From 606f04493b250e2891141c8240bddb872e8e266a Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Sat, 10 May 2025 09:30:41 +0200
Subject: [PATCH] feat(servers): fix ssh not working with forgejo.

---
 modules/servers/general/openssh.nix | 7 ++++++-
 modules/servers/thor/forgejo.nix    | 7 +++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/modules/servers/general/openssh.nix b/modules/servers/general/openssh.nix
index cd166eb..c2853db 100644
--- a/modules/servers/general/openssh.nix
+++ b/modules/servers/general/openssh.nix
@@ -19,5 +19,10 @@
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJLduAXHWJiglmfRfkBGKffzVWkJP6porxIzw6+Zz3W crony@cronyakatsuki.xyz"
   ];
 
-  services.fail2ban.enable = true;
+  services.fail2ban = {
+    enable = true;
+    ignoreIP = [
+      "65.21.241.194"
+    ];
+  };
 }
diff --git a/modules/servers/thor/forgejo.nix b/modules/servers/thor/forgejo.nix
index 1c82fc4..5e11c24 100644
--- a/modules/servers/thor/forgejo.nix
+++ b/modules/servers/thor/forgejo.nix
@@ -31,4 +31,11 @@
       entrypoints = "websecure";
     };
   };
+
+  services.openssh = {
+    authorizedKeysFiles = ["/var/lib/%u/.ssh/authorized_keys"];
+    settings = {
+      AllowUsers = ["forgejo"];
+    };
+  };
 }