From d851303bb003ba32c6d39e002f1984b13686d097 Mon Sep 17 00:00:00 2001 From: Dmitriy Pleshevskiy Date: Fri, 21 Oct 2022 03:07:10 +0300 Subject: [PATCH] gitea: add robots.txt --- machines/magenta/services/gitea.nix | 33 +++++++++++++++++++---------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/machines/magenta/services/gitea.nix b/machines/magenta/services/gitea.nix index 6f25faf..3c871d5 100644 --- a/machines/magenta/services/gitea.nix +++ b/machines/magenta/services/gitea.nix @@ -3,6 +3,8 @@ let hostname = "git.pleshevski.ru"; + giteaCfg = config.services.gitea; + gitea = pkgs.gitea.overrideAttrs (oldAttrs: { postInstall = with pkgs; '' mkdir $data @@ -13,6 +15,11 @@ let --prefix PATH : ${lib.makeBinPath [ bash git gzip openssh gnupg ]} ''; }); + + robotsTxt = pkgs.writeText "robots.txt" '' + User-agent: * + Disallow: / + ''; in { services.postgresql.package = pkgs.postgresql_14; @@ -65,35 +72,35 @@ in DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = true; }; "repository.local" = { - LOCAL_COPY_PATH = "${config.services.gitea.stateDir}/tmp/local-repo"; + LOCAL_COPY_PATH = "${giteaCfg.stateDir}/tmp/local-repo"; }; "repository.upload" = { - TEMP_PATH = "${config.services.gitea.stateDir}/uploads"; + TEMP_PATH = "${giteaCfg.stateDir}/uploads"; ALLOWED_TYPES = "image/*"; }; "repository.pull-request" = { WORK_IN_PROGRESS_PREFIXES = "Draft:,[Draft]:,WIP:,[WIP]:"; }; indexer = { - ISSUE_INDEXER_PATH = "${config.services.gitea.stateDir}/indexers/issues.bleve"; + ISSUE_INDEXER_PATH = "${giteaCfg.stateDir}/indexers/issues.bleve"; }; sessions = { PROVIDER = "file"; - PROVIDER_CONFIG = "${config.services.gitea.stateDir}/sessions"; + PROVIDER_CONFIG = "${giteaCfg.stateDir}/sessions"; }; picture = { - AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/avatars"; - REPOSITORY_AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/repo-avatars"; + AVATAR_UPLOAD_PATH = "${giteaCfg.stateDir}/avatars"; + REPOSITORY_AVATAR_UPLOAD_PATH = "${giteaCfg.stateDir}/repo-avatars"; DISABLE_GRAVATAR = false; ENABLE_FEDERATED_AVATAR = true; }; attachment = { - PATH = "${config.services.gitea.stateDir}/attachments"; + PATH = "${giteaCfg.stateDir}/attachments"; }; mailer = { ENABLED = true; MAILER_TYPE = "smtp"; - FROM = "\"${config.services.gitea.appName}\" "; + FROM = "\"${giteaCfg.appName}\" "; USER = "dmitriy@pleshevski.ru"; HOST = "mail.pleshevski.ru:465"; }; @@ -104,15 +111,19 @@ in }; }; + systemd.services.gitea.preStart = lib.mkAfter '' + cp -f ${robotsTxt} ${giteaCfg.stateDir}/custom/robots.txt + ''; + services.nginx.virtualHosts.${hostname} = { enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/"; + locations."/".proxyPass = "http://localhost:${toString giteaCfg.httpPort}/"; }; age.secrets.gitea-mailserver-passfile = { file = ../../../secrets/mailserver-users-jan-passfile.age; - owner = config.services.gitea.user; + owner = giteaCfg.user; group = "gitea"; }; @@ -124,7 +135,7 @@ in action = iptables-allports ''; - environment.etc."fail2ban/filter.d/gitea.conf".source = pkgs.writeText "gitea.conf" '' + environment.etc."fail2ban/filter.d/gitea.conf".text = '' [Definition] failregex = .*Failed authentication attempt for .* from ignoreregex =