From 731e4f0d351860b85593df845d7693de842adffc Mon Sep 17 00:00:00 2001
From: Jonathan Agmon <jojo@agmon.co.il>
Date: Thu, 23 Oct 2025 20:24:55 +0000
Subject: [PATCH] Gitea SSH + mgmt net

---
 mgmt/gitea/compose.yml | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/mgmt/gitea/compose.yml b/mgmt/gitea/compose.yml
index 8eb10a1..5424e76 100644
--- a/mgmt/gitea/compose.yml
+++ b/mgmt/gitea/compose.yml
@@ -20,11 +20,17 @@ services:
       - traefik.http.middlewares.gitea.headers.frameDeny=true
       - traefik.http.routers.gitea.middlewares=gitea@docker
       - traefik.http.services.gitea.loadbalancer.server.port=3000
-      - traefik.docker.network=webapp
+      - traefik.tcp.routers.gitea-ssh.rule=HostSNI(`${SUBDOMAIN}.${DOMAIN_NAME}`)
+      - traefik.tcp.routers.gitea-ssh.entrypoints=ssh
+      - traefik.tcp.routers.gitea-ssh.service=gitea-ssh
+      - traefik.tcp.services.gitea-ssh.loadbalancer.server.port=558
+      - traefik.tcp.routers.gitea-ssh.tls=true
+      - traefik.docker.network=mgmt
     env_file:
       - .env
     secrets:
       - DB_PASS
+      - SSH_PORT
     volumes:
       - gitea-data:/var/lib/gitea
       - ./config:/etc/gitea
@@ -34,16 +40,18 @@ services:
     #   - "3000:3000"
     #   - "2222:2222"
     networks:
-      - webapp
+      - mgmt
       - db
 volumes:
   gitea-data:
     name: gitea-data
 networks:
-  webapp:
+  mgmt:
     external: true
   db:
     external: true
 secrets:
   DB_PASS:
-    file: .secrets/DB_PASS
\ No newline at end of file
+    file: .secrets/DB_PASS
+  SSH_PORT:
+    file: .secrets/SSH_PORT
\ No newline at end of file