From a2ca53a4fc728599f9823acf7c6f4e851f92f370 Mon Sep 17 00:00:00 2001
From: Dmitry Voronin <hi@voronind.com>
Date: Thu, 21 Nov 2024 07:18:01 +0300
Subject: [PATCH] Home: Disable external ssh for git.

---
 host/x86_64-linux/home/Network.nix | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/host/x86_64-linux/home/Network.nix b/host/x86_64-linux/home/Network.nix
index e8ba82c2..668feaad 100644
--- a/host/x86_64-linux/home/Network.nix
+++ b/host/x86_64-linux/home/Network.nix
@@ -72,7 +72,7 @@ in {
 			# Allow VPN connections from Wan.
 			# + (mkForward external cfg.vpn.port cfg.vpn.address cfg.vpn.port udp)
 
-			# Nginx HTTP access from Wan.
+			# Nginx HTTP.
 			+ (mkForward external cfg.proxy.port cfg.proxy.address cfg.proxy.port tcp)
 			+ (mkForward internal cfg.proxy.port cfg.proxy.address cfg.proxy.port tcp)
 
@@ -82,12 +82,15 @@ in {
 			+ (mkForward external 54630 cfg.download.address 54630 udp)
 			+ (mkForward external 54631 cfg.download.address 54631 udp)
 
-			# Git ssh connections.
-			+ (mkForward external cfg.git.portSsh cfg.git.address cfg.git.portSsh tcp)
+			# Git SSH connections.
+			# + (mkForward external cfg.git.portSsh cfg.git.address cfg.git.portSsh tcp)
 			+ (mkForward internal cfg.git.portSsh cfg.git.address cfg.git.portSsh tcp)
 
 			# Print serivce.
 			+ (mkForward internal cfg.print.port cfg.print.address cfg.print.port tcp);
+
+			# External SSH access.
+			# + (mkForward external 22143 config.container.host 22143 tcp)
 		};
 
 		# Create Lan bridge.