From 18eb50a6022e1eec882103b2ceb1ebf3b0f0bb68 Mon Sep 17 00:00:00 2001
From: Henry-Hiles <henry@henryhiles.com>
Date: Sat, 27 Sep 2025 20:59:45 -0400
Subject: [PATCH] block some services from forgejo

---
 clients/quadraticserver/caddy.nix          | 9 ++++++---
 clients/quadraticserver/forgejo.nix        | 4 ++++
 clients/quadraticserver/matrix/bridges.nix | 7 ++++++-
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/clients/quadraticserver/caddy.nix b/clients/quadraticserver/caddy.nix
index 0bff093..7337831 100644
--- a/clients/quadraticserver/caddy.nix
+++ b/clients/quadraticserver/caddy.nix
@@ -10,11 +10,14 @@
     networking.firewall.allowedTCPPorts = [ 443 ];
     services.caddy = {
       enable = true;
-      email = "hen" + "ry@he" + "nryhi" + "les.c" + "om";
+      email = "henry@henryhiles.com";
       environmentFile = config.age.secrets."base64JwtSecret.age".path;
       package = pkgs.caddy.withPlugins {
-        plugins = [ "github.com/ggicci/caddy-jwt@v1.1.0" ];
-        hash = "sha256-ZpPFPJwjIEpF7NpbfmeGvM3auM8W0KZU9GoCDKC0HQM=";
+        plugins = [
+          "github.com/ggicci/caddy-jwt@v1.1.0"
+          "pkg.jsn.cam/caddy-defender@v0.9.0"
+        ];
+        hash = "sha256-DO4jgD7UWva6z2/pQT+4RfBfKoBAAZVCgjXC/unYCQk=";
       };
 
       virtualHosts = lib.mapAttrs (domain: host: {
diff --git a/clients/quadraticserver/forgejo.nix b/clients/quadraticserver/forgejo.nix
index d90ac83..b152b82 100644
--- a/clients/quadraticserver/forgejo.nix
+++ b/clients/quadraticserver/forgejo.nix
@@ -45,6 +45,10 @@
           Disallow: /*/*/archive/
           Disallow: /*/*/src/commit
           EOF 200
+
+        defender garbage {
+          ranges aliyun vpn aws deepseek githubcopilot gcloud oci azurepubliccloud openai mistral vultr cloudflare digitalocean linode
+        }
         reverse_proxy unix/${socket}
       '';
     };
diff --git a/clients/quadraticserver/matrix/bridges.nix b/clients/quadraticserver/matrix/bridges.nix
index 6c8e996..b8adbd2 100644
--- a/clients/quadraticserver/matrix/bridges.nix
+++ b/clients/quadraticserver/matrix/bridges.nix
@@ -46,7 +46,12 @@ in
         format = "mautrix-go";
         port = 8000;
         package = pkgs.mautrix-gmessages.override { withGoolm = true; };
-        inherit settings;
+        settings = settings // {
+          appservice = {
+            as_token = "$CUSTOM_AS_TOKEN";
+            hs_token = "$CUSTOM_HS_TOKEN";
+          };
+        };
       };
 
       mautrix-whatsapp = {