tuxcord/tuxcord.nix
8
2
Fork 1
Code Issues 13 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

nixos/services: serve a strict robots.txt everywhere
Check / Nix flake (push) Failing after 8s
Details
Lint / Nix expressions (push) Failing after 9s
Details

Browse Source
This commit is contained in:
javalsai
2026-05-04 18:28:05 +02:00
committed by ErrorNoInternet
parent 760c5c8284
commit edf7aab2f0
1 changed files with 27 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixos/modules/nginx.nix
+27 -13
View File
@@ -3,13 +3,20 @@ let
inherit (config.networking) fqdn; inherit (config.networking) fqdn;
mkVhost = mkVhost =
attrs: attrs: locations:
let let
acmeEnabled = config.acme.enable; acmeEnabled = config.acme.enable;
in in
{ {
forceSSL = acmeEnabled; forceSSL = acmeEnabled;
useACMEHost = if acmeEnabled then fqdn else null; useACMEHost = if acmeEnabled then fqdn else null;
locations = {
"= /robots.txt" = {
alias = disallowedRobotsTxt;
};
}
// locations;
} }
// attrs; // attrs;
@@ -21,6 +28,19 @@ let
proxy_request_buffering off; proxy_request_buffering off;
''; '';
}; };
mkSsi = webRoot: {
root = webRoot;
extraConfig = ''
ssi on;
'';
};
disallowedRobotsTxt = builtins.toFile "robots.txt" ''
User-agent: *
Disallow: /
'';
in in
{ {
services.nginx = { services.nginx = {
@@ -32,20 +52,14 @@ in
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
virtualHosts."${fqdn}" = mkVhost { virtualHosts = {
default = true; "${fqdn}" = mkVhost { default = true; } {
"/" = mkSsi "${self.pins.website}/web-root";
locations."/" = {
root = "${self.pins.website}/web-root";
extraConfig = ''
ssi on;
'';
}; };
};
virtualHosts."git.${fqdn}" = mkVhost { "git.${fqdn}" = mkVhost { } {
locations."/" = mkProxy config.services.gitea.settings.server.HTTP_PORT; "/" = mkProxy config.services.gitea.settings.server.HTTP_PORT;
};
}; };
}; };