block some services from forgejo

clients/quadraticserver/caddy.nix

@@ -10,11 +10,14 @@
     networking.firewall.allowedTCPPorts = [ 443 ];
     services.caddy = {
       enable = true;
-      email = "hen" + "ry@he" + "nryhi" + "les.c" + "om";
+      email = "henry@henryhiles.com";
       environmentFile = config.age.secrets."base64JwtSecret.age".path;
       package = pkgs.caddy.withPlugins {
-        plugins = [ "github.com/ggicci/caddy-jwt@v1.1.0" ];
+        plugins = [
-        hash = "sha256-ZpPFPJwjIEpF7NpbfmeGvM3auM8W0KZU9GoCDKC0HQM=";
+          "github.com/ggicci/caddy-jwt@v1.1.0"
+          "pkg.jsn.cam/caddy-defender@v0.9.0"
+        ];
+        hash = "sha256-DO4jgD7UWva6z2/pQT+4RfBfKoBAAZVCgjXC/unYCQk=";
       };
 
       virtualHosts = lib.mapAttrs (domain: host: {

clients/quadraticserver/forgejo.nix

@@ -45,6 +45,10 @@
           Disallow: /*/*/archive/
           Disallow: /*/*/src/commit
           EOF 200
+
+        defender garbage {
+          ranges aliyun vpn aws deepseek githubcopilot gcloud oci azurepubliccloud openai mistral vultr cloudflare digitalocean linode
+        }
         reverse_proxy unix/${socket}
       '';
     };

clients/quadraticserver/matrix/bridges.nix

@@ -46,7 +46,12 @@ in
         format = "mautrix-go";
         port = 8000;
         package = pkgs.mautrix-gmessages.override { withGoolm = true; };
-        inherit settings;
+        settings = settings // {
+          appservice = {
+            as_token = "$CUSTOM_AS_TOKEN";
+            hs_token = "$CUSTOM_HS_TOKEN";
+          };
+        };
       };
 
       mautrix-whatsapp = {