fix: enable port forwarding on sentinel

hosts/sentinel/net.nix

@@ -2,6 +2,9 @@
   networking.hostId = config.repo.secrets.local.networking.hostId;
   networking.domain = config.repo.secrets.local.personalDomain;
 
+  # Forwarding required for forgejo 9922->22
+  boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
+
   boot.initrd.systemd.network = {
     enable = true;
     networks = {inherit (config.systemd.network.networks) "10-wan";};

hosts/ward/guests/forgejo.nix

@@ -9,7 +9,6 @@
   # XXX: other domain on other proxy?
   forgejoDomain = "git.${sentinelCfg.repo.secrets.local.personalDomain}";
 in {
-  # TODO forward ssh port
   meta.wireguard-proxy.sentinel.allowedTCPPorts = [
     config.services.gitea.settings.server.HTTP_PORT
   ];