From 08fa63889b073b83a3752aa9dc4492e5810ea52e Mon Sep 17 00:00:00 2001
From: _cry64 <them@dobutterfliescry.net>
Date: Thu, 26 Feb 2026 15:18:57 +1000
Subject: [PATCH] enforce forgejo post-quantum

https://www.openssh.org/pq.html
---
 hosts/butterfly/services/forgejo.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/hosts/butterfly/services/forgejo.nix b/hosts/butterfly/services/forgejo.nix
index d1dec7e..1e1c782 100644
--- a/hosts/butterfly/services/forgejo.nix
+++ b/hosts/butterfly/services/forgejo.nix
@@ -57,6 +57,9 @@ in {
         START_SSH_SERVER = true;
         DISABLE_SSH = false;
         SSH_PORT = 2222;
+
+        SSH_SERVER_CIPHERS = "chacha20-poly1305@openssh.com,";
+        SSH_SERVER_KEY_EXCHANGES = "sntrup761x25519-sha512,mlkem768x25519-sha256";
       };
 
       DEFAULT = {