From 3464e55e0e1c70b062db0087e3e027594816dd59 Mon Sep 17 00:00:00 2001
From: DerGrumpf <phil.keier@hotmail.com>
Date: Fri, 15 May 2026 15:29:52 +0200
Subject: [PATCH] SSH access for Gitea; stream config nginx

---
 nixos/roles/nginx.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/nixos/roles/nginx.nix b/nixos/roles/nginx.nix
index ff8e765..eac88c8 100644
--- a/nixos/roles/nginx.nix
+++ b/nixos/roles/nginx.nix
@@ -33,6 +33,7 @@ in
   networking.firewall.allowedTCPPorts = [
     80
     443
+    12222
   ];
 
   security.acme = {
@@ -47,6 +48,14 @@ in
     recommendedOptimisation = true;
     recommendedGzipSettings = true;
 
+    # Git ssh
+    streamConfig = ''
+      server {
+        listen 12222;
+        proxy_pass ${upstream}:12222;
+      }
+    '';
+
     virtualHosts = {
       # controller services (proxied to upstream tailscale node)
       "git.cyperpunk.de" = (mkProxy 9000) // {