From e609400d4eea73bdf111e097c34d58346eface62 Mon Sep 17 00:00:00 2001
From: Kopatz <7265381+Kropatz@users.noreply.github.com>
Date: Sat, 14 Mar 2026 21:05:58 +0100
Subject: [PATCH] ssh config for git

---
 modules/services/gitea.nix              |  2 +-
 systems/amd-server-vm/configuration.nix | 11 +++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/modules/services/gitea.nix b/modules/services/gitea.nix
index 1488c46..315f68e 100644
--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@@ -27,7 +27,7 @@ in
         service.DISABLE_REGISTRATION = true;
         server.DOMAIN = cfg.fqdn;
         server.ROOT_URL = "https://${cfg.fqdn}";
-        server.DISABLE_SSH = true;
+        #server.DISABLE_SSH = true;
       };
     };
     services.nginx.virtualHosts."${cfg.fqdn}" = {
diff --git a/systems/amd-server-vm/configuration.nix b/systems/amd-server-vm/configuration.nix
index a1b907e..decbc94 100644
--- a/systems/amd-server-vm/configuration.nix
+++ b/systems/amd-server-vm/configuration.nix
@@ -157,6 +157,17 @@
     };
   };
 
+  services.openssh.extraConfig = ''
+    # Internal network: allow everyone
+    Match Address 192.168.2.0/24,192.168.0.0/24
+        AllowUsers *
+
+    # Everything else (internet): only git user
+    Match Address *,!192.168.2.0/24,!192.168.0.0/24
+        PermitRootLogin no
+        AllowUsers gitea
+  '';
+
   virtualisation.vmware.guest.enable = true;
   services.xserver.videoDrivers = [ "vmware" ];
   environment.systemPackages = with pkgs; [