gitea: add robots.txt

2022-10-21 03:07:10 +03:00 · 2022-10-21 03:07:10 +03:00 · d851303bb0
commit d851303bb0
parent a0021eec05
1 changed files with 22 additions and 11 deletions
--- a/machines/magenta/services/gitea.nix
+++ b/machines/magenta/services/gitea.nix
@ -3,6 +3,8 @@
 let
  hostname = "git.pleshevski.ru";
  giteaCfg = config.services.gitea;
  gitea = pkgs.gitea.overrideAttrs (oldAttrs: {
    postInstall = with pkgs; ''
      mkdir $data
@ -13,6 +15,11 @@ let
        --prefix PATH : ${lib.makeBinPath [ bash git gzip openssh gnupg ]}
    '';
  });
  robotsTxt = pkgs.writeText "robots.txt" ''
    User-agent: *
    Disallow: /
  '';
 in
 {
  services.postgresql.package = pkgs.postgresql_14;
@ -65,35 +72,35 @@ in
        DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = true;
      };
      "repository.local" = {
-        LOCAL_COPY_PATH = "${config.services.gitea.stateDir}/tmp/local-repo";
+        LOCAL_COPY_PATH = "${giteaCfg.stateDir}/tmp/local-repo";
      };
      "repository.upload" = {
-        TEMP_PATH = "${config.services.gitea.stateDir}/uploads";
+        TEMP_PATH = "${giteaCfg.stateDir}/uploads";
        ALLOWED_TYPES = "image/*";
      };
      "repository.pull-request" = {
        WORK_IN_PROGRESS_PREFIXES = "Draft:,[Draft]:,WIP:,[WIP]:";
      };
      indexer = {
-        ISSUE_INDEXER_PATH = "${config.services.gitea.stateDir}/indexers/issues.bleve";
+        ISSUE_INDEXER_PATH = "${giteaCfg.stateDir}/indexers/issues.bleve";
      };
      sessions = {
        PROVIDER = "file";
-        PROVIDER_CONFIG = "${config.services.gitea.stateDir}/sessions";
+        PROVIDER_CONFIG = "${giteaCfg.stateDir}/sessions";
      };
      picture = {
-        AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/avatars";
+        AVATAR_UPLOAD_PATH = "${giteaCfg.stateDir}/avatars";
-        REPOSITORY_AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/repo-avatars";
+        REPOSITORY_AVATAR_UPLOAD_PATH = "${giteaCfg.stateDir}/repo-avatars";
        DISABLE_GRAVATAR = false;
        ENABLE_FEDERATED_AVATAR = true;
      };
      attachment = {
-        PATH = "${config.services.gitea.stateDir}/attachments";
+        PATH = "${giteaCfg.stateDir}/attachments";
      };
      mailer = {
        ENABLED = true;
        MAILER_TYPE = "smtp";
-        FROM = "\"${config.services.gitea.appName}\" <no-reply@pleshevski.ru>";
+        FROM = "\"${giteaCfg.appName}\" <no-reply@pleshevski.ru>";
        USER = "dmitriy@pleshevski.ru";
        HOST = "mail.pleshevski.ru:465";
      };
@ -104,15 +111,19 @@ in
    };
  };
  systemd.services.gitea.preStart = lib.mkAfter ''
    cp -f ${robotsTxt} ${giteaCfg.stateDir}/custom/robots.txt
  '';
  services.nginx.virtualHosts.${hostname} = {
    enableACME = true;
    forceSSL = true;
-    locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/";
+    locations."/".proxyPass = "http://localhost:${toString giteaCfg.httpPort}/";
  };
  age.secrets.gitea-mailserver-passfile = {
    file = ../../../secrets/mailserver-users-jan-passfile.age;
-    owner = config.services.gitea.user;
+    owner = giteaCfg.user;
    group = "gitea";
  };
@ -124,7 +135,7 @@ in
    action = iptables-allports
  '';
-  environment.etc."fail2ban/filter.d/gitea.conf".source = pkgs.writeText "gitea.conf" ''
+  environment.etc."fail2ban/filter.d/gitea.conf".text = ''
    [Definition]
    failregex = .*Failed authentication attempt for .* from <HOST>
    ignoreregex =