diff --git a/provision/index.ts b/provision/index.ts index 303acac..8bc5b53 100644 --- a/provision/index.ts +++ b/provision/index.ts @@ -76,6 +76,10 @@ const firewall = new hcloud.Firewall( { direction: "in", protocol: "tcp", port: "443", sourceIps: ["0.0.0.0/0", "::/0"] }, // Forgejo git-over-SSH (CONTRACT_001 forgeSshPort) { direction: "in", protocol: "tcp", port: "2222", sourceIps: ["0.0.0.0/0", "::/0"] }, + // Forgejo git-over-SSH on :22 too — the VM's admin sshd is on 222, so :22 is + // free for the canonical git endpoint, making the scp-form clone + // `git@git.olsitec.net:olsitec/...` work (Forgejo sshd ForceCommands `serv`). + { direction: "in", protocol: "tcp", port: "22", sourceIps: ["0.0.0.0/0", "::/0"] }, { direction: "in", protocol: "icmp", sourceIps: ["0.0.0.0/0", "::/0"] }, ], },