diff --git a/modules/system/services/forgejo/default.nix b/modules/system/services/forgejo/default.nix
index 95bf911..29a6d61 100644
--- a/modules/system/services/forgejo/default.nix
+++ b/modules/system/services/forgejo/default.nix
@@ -1,5 +1,6 @@
 {
   config,
+  pkgs,
   lib,
   ...
 }:
@@ -7,6 +8,7 @@ let
   cfg = config.custom.services.forgejo;
 
   user = config.users.users.forgejo.name;
+  inherit (config.users.users.forgejo) group;
 in
 {
   options.custom.services.forgejo = {
@@ -53,5 +55,17 @@ in
         passwordPath = config.sops.secrets."forgejo/admin-password".path;
       in
       ''${createCmd} --username SebastianStork --password "$(cat ${passwordPath})" --email "sebastian.stork@pm.me" --admin || true'';
+
+    systemd.tmpfiles.rules =
+      let
+        disallow-all-robots = lib.replaceStrings [ "\n" ] [ "\\n" ] ''
+          User-agent: *
+          Disallow: /
+        '';
+      in
+      [
+        "d ${config.services.forgejo.customDir}/public 750 ${user} ${group} - -"
+        "f+ ${config.services.forgejo.customDir}/public/robots.txt 750 ${user} ${group} - ${disallow-all-robots}"
+      ];
   };
 }