From 4a34c84995c55058582219809839a32ffcfaa565 Mon Sep 17 00:00:00 2001
From: oddlama <oddlama@oddlama.org>
Date: Thu, 25 Jan 2024 23:43:44 +0100
Subject: [PATCH] fix: enable port forwarding on sentinel

---
 hosts/sentinel/net.nix        | 3 +++
 hosts/ward/guests/forgejo.nix | 1 -
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/hosts/sentinel/net.nix b/hosts/sentinel/net.nix
index 9ac8535..5ba010b 100644
--- a/hosts/sentinel/net.nix
+++ b/hosts/sentinel/net.nix
@@ -2,6 +2,9 @@
   networking.hostId = config.repo.secrets.local.networking.hostId;
   networking.domain = config.repo.secrets.local.personalDomain;
 
+  # Forwarding required for forgejo 9922->22
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+
   boot.initrd.systemd.network = {
     enable = true;
     networks = {inherit (config.systemd.network.networks) "10-wan";};
diff --git a/hosts/ward/guests/forgejo.nix b/hosts/ward/guests/forgejo.nix
index 5856ae8..1f0bf3a 100644
--- a/hosts/ward/guests/forgejo.nix
+++ b/hosts/ward/guests/forgejo.nix
@@ -9,7 +9,6 @@
   # XXX: other domain on other proxy?
   forgejoDomain = "git.${sentinelCfg.repo.secrets.local.personalDomain}";
 in {
-  # TODO forward ssh port
   meta.wireguard-proxy.sentinel.allowedTCPPorts = [
     config.services.gitea.settings.server.HTTP_PORT
   ];