hydra-proxy: restrict restart-abort for python-env-venv eval

NixOS · Jul 9, 2024 · 20f22b2 · 20f22b2
1 parent 9532a8b
commit 20f22b2
Show file tree

Hide file tree

Showing 2 changed files with 33 additions and 1 deletion.
diff --git a/build/hydra-proxy.nix b/build/hydra-proxy.nix
@@ -27,8 +27,9 @@
       enableACME = true;
 
       extraConfig = ''
+        error_page 403 /403.html;
         error_page 503 /503.html;
-        location = /503.html {
+        location ~ ^/(403|503).html$ {
           root ${./nginx-error-pages};
           internal;
         }
@@ -41,6 +42,8 @@
       locations."/static/" = {
         alias = "${config.services.hydra-dev.package}/libexec/hydra/root/static/";
       };
+
+      locations."/eval/1807542/restart-aborted".return = "403";
     };
   };
 

diff --git a/build/nginx-error-pages/403.html b/build/nginx-error-pages/403.html
@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+
+<html>
+
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <title>Access forbidden</title>
+  <style type="text/css" media="screen">
+    body {
+      font-family: Helvetica, Arial, sans-serif;
+      color: rgba(0, 0, 0, 0.7);
+    }
+  </style>
+</head>
+
+<body>
+  <center>
+    <img src="/apache-errors/warning.png" alt="Warning" />
+    <p>Access to that resource has been restricted!</p>
+    <p style="font-size: 90%;">
+      <a href="https://nixos.org/">NixOS Homepage</a> |
+      <a href="https://monitoring.nixos.org/prometheus/alerts">System Alerts</a> |
+      <a href="https://monitoring.nixos.org/grafana/">Dashboards</a> |
+      <a href="https://github.com/NixOS/nixpkgs/labels/infrastructure">Related Issues</a>
+    </p>
+  </center>
+</body>
+
+</html>