From d5c53ce9a2e3954c4f73ec4fbd796572d386829a Mon Sep 17 00:00:00 2001 From: Andreas Niemann Date: Tue, 30 Jun 2026 22:31:13 +0200 Subject: [PATCH] feat(provision): open :22 for the canonical git endpoint MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The VM's admin sshd is on :222, so :22 is free for Forgejo's git-over-SSH. Opening it makes the scp-form clone `git@git.olsitec.net:olsitec/...` work — Forgejo's sshd ForceCommands `serv`, so :22 only ever does git (like github.com:22). :2222 stays open too (CONTRACT_001 forgeSshPort). Co-Authored-By: Claude Opus 4.8 (1M context) --- provision/index.ts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/provision/index.ts b/provision/index.ts index 303acac..8bc5b53 100644 --- a/provision/index.ts +++ b/provision/index.ts @@ -76,6 +76,10 @@ const firewall = new hcloud.Firewall( { direction: "in", protocol: "tcp", port: "443", sourceIps: ["0.0.0.0/0", "::/0"] }, // Forgejo git-over-SSH (CONTRACT_001 forgeSshPort) { direction: "in", protocol: "tcp", port: "2222", sourceIps: ["0.0.0.0/0", "::/0"] }, + // Forgejo git-over-SSH on :22 too — the VM's admin sshd is on 222, so :22 is + // free for the canonical git endpoint, making the scp-form clone + // `git@git.olsitec.net:olsitec/...` work (Forgejo sshd ForceCommands `serv`). + { direction: "in", protocol: "tcp", port: "22", sourceIps: ["0.0.0.0/0", "::/0"] }, { direction: "in", protocol: "icmp", sourceIps: ["0.0.0.0/0", "::/0"] }, ], },