gitea: add robots.txt

This commit is contained in:
Dmitriy Pleshevskiy 2022-10-21 03:07:10 +03:00
parent a0021eec05
commit d851303bb0
Signed by: pleshevskiy
GPG key ID: 1B59187B161C0215

View file

@ -3,6 +3,8 @@
let let
hostname = "git.pleshevski.ru"; hostname = "git.pleshevski.ru";
giteaCfg = config.services.gitea;
gitea = pkgs.gitea.overrideAttrs (oldAttrs: { gitea = pkgs.gitea.overrideAttrs (oldAttrs: {
postInstall = with pkgs; '' postInstall = with pkgs; ''
mkdir $data mkdir $data
@ -13,6 +15,11 @@ let
--prefix PATH : ${lib.makeBinPath [ bash git gzip openssh gnupg ]} --prefix PATH : ${lib.makeBinPath [ bash git gzip openssh gnupg ]}
''; '';
}); });
robotsTxt = pkgs.writeText "robots.txt" ''
User-agent: *
Disallow: /
'';
in in
{ {
services.postgresql.package = pkgs.postgresql_14; services.postgresql.package = pkgs.postgresql_14;
@ -65,35 +72,35 @@ in
DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = true; DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = true;
}; };
"repository.local" = { "repository.local" = {
LOCAL_COPY_PATH = "${config.services.gitea.stateDir}/tmp/local-repo"; LOCAL_COPY_PATH = "${giteaCfg.stateDir}/tmp/local-repo";
}; };
"repository.upload" = { "repository.upload" = {
TEMP_PATH = "${config.services.gitea.stateDir}/uploads"; TEMP_PATH = "${giteaCfg.stateDir}/uploads";
ALLOWED_TYPES = "image/*"; ALLOWED_TYPES = "image/*";
}; };
"repository.pull-request" = { "repository.pull-request" = {
WORK_IN_PROGRESS_PREFIXES = "Draft:,[Draft]:,WIP:,[WIP]:"; WORK_IN_PROGRESS_PREFIXES = "Draft:,[Draft]:,WIP:,[WIP]:";
}; };
indexer = { indexer = {
ISSUE_INDEXER_PATH = "${config.services.gitea.stateDir}/indexers/issues.bleve"; ISSUE_INDEXER_PATH = "${giteaCfg.stateDir}/indexers/issues.bleve";
}; };
sessions = { sessions = {
PROVIDER = "file"; PROVIDER = "file";
PROVIDER_CONFIG = "${config.services.gitea.stateDir}/sessions"; PROVIDER_CONFIG = "${giteaCfg.stateDir}/sessions";
}; };
picture = { picture = {
AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/avatars"; AVATAR_UPLOAD_PATH = "${giteaCfg.stateDir}/avatars";
REPOSITORY_AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/repo-avatars"; REPOSITORY_AVATAR_UPLOAD_PATH = "${giteaCfg.stateDir}/repo-avatars";
DISABLE_GRAVATAR = false; DISABLE_GRAVATAR = false;
ENABLE_FEDERATED_AVATAR = true; ENABLE_FEDERATED_AVATAR = true;
}; };
attachment = { attachment = {
PATH = "${config.services.gitea.stateDir}/attachments"; PATH = "${giteaCfg.stateDir}/attachments";
}; };
mailer = { mailer = {
ENABLED = true; ENABLED = true;
MAILER_TYPE = "smtp"; MAILER_TYPE = "smtp";
FROM = "\"${config.services.gitea.appName}\" <no-reply@pleshevski.ru>"; FROM = "\"${giteaCfg.appName}\" <no-reply@pleshevski.ru>";
USER = "dmitriy@pleshevski.ru"; USER = "dmitriy@pleshevski.ru";
HOST = "mail.pleshevski.ru:465"; HOST = "mail.pleshevski.ru:465";
}; };
@ -104,15 +111,19 @@ in
}; };
}; };
systemd.services.gitea.preStart = lib.mkAfter ''
cp -f ${robotsTxt} ${giteaCfg.stateDir}/custom/robots.txt
'';
services.nginx.virtualHosts.${hostname} = { services.nginx.virtualHosts.${hostname} = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/"; locations."/".proxyPass = "http://localhost:${toString giteaCfg.httpPort}/";
}; };
age.secrets.gitea-mailserver-passfile = { age.secrets.gitea-mailserver-passfile = {
file = ../../../secrets/mailserver-users-jan-passfile.age; file = ../../../secrets/mailserver-users-jan-passfile.age;
owner = config.services.gitea.user; owner = giteaCfg.user;
group = "gitea"; group = "gitea";
}; };
@ -124,7 +135,7 @@ in
action = iptables-allports action = iptables-allports
''; '';
environment.etc."fail2ban/filter.d/gitea.conf".source = pkgs.writeText "gitea.conf" '' environment.etc."fail2ban/filter.d/gitea.conf".text = ''
[Definition] [Definition]
failregex = .*Failed authentication attempt for .* from <HOST> failregex = .*Failed authentication attempt for .* from <HOST>
ignoreregex = ignoreregex =