gitea: add robots.txt

This commit is contained in:
Dmitriy Pleshevskiy 2022-10-21 03:07:10 +03:00
parent a0021eec05
commit d851303bb0
Signed by: pleshevskiy
GPG key ID: 1B59187B161C0215

View file

@ -3,6 +3,8 @@
let
hostname = "git.pleshevski.ru";
giteaCfg = config.services.gitea;
gitea = pkgs.gitea.overrideAttrs (oldAttrs: {
postInstall = with pkgs; ''
mkdir $data
@ -13,6 +15,11 @@ let
--prefix PATH : ${lib.makeBinPath [ bash git gzip openssh gnupg ]}
'';
});
robotsTxt = pkgs.writeText "robots.txt" ''
User-agent: *
Disallow: /
'';
in
{
services.postgresql.package = pkgs.postgresql_14;
@ -65,35 +72,35 @@ in
DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = true;
};
"repository.local" = {
LOCAL_COPY_PATH = "${config.services.gitea.stateDir}/tmp/local-repo";
LOCAL_COPY_PATH = "${giteaCfg.stateDir}/tmp/local-repo";
};
"repository.upload" = {
TEMP_PATH = "${config.services.gitea.stateDir}/uploads";
TEMP_PATH = "${giteaCfg.stateDir}/uploads";
ALLOWED_TYPES = "image/*";
};
"repository.pull-request" = {
WORK_IN_PROGRESS_PREFIXES = "Draft:,[Draft]:,WIP:,[WIP]:";
};
indexer = {
ISSUE_INDEXER_PATH = "${config.services.gitea.stateDir}/indexers/issues.bleve";
ISSUE_INDEXER_PATH = "${giteaCfg.stateDir}/indexers/issues.bleve";
};
sessions = {
PROVIDER = "file";
PROVIDER_CONFIG = "${config.services.gitea.stateDir}/sessions";
PROVIDER_CONFIG = "${giteaCfg.stateDir}/sessions";
};
picture = {
AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/avatars";
REPOSITORY_AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/repo-avatars";
AVATAR_UPLOAD_PATH = "${giteaCfg.stateDir}/avatars";
REPOSITORY_AVATAR_UPLOAD_PATH = "${giteaCfg.stateDir}/repo-avatars";
DISABLE_GRAVATAR = false;
ENABLE_FEDERATED_AVATAR = true;
};
attachment = {
PATH = "${config.services.gitea.stateDir}/attachments";
PATH = "${giteaCfg.stateDir}/attachments";
};
mailer = {
ENABLED = true;
MAILER_TYPE = "smtp";
FROM = "\"${config.services.gitea.appName}\" <no-reply@pleshevski.ru>";
FROM = "\"${giteaCfg.appName}\" <no-reply@pleshevski.ru>";
USER = "dmitriy@pleshevski.ru";
HOST = "mail.pleshevski.ru:465";
};
@ -104,15 +111,19 @@ in
};
};
systemd.services.gitea.preStart = lib.mkAfter ''
cp -f ${robotsTxt} ${giteaCfg.stateDir}/custom/robots.txt
'';
services.nginx.virtualHosts.${hostname} = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/";
locations."/".proxyPass = "http://localhost:${toString giteaCfg.httpPort}/";
};
age.secrets.gitea-mailserver-passfile = {
file = ../../../secrets/mailserver-users-jan-passfile.age;
owner = config.services.gitea.user;
owner = giteaCfg.user;
group = "gitea";
};
@ -124,7 +135,7 @@ in
action = iptables-allports
'';
environment.etc."fail2ban/filter.d/gitea.conf".source = pkgs.writeText "gitea.conf" ''
environment.etc."fail2ban/filter.d/gitea.conf".text = ''
[Definition]
failregex = .*Failed authentication attempt for .* from <HOST>
ignoreregex =