let ipv6 = { openssh ="2001:bc8:38ee:100:1000::41"; forgejo = "2001:bc8:38ee:100:1000::40"; }; in { networking.hostName = "git"; networking.domain = "infra.forkos.org"; time.timeZone = "Europe/Paris"; bagel.sysadmin.enable = true; # Forgejo will be proxied. bagel.raito.v6-proxy-awareness.enable = true; bagel.hardware.raito-vm = { enable = true; networking = { nat-lan-mac = "BC:24:11:83:71:56"; wan = { address = "${ipv6.forgejo}/64"; mac = "BC:24:11:0B:8A:81"; }; }; }; # Add one additional IPv6, so we can have both OpenSSH and # Forgejo's built-in server bind on port :22. systemd.network.networks."10-wan".networkConfig.Address = [ "${ipv6.openssh}/64" ]; services.openssh.listenAddresses = [{ addr = "[${ipv6.openssh}]"; }]; # Defaults to network.target, but networkd may take a while to settle and set up # the required (additional) IPv6 address, leading to sshd to not being able to # bind to the requested IP, crashing 5 times and running into the default # restart counter limit (5). systemd.services.sshd.wants = [ "network-online.target" ]; systemd.services.sshd.after = [ "network-online.target" ]; bagel.services.forgejo = { enable = true; sshBindAddr = ipv6.forgejo; }; i18n.defaultLocale = "en_US.UTF-8"; system.stateVersion = "24.05"; deployment.targetHost = "git.infra.forkos.org"; }