feat(provision): open :22 for the canonical git endpoint
The VM's admin sshd is on :222, so :22 is free for Forgejo's git-over-SSH. Opening it makes the scp-form clone `git@git.olsitec.net:olsitec/...` work — Forgejo's sshd ForceCommands `serv`, so :22 only ever does git (like github.com:22). :2222 stays open too (CONTRACT_001 forgeSshPort). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
3a297d021e
commit
d5c53ce9a2
1 changed files with 4 additions and 0 deletions
|
|
@ -76,6 +76,10 @@ const firewall = new hcloud.Firewall(
|
|||
{ direction: "in", protocol: "tcp", port: "443", sourceIps: ["0.0.0.0/0", "::/0"] },
|
||||
// Forgejo git-over-SSH (CONTRACT_001 forgeSshPort)
|
||||
{ direction: "in", protocol: "tcp", port: "2222", sourceIps: ["0.0.0.0/0", "::/0"] },
|
||||
// Forgejo git-over-SSH on :22 too — the VM's admin sshd is on 222, so :22 is
|
||||
// free for the canonical git endpoint, making the scp-form clone
|
||||
// `git@git.olsitec.net:olsitec/...` work (Forgejo sshd ForceCommands `serv`).
|
||||
{ direction: "in", protocol: "tcp", port: "22", sourceIps: ["0.0.0.0/0", "::/0"] },
|
||||
{ direction: "in", protocol: "icmp", sourceIps: ["0.0.0.0/0", "::/0"] },
|
||||
],
|
||||
},
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue