forgejo";
1719
description = "Git Server";
@@ -206,6 +208,13 @@ in {
206208
For a full list of options, refer to the [Forgejo documentation](https://forgejo.org/docs/latest/admin/config-cheat-sheet/).
207209
'';
208210
};
211+
ssh.proxied = lib.mkOption {
212+
type = lib.types.bool;
213+
default = false;
214+
description = ''
215+
Whether to proxy SSH connections through Traefik. This will setup a TCP router in Traefik which forwards all traffic to the Forgejo container.
216+
'';
217+
};
209218
db = {
210219
type = lib.mkOption {
211220
type = lib.types.enum [
@@ -299,6 +308,24 @@ in {
299308
};
300309
};
301310

311+
nps.stacks.traefik = let
312+
sshName = "${name}-ssh";
313+
in
314+
lib.mkIf cfg.ssh.proxied {
315+
containers.traefik.ports = lib.mkAfter ["${sshHostPort}:${sshHostPort}"];
316+
staticConfig.entrypoints.${sshName}.address = ":${sshHostPort}";
317+
dynamicConfig.tcp = {
318+
routers.${sshName} = {
319+
entryPoints = [sshName];
320+
rule = "HostSNI(`*`)";
321+
service = sshName;
322+
};
323+
services."${sshName}".loadbalancer.servers = [
324+
{address = "${name}:22";}
325+
];
326+
};
327+
};
328+
302329
nps.stacks.${name}.settings = lib.mkMerge [
303330
(import ./settings.nix config)
304331
{
@@ -339,7 +366,7 @@ in {
339366
${name} = {
340367
image = "codeberg.org/forgejo/forgejo:14";
341368
volumeMap.data = "${storage}/data:/data";
342-
ports = ["2222:22"];
369+
ports = lib.mkIf (!cfg.ssh.proxied) ["${sshHostPort}:22"];
343370

344371
extraConfig.Container = {
345372
Notify = "healthy";

0 commit comments

Comments
 (0)