1 files changed, 14 insertions, 0 deletions
diff --git a/nix/module.nix b/nix/module.nix
index d5dfd88..cfac0fc 100644
--- a/nix/module.nix
+++ b/nix/module.nix
@@ -224,6 +224,19 @@ let
        '';
      };
+      repositoryBlacklist = mkOption {
+        type = types.listOf types.str;
+        default = [ ];
+        example = [ "npub1spam..." "npub1alice.../bad-repo" "malware" ];
+        description = ''
+          Repository blacklist for blocking specific repositories/pubkeys/identifiers.
+          Blacklist takes precedence over ALL whitelists (archive and repository).
+          Formats: <npub>, <npub>/<identifier>, <identifier>
+          Blacklisted repos are rejected with specific reasons (npub/identifier/both).
+          Does not affect NIP-11 curation field (operational, not curation policy).
+        '';
+      };
      user = mkOption {
        type = types.str;
        default = "ngit-grasp-${name}";
@@ -267,6 +280,7 @@ let
      NGIT_ARCHIVE_ALL = toString cfg.archiveAll;
      NGIT_ARCHIVE_WHITELIST = concatStringsSep "," cfg.archiveWhitelist;
      NGIT_REPOSITORY_WHITELIST = concatStringsSep "," cfg.repositoryWhitelist;
+      NGIT_REPOSITORY_BLACKLIST = concatStringsSep "," cfg.repositoryBlacklist;
      RUST_LOG = cfg.logLevel;
    } // optionalAttrs (cfg.relayName != null) {
      NGIT_RELAY_NAME = cfg.relayName;

diff --git a/nix/module.nix b/nix/module.nix index d5dfd88..cfac0fc 100644 --- a/nix/module.nix +++ b/nix/module.nix
@@ -224,6 +224,19 @@ let
224	'';	224	'';
225	};	225	};
226		226
		227	repositoryBlacklist = mkOption {
		228	type = types.listOf types.str;
		229	default = [ ];
		230	example = [ "npub1spam..." "npub1alice.../bad-repo" "malware" ];
		231	description = ''
		232	Repository blacklist for blocking specific repositories/pubkeys/identifiers.
		233	Blacklist takes precedence over ALL whitelists (archive and repository).
		234	Formats: <npub>, <npub>/<identifier>, <identifier>
		235	Blacklisted repos are rejected with specific reasons (npub/identifier/both).
		236	Does not affect NIP-11 curation field (operational, not curation policy).
		237	'';
		238	};
		239
227	user = mkOption {	240	user = mkOption {
228	type = types.str;	241	type = types.str;
229	default = "ngit-grasp-${name}";	242	default = "ngit-grasp-${name}";
@@ -267,6 +280,7 @@ let
267	NGIT_ARCHIVE_ALL = toString cfg.archiveAll;	280	NGIT_ARCHIVE_ALL = toString cfg.archiveAll;
268	NGIT_ARCHIVE_WHITELIST = concatStringsSep "," cfg.archiveWhitelist;	281	NGIT_ARCHIVE_WHITELIST = concatStringsSep "," cfg.archiveWhitelist;
269	NGIT_REPOSITORY_WHITELIST = concatStringsSep "," cfg.repositoryWhitelist;	282	NGIT_REPOSITORY_WHITELIST = concatStringsSep "," cfg.repositoryWhitelist;
		283	NGIT_REPOSITORY_BLACKLIST = concatStringsSep "," cfg.repositoryBlacklist;
270	RUST_LOG = cfg.logLevel;	284	RUST_LOG = cfg.logLevel;
271	} // optionalAttrs (cfg.relayName != null) {	285	} // optionalAttrs (cfg.relayName != null) {
272	NGIT_RELAY_NAME = cfg.relayName;	286	NGIT_RELAY_NAME = cfg.relayName;