From 182e5fb3c428a57b42fd2f3a6a8374510fafeb3d Mon Sep 17 00:00:00 2001
From: Nico <nico@astolfo.org>
Date: Sun, 8 Jun 2025 21:26:00 +1000
Subject: [PATCH] Revert "forgejo: protect with anubis"

This reverts commit cdee22e1650f89374aeb2ebb152ad18fd03c0a16.
---
 modules/services/forgejo.nix | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix
index e8b7e4d..f26d81b 100644
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@@ -17,8 +17,6 @@
         HTTP_PORT = 3000;
       };
 
-      security.REVERSE_PROXY_TRUSTED_PROXIES = "127.0.0.0/8,::1/128";
-
       service = {
         ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
         SHOW_REGISTRATION_BUTTON = false;
@@ -27,17 +25,6 @@
     };
   };
 
-  # configure anubis to prevent AI scrapers from overloading the git server.
-  services.anubis.instances.forgejo = {
-    enable = true;
-    settings = {
-      TARGET = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}";
-      SERVE_ROBOTS_TXT = true;
-      BIND_NETWORK = "tcp";
-      BIND = ":3333";
-    };
-  };
-
   # forgejo has user keys under its own .ssh/authorizedKeys file.
   # nix blocks me from using users.users.<name>.openssh.authorizedKeys.keyFiles
   # in order to only allow that to the forgejo user as it has "/var"
@@ -46,10 +33,7 @@
   services.caddy.virtualHosts."git.${config.homelab.domain}" = {
     useACMEHost = config.homelab.domain;
     extraConfig = ''
-      reverse_proxy http://127.0.0.1${toString config.services.anubis.instances.forgejo.settings.BIND} {
-        header_up X-Real-Ip {remote_host}
-        header_up X-Http-Version {http.request.proto}
-      }
+      reverse_proxy http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
     '';
   };
 }