nico/dots
2
2
Fork 1
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Revert "forgejo: protect with anubis"

Browse source 
This reverts commit cdee22e165.
This commit is contained in:
Nico 2025-06-08 21:26:00 +10:00
parent 2b66a710d4
commit 182e5fb3c4
1 changed files with 1 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/services/forgejo.nix
View file

@ -17,8 +17,6 @@
HTTP_PORT = 3000; HTTP_PORT = 3000;
}; };
security.REVERSE_PROXY_TRUSTED_PROXIES = "127.0.0.0/8,::1/128";
service = { service = {
ALLOW_ONLY_EXTERNAL_REGISTRATION = true; ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false; SHOW_REGISTRATION_BUTTON = false;
@ -27,17 +25,6 @@
}; };
}; };
# configure anubis to prevent AI scrapers from overloading the git server.
services.anubis.instances.forgejo = {
enable = true;
settings = {
TARGET = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}";
SERVE_ROBOTS_TXT = true;
BIND_NETWORK = "tcp";
BIND = ":3333";
};
};
# forgejo has user keys under its own .ssh/authorizedKeys file. # forgejo has user keys under its own .ssh/authorizedKeys file.
# nix blocks me from using users.users.<name>.openssh.authorizedKeys.keyFiles # nix blocks me from using users.users.<name>.openssh.authorizedKeys.keyFiles
# in order to only allow that to the forgejo user as it has "/var" # in order to only allow that to the forgejo user as it has "/var"
@ -46,10 +33,7 @@
services.caddy.virtualHosts."git.${config.homelab.domain}" = { services.caddy.virtualHosts."git.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain; useACMEHost = config.homelab.domain;
extraConfig = '' extraConfig = ''
reverse_proxy http://127.0.0.1${toString config.services.anubis.instances.forgejo.settings.BIND} { reverse_proxy http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
header_up X-Real-Ip {remote_host}
header_up X-Http-Version {http.request.proto}
}
''; '';
}; };
} }