From 652737239dccf04a9ca2512eac77247d5d77ae9a Mon Sep 17 00:00:00 2001
From: jack <jack@csrx.ru>
Date: Fri, 20 Mar 2026 19:43:22 +0700
Subject: [PATCH] Add Forgejo SSH port 2222 and open in UFW

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 roles/base/tasks/firewall.yml                  | 7 +++++++
 roles/services/templates/docker-compose.yml.j2 | 3 +++
 2 files changed, 10 insertions(+)

diff --git a/roles/base/tasks/firewall.yml b/roles/base/tasks/firewall.yml
index 37455a1..290d338 100644
--- a/roles/base/tasks/firewall.yml
+++ b/roles/base/tasks/firewall.yml
@@ -6,6 +6,13 @@
     proto: tcp
     comment: "SSH"
 
+- name: Allow Forgejo SSH
+  community.general.ufw:
+    rule: allow
+    port: "2222"
+    proto: tcp
+    comment: "Forgejo SSH"
+
 - name: Allow HTTP
   community.general.ufw:
     rule: allow
diff --git a/roles/services/templates/docker-compose.yml.j2 b/roles/services/templates/docker-compose.yml.j2
index 0851dc7..d2e4a55 100644
--- a/roles/services/templates/docker-compose.yml.j2
+++ b/roles/services/templates/docker-compose.yml.j2
@@ -108,7 +108,10 @@ services:
       - FORGEJO__server__DOMAIN={{ domain_git }}
       - FORGEJO__server__ROOT_URL=https://{{ domain_git }}
       - FORGEJO__server__SSH_DOMAIN={{ domain_git }}
+      - FORGEJO__server__SSH_PORT=2222
       - FORGEJO__service__DISABLE_REGISTRATION=true
+    ports:
+      - "2222:22"
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.forgejo.rule=Host(`{{ domain_git }}`)"