From 00db350a3689d4f528ab9da295b1aeadb5113cc0 Mon Sep 17 00:00:00 2001
From: "no-reply@crans.org" <no-reply@crans.org>
Date: Sun, 14 Sep 2025 18:16:18 +0200
Subject: [PATCH 1/3] try to fix google index

---
 hosts/vm/reverseproxy/reverseproxy.nix | 19 ++++++++++++++++---
 modules/services/reverseproxy.nix      | 10 ++++++++++
 2 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix
index f2ca654..306e785 100644
--- a/hosts/vm/reverseproxy/reverseproxy.nix
+++ b/hosts/vm/reverseproxy/reverseproxy.nix
@@ -69,13 +69,26 @@ let
 
   antiBot = formatYAML.generate "antibot.yaml" [
     {
-      import = "${anubisBotsMirror}";
+      name = "whitelist-crans";
+      action = "ALLOW";
+      remote_addresses = [
+        "185.230.79.0/22"
+        "2a0c:700::/32"
+        "46.105.102.188/32"
+        "2001:41d0:2:d5bc::/128"
+      ];
     }
     {
       # On refuse les bots qui font souvent de la merde.
       # https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml
       import = "(data)/bots/_deny-pathological.yaml";
     }
+    {
+      # allow google-inspection pour indexer les pages
+      name = "google-inspection-tool";
+      action = "ALLOW";
+      user_agent_regex = ".*Google-InspectionTool.*";
+    }
     {
       # On autorise les indexers des moteurs de recherche.
       # https://github.com/TecharoHQ/anubis/blob/main/data/crawlers/_allow-good.yaml
@@ -190,8 +203,8 @@ in
           ];
         };
         "wiki" = {
-          anubisConfig = "${anubisChallenge}";
-          target = "[fd00::10:0:ff:fe01:6110]"; # l'ipv4 marche pas
+          ## anubisConfig = "${anubisChallenge}";
+          target = "172.16.10.161";
           serverAliases = [
             "wikipedia"
           ];
diff --git a/modules/services/reverseproxy.nix b/modules/services/reverseproxy.nix
index fac16cd..e3caa99 100644
--- a/modules/services/reverseproxy.nix
+++ b/modules/services/reverseproxy.nix
@@ -147,6 +147,11 @@ in
                 proxyWebsockets = vhostConfig.proxyWebsockets;
               };
               serverName = "${vhostName}.crans.${mainTld}";
+              extraConfig = "
+                set_real_ip_from 172.16.0.0/16;
+                set_real_ip_from fd00::/56;
+                real_ip_header X-Real-Ip;
+              ";
             }
           ) cfg.virtualHosts;
 
@@ -165,6 +170,11 @@ in
             listen = [
               { addr = "unix:/run/nginx/nginx-${vhostName}.sock"; }
             ];
+            serverName = "${vhostName}.crans.${mainTld}";
+            extraConfig = "
+              set_real_ip_from unix:;
+              real_ip_header X-Real-IP;
+            ";
           }) cfg.virtualHosts;
 
           # Configuration des alias .fr et .eu

From a5ace7dd3f1230b0c420c9991318932859239f4d Mon Sep 17 00:00:00 2001
From: Lzebulon <lzebulon@crans.org>
Date: Sun, 14 Sep 2025 18:27:17 +0200
Subject: [PATCH 2/3] add option opengraph

---
 modules/services/reverseproxy.nix | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/modules/services/reverseproxy.nix b/modules/services/reverseproxy.nix
index e3caa99..7ab06b1 100644
--- a/modules/services/reverseproxy.nix
+++ b/modules/services/reverseproxy.nix
@@ -20,6 +20,14 @@ let
     ];
   };
 
+  open_graph = formatJSON.generate "opengraph.json" {
+    openGraph = [
+      enabled = true;
+      considerHost = true;
+      ttl = "24h";
+    ];
+  };
+
   mainTld = "org";
   otherTld = [
     "fr"
@@ -73,6 +81,14 @@ in
               example = "/var/www/anubis.conf";
             };
 
+            anubisOpenGraph = mkOption {
+              type = types.bool;
+              default = true;
+              description = ''
+                Activer openGraph pour l'indexation et l'embedding
+              '';
+            };
+
             httpOnly = mkOption {
               type = types.bool;
               default = false;
@@ -128,6 +144,11 @@ in
             COOKIE_DOMAIN = "crans.org";
             REDIRECT_DOMAINS = "${vhostName}.crans.org";
             SOCKET_MODE = "0660";
+            # OpenGraph config
+            OG_PASSTHROUGH = vhostConfig.anubisOpenGraph;
+            OG_EXPIRY_TIME = "24h";
+            OG_CACHE_CONSIDER_HOST = true;
+            # Policy config
             POLICY_FNAME = if (vhostConfig.anubisConfig == "") then "${allowAll}" else vhostConfig.anubisConfig;
           };
         }) cfg.virtualHosts;

From 9478602ba6530827385e4bc68c363707f011557c Mon Sep 17 00:00:00 2001
From: Lzebulon <lzebulon@crans.org>
Date: Sun, 14 Sep 2025 18:29:45 +0200
Subject: [PATCH 3/3] fix

---
 modules/services/reverseproxy.nix | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/modules/services/reverseproxy.nix b/modules/services/reverseproxy.nix
index 7ab06b1..416f370 100644
--- a/modules/services/reverseproxy.nix
+++ b/modules/services/reverseproxy.nix
@@ -22,9 +22,11 @@ let
 
   open_graph = formatJSON.generate "opengraph.json" {
     openGraph = [
-      enabled = true;
-      considerHost = true;
-      ttl = "24h";
+      {
+        enabled = true;
+        considerHost = true;
+        ttl = "24h";
+      }
     ];
   };