rosenthal: Add ai-robots-txt.

* modules/rosenthal/packages/web.scm (ai-robots-txt): New variable.
services: Add caddy-service-type.
2025-11-16 09:24:58 +00:00 · 2025-05-23 19:17:35 +08:00 · 2025-05-23 19:07:31 +08:00 · 2025-05-23 17:06:43 +08:00
2 changed files with 153 additions and 2 deletions
--- a/modules/rosenthal/packages/web.scm
+++ b/modules/rosenthal/packages/web.scm
@ -6,9 +6,11 @@
  #:use-module ((guix licenses) #:prefix license:)
  #:use-module (guix gexp)
  #:use-module (guix packages)
+  #:use-module (guix utils)
  #:use-module (guix download)
  #:use-module (guix git-download)
  #:use-module (rosenthal utils download)
+  #:use-module (guix build-system copy)
  #:use-module (guix build-system go)
  #:use-module (gnu packages golang)
  #:use-module (gnu packages image)
@ -16,6 +18,37 @@
  #:use-module (gnu packages version-control)
  #:use-module (rosenthal packages golang))

+(define-public ai-robots-txt
+  (package
+    (name "ai-robots-txt")
+    (version "1.31")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/ai-robots-txt/ai.robots.txt")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "1bvq24w8pq56knhdacjkq93v6l719jcj3jf4fsknlmp9m6izm3zj"))
+              (modules '((guix build utils)))
+              (snippet '(delete-file-recursively "code"))))
+    (build-system copy-build-system)
+    (arguments
+     (list #:install-plan
+           ''(("." "share/ai-robots-txt/"
+               #:include ("robots.txt"
+                          ".htaccess"
+                          "nginx-block-ai-bots.conf"
+                          "Caddyfile"
+                          "haproxy-block-ai-bots.txt")))))
+    (home-page "https://github.com/ai-robots-txt/ai.robots.txt")
+    (synopsis "List of AI agents and robots to block")
+    (description
+     "This package provides a collection of configuration files to help
+website owners block unwanted AI crawlers from accessing their sites.")
+    (license license:expat)))
+
 (define-public caddy
  (package
    (name "caddy")
@ -37,7 +70,10 @@
     (list #:go go-1.24
           #:tests? (not (%current-target-system)) ;TODO: Run test suite.
           #:install-source? #f
-           #:import-path "./cmd/caddy"
+           #:import-path
+           (if (string=? "caddy" (package-name this-package))
+               "./cmd/caddy"
+               ".")
           #:build-flags
           #~(list "-tags" "nobadger nomysql nopgx"
                   (string-append
@ -103,6 +139,32 @@ performance and flexibility, making it suitable for a variety of applications,
 from serving static websites to running dynamic web applications.")
    (license license:asl2.0)))

+(define-public caddy/hako
+  (package
+    (inherit caddy)
+    (name "caddy-hako")
+    (version "2025.05.23-1")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://git.boiledscript.com/hako/caddy.git")
+                    (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "03jdlyakaxysz5wmxbwrdwl3rgkp0a0ws10g27hj1lmkdic860h9"))))
+    (native-inputs
+     (modify-inputs (package-native-inputs caddy)
+       (replace "vendored-go-dependencies"
+         (origin
+           (method (go-mod-vendor #:go go-1.24))
+           (uri (package-source this-package))
+           (file-name "vendored-go-dependencies")
+           (sha256
+            (base32
+             "0m01p9y96m1krjg1rf53kndxklql8i4hfv09rc3xnxbmqh5ahm43"))))))
+    (home-page "https://git.boiledscript.com/hako/caddy")))
+
 (define-public hugo
  (package
    (name "hugo")
--- a/modules/rosenthal/services/web.scm
+++ b/modules/rosenthal/services/web.scm
@ -4,6 +4,7 @@

 (define-module (rosenthal services web)
  #:use-module (guix gexp)
+  #:use-module (guix modules)
  #:use-module (guix records)
  #:use-module (gnu packages admin)
  #:use-module (gnu packages version-control)
@ -16,9 +17,13 @@
  #:use-module (gnu services databases)
  #:use-module (gnu services docker)
  #:use-module (gnu services shepherd)
+  #:use-module (gnu system privilege)
  #:use-module (gnu system shadow)
  #:use-module (rosenthal utils home-services-utils)
-  #:export (forgejo-configuration
+  #:export (caddy-configuration
+            caddy-service-type
+
+            forgejo-configuration
            forgejo-service-type

            jellyfin-configuration
@ -36,6 +41,90 @@
            vaultwarden-configuration
            vaultwarden-service-type))

+;;;
+;;; Caddy
+;;;
+
+(define-configuration/no-serialization caddy-configuration
+  (caddy
+   (file-like caddy)
+   "")
+  (caddyfile
+   file-like
+   ""))
+
+(define (caddy-accounts config)
+  (list (user-group (name "caddy") (system? #t))
+        (user-account
+         (name "caddy")
+         (group "caddy")
+         (system? #t)
+         (comment "Caddy user")
+         (home-directory "/var/lib/caddy"))))
+
+(define caddy-privileged-programs
+  (match-record-lambda <caddy-configuration>
+      (caddy)
+    (list (privileged-program
+           (program (file-append caddy "/bin/caddy"))
+           (capabilities "cap_net_bind_service=+ep")))))
+
+(define caddy-activation
+  (match-record-lambda <caddy-configuration>
+      (caddyfile)
+    (with-imported-modules
+        (source-module-closure '((guix build utils)
+                                 (gnu build activation)))
+      #~(begin
+          (use-modules (srfi srfi-26)
+                       (guix build utils)
+                       (gnu build activation))
+          (let* ((config-dir "/etc/caddy")
+                 (data-dir "/var/lib/caddy")
+                 (config-file (in-vicinity config-dir "Caddyfile"))
+                 (user (getpwnam "caddy")))
+            (for-each (cut mkdir-p/perms <> user #o750)
+                      (list config-dir data-dir))
+            (copy-file #$caddyfile config-file)
+            (for-each
+             (lambda (file)
+               (chown file (passwd:uid user) (passwd:gid user)))
+             (find-files data-dir #:directories? #t)))))))
+
+(define (caddy-shepherd-services config)
+  (list (shepherd-service
+          (provision '(caddy))
+          (requirement '(user-processes loopback))
+          (start
+           #~(make-forkexec-constructor
+              (list "/run/privileged/bin/caddy" "run"
+                    "--environ" "--config" "/etc/caddy/Caddyfile")
+              #:user "caddy"
+              #:group "caddy"
+              #:directory "/var/lib/caddy"
+              #:log-file "/var/log/caddy.log"
+              #:resource-limits '((nofile 1048576 1048576))
+              #:environment-variables '("HOME=/var/lib/caddy")))
+          (stop
+           #~(make-kill-destructor)))))
+
+(define caddy-service-type
+  (service-type
+   (name 'caddy)
+   (extensions
+    (list (service-extension account-service-type
+                             caddy-accounts)
+          (service-extension privileged-program-service-type
+                             caddy-privileged-programs)
+          (service-extension activation-service-type
+                             caddy-activation)
+          (service-extension shepherd-root-service-type
+                             caddy-shepherd-services)))
+   (default-value #f)
+   (description "")))
+
+
+
 ;;
 ;; Forgejo
 ;;