From 44f98a69d18b7449ee601615323d79e47d5ca256 Mon Sep 17 00:00:00 2001
From: fruchti <fruchti@gvfr.de>
Date: Fri, 7 Mar 2025 08:37:33 +0100
Subject: [PATCH 1/4] Forgejo: Set nginx request size for git-lfs

---
 hosts/forgejo.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hosts/forgejo.nix b/hosts/forgejo.nix
index ce2ff36..6b2145d 100644
--- a/hosts/forgejo.nix
+++ b/hosts/forgejo.nix
@@ -123,6 +123,10 @@ in
             enableACME = true;
             forceSSL = true;
             locations."/".proxyPass = "http://localhost:3001/";
+            extraConfig = ''
+                # Maximum upload file size for git-lfs
+                client_max_body_size 100M;
+            '';
         };
     };
 

From 1e84717fd6b93d3dfd90b5d148734dcdeb1f52f2 Mon Sep 17 00:00:00 2001
From: fruchti <fruchti@gvfr.de>
Date: Fri, 7 Mar 2025 08:38:10 +0100
Subject: [PATCH 2/4] Emitter: Ensure IPv6 for burp backups to Rupert

---
 hosts/Emitter.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hosts/Emitter.nix b/hosts/Emitter.nix
index 6ec357e..f0e9c2a 100644
--- a/hosts/Emitter.nix
+++ b/hosts/Emitter.nix
@@ -102,7 +102,7 @@
                     ${pkgs.dig}/bin/nslookup rupert.gvfr.de
                     ${pkgs.unixtools.ping}/bin/ping -c1 rupert.gvfr.de >/dev/null
                     echo "Opening SSH tunnel."
-                    ${pkgs.openssh}/bin/ssh -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true
+                    ${pkgs.openssh}/bin/ssh -6 -i /secrets/id_burp_remote -o IdentitiesOnly=yes -o ExitOnForwardFailure=yes -L 4971:localhost:4971 burp-remote@rupert.gvfr.de -f true
                     echo "Beginning backup operation."
                     $out/sbin/burp-untunneled \$@
                     EOF

From f0e005ed7bebbcd3ea0128b94504a32424a0846d Mon Sep 17 00:00:00 2001
From: fruchti <fruchti@gvfr.de>
Date: Fri, 7 Mar 2025 08:39:06 +0100
Subject: [PATCH 3/4] Emitter: Specify postgres version

---
 hosts/Emitter.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts/Emitter.nix b/hosts/Emitter.nix
index f0e9c2a..2db269a 100644
--- a/hosts/Emitter.nix
+++ b/hosts/Emitter.nix
@@ -142,6 +142,8 @@
         };
     };
 
+    services.postgresql.package = pkgs.postgresql_13;
+
     # This value determines the NixOS release from which the default
     # settings for stateful data, like file locations and database versions
     # on your system were taken. It’s perfectly fine and recommended to leave

From 00bf70b29ae0e7c801c9b2e3128751afefe35012 Mon Sep 17 00:00:00 2001
From: fruchti <fruchti@gvfr.de>
Date: Fri, 7 Mar 2025 08:39:44 +0100
Subject: [PATCH 4/4] Emitter: TLS-SNI forward Nextcloud traffic

---
 hosts/tls_sni.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hosts/tls_sni.nix b/hosts/tls_sni.nix
index ec4d7ee..be9ce62 100644
--- a/hosts/tls_sni.nix
+++ b/hosts/tls_sni.nix
@@ -4,6 +4,7 @@
         streamConfig = ''
             map $ssl_preread_server_name $target_backend {
                 md.gvfr.de rupert;
+                rupert.gvfr.de rupert;
                 default localserv;
             }