From 7c3c13abb81eb5999896d0a079ee30bbe1a9a2c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= Date: Tue, 3 Jun 2025 21:06:53 +0200 Subject: [PATCH] anubis: weigh the souls of the AI scrapers --- systems/makanek/gitea.nix | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/systems/makanek/gitea.nix b/systems/makanek/gitea.nix index 1b45cb8..9fa1d22 100644 --- a/systems/makanek/gitea.nix +++ b/systems/makanek/gitea.nix @@ -1,20 +1,45 @@ +{ config, ... }: let inherit (import ../../lib) sshPort; - domain = "https://code.kmein.de"; + domain = "code.kmein.de"; in { + services.anubis = { + defaultOptions.settings = { + USER_DEFINED_DEFAULT = true; + }; + instances = { + "gitea".settings = { + TARGET = "http://localhost:${toString config.services.gitea.settings.server.HTTP_PORT}"; + USER_DEFINED_INSTANCE = true; + OG_PASSTHROUGH = true; + SERVE_ROBOTS_TXT = true; + }; + }; + }; + + users.users.nginx.extraGroups = [ config.services.anubis.instances."gitea".group ]; + services.gitea = { enable = true; - appName = "code.kmein.de"; + appName = domain; settings = { - server.ROOT_URL = domain; + server.ROOT_URL = "https://${domain}"; + server.DOMAIN = domain; server.SSH_PORT = sshPort; service.DISABLE_REGISTRATION = true; }; }; - services.nginx.virtualHosts."code.kmein.de" = { + services.nginx.virtualHosts.${domain} = { forceSSL = true; enableACME = true; - locations."/".extraConfig = "proxy_pass http://localhost:3000;"; + # locations."/".extraConfig = "proxy_pass http://localhost:3000;"; + locations = { + "/" = { + proxyPass = "http://unix:${config.services.anubis.instances."gitea".settings.BIND}"; + proxyWebsockets = true; + }; + "/metrics".proxyPass = "http://unix:${config.services.anubis.instances."gitea".settings.METRICS_BIND}"; + }; }; niveum.passport.services = [