1 files changed, 25 insertions, 3 deletions

diff --git a/flora/services/nginx.nix b/flora/services/nginx.nix
index 1d95255..c5aa45b 100644
--- a/flora/services/nginx.nix
+++ b/flora/services/nginx.nix
@@ -1,4 +1,4 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, inputs, ... }:
 
 {
   networking.firewall.allowedTCPPorts = [ 80 443 ];
@@ -14,22 +14,44 @@
       enableACME = true;
       forceSSL = true;
       locations."/".root = ../../pkgs/nomsing;
+      extraConfig = ''
+        include ${inputs."ai.robots.txt"}/nginx-block-ai-bots.conf;
+      '';
     };
     virtualHosts."meow.noms.ing" = {
       enableACME = true;
       forceSSL = true;
       locations."/".root = ../../pkgs/nomsing;
+      extraConfig = ''
+        include ${inputs."ai.robots.txt"}/nginx-block-ai-bots.conf;
+      '';
     };
     virtualHosts."webring.noms.ing" = {
       enableACME = true;
       forceSSL = true;
       locations."~ (.*)".extraConfig = ''
-        fastcgi_pass  unix:${config.services.fcgiwrap.socketAddress};
+        fastcgi_pass  unix:${config.services.fcgiwrap.instances.nomsing.socket.address};
         include       ${pkgs.nginx}/conf/fastcgi_params;
         fastcgi_param SCRIPT_FILENAME     ${lib.getExe pkgs.nomsring};
         fastcgi_param PATH_INFO           $1;
       '';
+      extraConfig = ''
+        include ${inputs."ai.robots.txt"}/nginx-block-ai-bots.conf;
+      '';
     };
+
+  };
+
+  services.fcgiwrap.instances.nomsing = {
+    socket = {
+      user = "nomsring";
+      group = "users";
+      mode = "0622";
+    };
+  };
+
+  users.users.nomsring = {
+    isSystemUser = true;
+    group = "users";
   };
-  services.fcgiwrap.enable = true;
 }