From 00db350a3689d4f528ab9da295b1aeadb5113cc0 Mon Sep 17 00:00:00 2001
From: "no-reply@crans.org" <no-reply@crans.org>
Date: Sun, 14 Sep 2025 18:16:18 +0200
Subject: [PATCH] try to fix google index

---
 hosts/vm/reverseproxy/reverseproxy.nix | 19 ++++++++++++++++---
 modules/services/reverseproxy.nix      | 10 ++++++++++
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix
index f2ca654..306e785 100644
--- a/hosts/vm/reverseproxy/reverseproxy.nix
+++ b/hosts/vm/reverseproxy/reverseproxy.nix
@@ -69,13 +69,26 @@ let
 
   antiBot = formatYAML.generate "antibot.yaml" [
     {
-      import = "${anubisBotsMirror}";
+      name = "whitelist-crans";
+      action = "ALLOW";
+      remote_addresses = [
+        "185.230.79.0/22"
+        "2a0c:700::/32"
+        "46.105.102.188/32"
+        "2001:41d0:2:d5bc::/128"
+      ];
     }
     {
       # On refuse les bots qui font souvent de la merde.
       # https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml
       import = "(data)/bots/_deny-pathological.yaml";
     }
+    {
+      # allow google-inspection pour indexer les pages
+      name = "google-inspection-tool";
+      action = "ALLOW";
+      user_agent_regex = ".*Google-InspectionTool.*";
+    }
     {
       # On autorise les indexers des moteurs de recherche.
       # https://github.com/TecharoHQ/anubis/blob/main/data/crawlers/_allow-good.yaml
@@ -190,8 +203,8 @@ in
           ];
         };
         "wiki" = {
-          anubisConfig = "${anubisChallenge}";
-          target = "[fd00::10:0:ff:fe01:6110]"; # l'ipv4 marche pas
+          ## anubisConfig = "${anubisChallenge}";
+          target = "172.16.10.161";
           serverAliases = [
             "wikipedia"
           ];
diff --git a/modules/services/reverseproxy.nix b/modules/services/reverseproxy.nix
index fac16cd..e3caa99 100644
--- a/modules/services/reverseproxy.nix
+++ b/modules/services/reverseproxy.nix
@@ -147,6 +147,11 @@ in
                 proxyWebsockets = vhostConfig.proxyWebsockets;
               };
               serverName = "${vhostName}.crans.${mainTld}";
+              extraConfig = "
+                set_real_ip_from 172.16.0.0/16;
+                set_real_ip_from fd00::/56;
+                real_ip_header X-Real-Ip;
+              ";
             }
           ) cfg.virtualHosts;
 
@@ -165,6 +170,11 @@ in
             listen = [
               { addr = "unix:/run/nginx/nginx-${vhostName}.sock"; }
             ];
+            serverName = "${vhostName}.crans.${mainTld}";
+            extraConfig = "
+              set_real_ip_from unix:;
+              real_ip_header X-Real-IP;
+            ";
           }) cfg.virtualHosts;
 
           # Configuration des alias .fr et .eu