From 182e5fb3c428a57b42fd2f3a6a8374510fafeb3d Mon Sep 17 00:00:00 2001
From: Nico <nico@astolfo.org>
Date: Sun, 8 Jun 2025 21:26:00 +1000
Subject: [PATCH 1/2] Revert "forgejo: protect with anubis"

This reverts commit cdee22e1650f89374aeb2ebb152ad18fd03c0a16.
---
 modules/services/forgejo.nix | 18 +-----------------
 1 file changed, 1 insertion(+), 17 deletions(-)

diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix
index e8b7e4d..f26d81b 100644
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@@ -17,8 +17,6 @@
         HTTP_PORT = 3000;
       };
 
-      security.REVERSE_PROXY_TRUSTED_PROXIES = "127.0.0.0/8,::1/128";
-
       service = {
         ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
         SHOW_REGISTRATION_BUTTON = false;
@@ -27,17 +25,6 @@
     };
   };
 
-  # configure anubis to prevent AI scrapers from overloading the git server.
-  services.anubis.instances.forgejo = {
-    enable = true;
-    settings = {
-      TARGET = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}";
-      SERVE_ROBOTS_TXT = true;
-      BIND_NETWORK = "tcp";
-      BIND = ":3333";
-    };
-  };
-
   # forgejo has user keys under its own .ssh/authorizedKeys file.
   # nix blocks me from using users.users.<name>.openssh.authorizedKeys.keyFiles
   # in order to only allow that to the forgejo user as it has "/var"
@@ -46,10 +33,7 @@
   services.caddy.virtualHosts."git.${config.homelab.domain}" = {
     useACMEHost = config.homelab.domain;
     extraConfig = ''
-      reverse_proxy http://127.0.0.1${toString config.services.anubis.instances.forgejo.settings.BIND} {
-        header_up X-Real-Ip {remote_host}
-        header_up X-Http-Version {http.request.proto}
-      }
+      reverse_proxy http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
     '';
   };
 }

From 1ae99e7b2ca93320f1cc6b528ecba96c141a5b1a Mon Sep 17 00:00:00 2001
From: Nico <nico@astolfo.org>
Date: Sun, 8 Jun 2025 21:37:50 +1000
Subject: [PATCH 2/2] users: add user alex

---
 flake.nix              |  1 +
 modules/users/alex.nix | 10 ++++++++++
 2 files changed, 11 insertions(+)
 create mode 100644 modules/users/alex.nix

diff --git a/flake.nix b/flake.nix
index 4be60f0..251d62c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -48,6 +48,7 @@
         ./modules/network/vpn/tailscale.nix
 
         ./modules/users/nico.nix
+        ./modules/users/alex.nix
         ./modules/hardware/secureboot.nix
         lanzaboote.nixosModules.lanzaboote
 
diff --git a/modules/users/alex.nix b/modules/users/alex.nix
new file mode 100644
index 0000000..6d9cf02
--- /dev/null
+++ b/modules/users/alex.nix
@@ -0,0 +1,10 @@
+{ config, lib, pkgs, ...}:
+
+{
+  users.users.alex = {
+    description = "Alexander";
+    isNormalUser = true;
+    extraGroups = [ ];
+    shell = pkgs.zsh;
+  };
+}