nixos/services: serve a strict robots.txt everywhere

2026-05-04 18:28:05 +02:00
parent 760c5c8284
commit edf7aab2f0
1 changed files with 27 additions and 13 deletions
@@ -3,13 +3,20 @@ let
  inherit (config.networking) fqdn;

  mkVhost =
-    attrs:
+    attrs: locations:
    let
      acmeEnabled = config.acme.enable;
    in
    {
      forceSSL = acmeEnabled;
      useACMEHost = if acmeEnabled then fqdn else null;
+
+      locations = {
+        "= /robots.txt" = {
+          alias = disallowedRobotsTxt;
+        };
+      }
+      // locations;
    }
    // attrs;

@@ -21,6 +28,19 @@ let
      proxy_request_buffering off;
    '';
  };
+
+  mkSsi = webRoot: {
+    root = webRoot;
+
+    extraConfig = ''
+      ssi on;
+    '';
+  };
+
+  disallowedRobotsTxt = builtins.toFile "robots.txt" ''
+    User-agent: *
+    Disallow: /
+  '';
 in
 {
  services.nginx = {
@@ -32,20 +52,14 @@ in
    recommendedGzipSettings = true;
    recommendedOptimisation = true;

-    virtualHosts."${fqdn}" = mkVhost {
-      default = true;
-
-      locations."/" = {
-        root = "${self.pins.website}/web-root";
-
-        extraConfig = ''
-          ssi on;
-        '';
-      };
+    virtualHosts = {
+      "${fqdn}" = mkVhost { default = true; } {
+        "/" = mkSsi "${self.pins.website}/web-root";
      };

-    virtualHosts."git.${fqdn}" = mkVhost {
-      locations."/" = mkProxy config.services.gitea.settings.server.HTTP_PORT;
+      "git.${fqdn}" = mkVhost { } {
+        "/" = mkProxy config.services.gitea.settings.server.HTTP_PORT;
+      };
    };
  };