fix(forgejo): Try to ban more scrapper
All checks were successful
Check meta / check_dns (pull_request) Successful in 17s
Check meta / check_meta (pull_request) Successful in 15s
Check workflows / check_workflows (pull_request) Successful in 20s
Run pre-commit on all files / pre-commit (push) Successful in 35s
Build all the nodes / netcore01 (pull_request) Successful in 21s
Build all the nodes / netaccess01 (pull_request) Successful in 21s
Build all the nodes / ap01 (pull_request) Successful in 58s
Build all the nodes / netcore02 (pull_request) Successful in 20s
Build all the nodes / hypervisor01 (pull_request) Successful in 1m39s
Build all the nodes / bridge01 (pull_request) Successful in 2m12s
Build the shell / build-shell (pull_request) Successful in 22s
Run pre-commit on all files / pre-commit (pull_request) Successful in 25s
Build all the nodes / build01 (pull_request) Successful in 2m17s
Build all the nodes / geo01 (pull_request) Successful in 2m25s
Build all the nodes / tower01 (pull_request) Successful in 1m41s
Build all the nodes / geo02 (pull_request) Successful in 2m30s
Build all the nodes / cof02 (pull_request) Successful in 2m42s
Build all the nodes / hypervisor02 (pull_request) Successful in 2m37s
Build all the nodes / hypervisor03 (pull_request) Successful in 2m38s
Build all the nodes / compute01 (pull_request) Successful in 3m12s
Build all the nodes / storage01 (pull_request) Successful in 2m28s
Build all the nodes / web02 (pull_request) Successful in 1m40s
Build all the nodes / rescue01 (pull_request) Successful in 2m30s
Build all the nodes / vault01 (pull_request) Successful in 2m26s
Build all the nodes / web03 (pull_request) Successful in 2m26s
Build all the nodes / web01 (pull_request) Successful in 2m45s
All checks were successful
Check meta / check_dns (pull_request) Successful in 17s
Check meta / check_meta (pull_request) Successful in 15s
Check workflows / check_workflows (pull_request) Successful in 20s
Run pre-commit on all files / pre-commit (push) Successful in 35s
Build all the nodes / netcore01 (pull_request) Successful in 21s
Build all the nodes / netaccess01 (pull_request) Successful in 21s
Build all the nodes / ap01 (pull_request) Successful in 58s
Build all the nodes / netcore02 (pull_request) Successful in 20s
Build all the nodes / hypervisor01 (pull_request) Successful in 1m39s
Build all the nodes / bridge01 (pull_request) Successful in 2m12s
Build the shell / build-shell (pull_request) Successful in 22s
Run pre-commit on all files / pre-commit (pull_request) Successful in 25s
Build all the nodes / build01 (pull_request) Successful in 2m17s
Build all the nodes / geo01 (pull_request) Successful in 2m25s
Build all the nodes / tower01 (pull_request) Successful in 1m41s
Build all the nodes / geo02 (pull_request) Successful in 2m30s
Build all the nodes / cof02 (pull_request) Successful in 2m42s
Build all the nodes / hypervisor02 (pull_request) Successful in 2m37s
Build all the nodes / hypervisor03 (pull_request) Successful in 2m38s
Build all the nodes / compute01 (pull_request) Successful in 3m12s
Build all the nodes / storage01 (pull_request) Successful in 2m28s
Build all the nodes / web02 (pull_request) Successful in 1m40s
Build all the nodes / rescue01 (pull_request) Successful in 2m30s
Build all the nodes / vault01 (pull_request) Successful in 2m26s
Build all the nodes / web03 (pull_request) Successful in 2m26s
Build all the nodes / web01 (pull_request) Successful in 2m45s
This commit is contained in:
parent
959d5ae501
commit
64d638d878
1 changed files with 39 additions and 1 deletions
|
@ -2,11 +2,32 @@
|
|||
#
|
||||
# SPDX-License-Identifier: EUPL-1.2
|
||||
|
||||
{ config, nixpkgs, ... }:
|
||||
{
|
||||
config,
|
||||
nixpkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
port = 3000;
|
||||
host = "git.dgnum.eu";
|
||||
|
||||
bannedUserAgentPatterns = [
|
||||
"Trident/"
|
||||
"Android\\s[123456789]\\."
|
||||
"iPod"
|
||||
"iPad\\sOS\\s"
|
||||
"iPhone\\sOS\\s[23456789]"
|
||||
"Opera/[89]"
|
||||
"(Chrome|CriOS)/(\\d\\d?\\.|1[01]|12[4])"
|
||||
"(Firefox|FxiOS)/(\\d\\d?\\.|1[01]|12[012345679]\\.)"
|
||||
"PPC\\sMac\\sOS"
|
||||
"Windows\\sCE"
|
||||
"Windows\\s95"
|
||||
"Windows\\s98"
|
||||
"Windows\\sNT\\s[12345]\\."
|
||||
];
|
||||
in
|
||||
{
|
||||
services = {
|
||||
|
@ -87,6 +108,23 @@ in
|
|||
inherit host port;
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
appendHttpConfig = ''
|
||||
map $http_user_agent $badagent {
|
||||
default 0;
|
||||
${lib.concatMapStringsSep "\n" (pattern: ''
|
||||
~${pattern} 1;
|
||||
'') bannedUserAgentPatterns}
|
||||
}
|
||||
'';
|
||||
virtualHosts.${host}.locations."/".extraConfig = ''
|
||||
if ($badagent) {
|
||||
access_log /var/log/nginx/abuse.log;
|
||||
return 403;
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
users.users.git = {
|
||||
description = "Git Service";
|
||||
home = "/var/lib/git";
|
||||
|
|
Loading…
Add table
Reference in a new issue