From 6a142666760569b89c5df4db145dff8a49024ee3 Mon Sep 17 00:00:00 2001
From: Sakooooo <78461130+Sakooooo@users.noreply.github.com>
Date: Wed, 1 Jan 2025 14:50:47 +0400
Subject: [PATCH] can't bind on port 22 fix

---
 modules/server/services/forgejo.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/modules/server/services/forgejo.nix b/modules/server/services/forgejo.nix
index aa70490c..984ccebb 100644
--- a/modules/server/services/forgejo.nix
+++ b/modules/server/services/forgejo.nix
@@ -79,5 +79,10 @@ in {
         journalmatch = _SYSTEMD_UNIT=forgejo.service
       '';
     };
+    systemd.services.forgejo.serviceConfig = {
+      AmbientCapabilities = lib.mkForce [ "CAP_NET_BIND_SERVICE" ];
+      CapabilityBoundingSet = lib.mkForce [ "CAP_NET_BIND_SERVICE" ];
+      PrivateUsers = lib.mkForce false;
+    };
   };
 }