Hello,
try to setup some kind of proxy for forgejo Currently i have that,
users.users.${cmw.forgejo.user} = mkIf (hostName == "VPS-Server-005") {
isNormalUser = true;
shell = "${pkgs.bash}/bin/bash";
openssh.authorizedKeys.keys = config.users.users.manager.openssh.authorizedKeys.keys;
};
services.openssh.extraConfig = mkIf (hostName == "VPS-Server-005") ''
Match User ${cmw.forgejo.user}
AllowAgentForwarding yes
ForceCommand ssh -T -o StrictHostKeyChecking=no ${cmw.forgejo.user}@${config.module.wireguard.ThinkCentre-Server-004.wgIP} -p ${toString cmw.forgejo.sshPort} "$SSH_ORIGINAL_COMMAND"
'';
The probleme is the key, currently this fail just in front of forgejo because ask the password for the git user on the machine who host forgejo. So i need to forward the ssh key the client give me on the tunnel too and i’m quite block here.
My only idea was to add the git user on the vps ssh key to the git user on the forgejo host machine. but this mean everyone can ssh into all repo.
The full config : Nixos Repo