crans
/
nixos
mirror of https://gitlab.crans.org/nounous/nixos
19
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'reverseproxy-google' into 'main' 

Reverseproxy google

See merge request nounous/nixos!32
merge-requests/32/merge
lzebulon 2025-09-15 21:43:58 +02:00
parent 6ba4c15870 9478602ba6
commit 04bf4918ad
2 changed files with 49 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
hosts/vm/reverseproxy/reverseproxy.nix
View File

@ -69,13 +69,26 @@ let
antiBot = formatYAML.generate "antibot.yaml" [ antiBot = formatYAML.generate "antibot.yaml" [
{ {
import = "${anubisBotsMirror}"; name = "whitelist-crans";
action = "ALLOW";
remote_addresses = [
"185.230.79.0/22"
"2a0c:700::/32"
"46.105.102.188/32"
"2001:41d0:2:d5bc::/128"
];
} }
{ {
# On refuse les bots qui font souvent de la merde. # On refuse les bots qui font souvent de la merde.
# https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml # https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml
import = "(data)/bots/_deny-pathological.yaml"; import = "(data)/bots/_deny-pathological.yaml";
} }
{
# allow google-inspection pour indexer les pages
name = "google-inspection-tool";
action = "ALLOW";
user_agent_regex = ".*Google-InspectionTool.*";
}
{ {
# On autorise les indexers des moteurs de recherche. # On autorise les indexers des moteurs de recherche.
# https://github.com/TecharoHQ/anubis/blob/main/data/crawlers/_allow-good.yaml # https://github.com/TecharoHQ/anubis/blob/main/data/crawlers/_allow-good.yaml
@ -190,8 +203,8 @@ in
]; ];
}; };
"wiki" = { "wiki" = {
anubisConfig = "${anubisChallenge}"; ## anubisConfig = "${anubisChallenge}";
target = "[fd00::10:0:ff:fe01:6110]"; # l'ipv4 marche pas target = "172.16.10.161";
serverAliases = [ serverAliases = [
"wikipedia" "wikipedia"
]; ];

33
modules/services/reverseproxy.nix
View File

@ -20,6 +20,16 @@ let
]; ];
}; };
open_graph = formatJSON.generate "opengraph.json" {
openGraph = [
{
enabled = true;
considerHost = true;
ttl = "24h";
}
];
};
mainTld = "org"; mainTld = "org";
otherTld = [ otherTld = [
"fr" "fr"
@ -73,6 +83,14 @@ in
example = "/var/www/anubis.conf"; example = "/var/www/anubis.conf";
}; };
anubisOpenGraph = mkOption {
type = types.bool;
default = true;
description = ''
Activer openGraph pour l'indexation et l'embedding
'';
};
httpOnly = mkOption { httpOnly = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -128,6 +146,11 @@ in
COOKIE_DOMAIN = "crans.org"; COOKIE_DOMAIN = "crans.org";
REDIRECT_DOMAINS = "${vhostName}.crans.org"; REDIRECT_DOMAINS = "${vhostName}.crans.org";
SOCKET_MODE = "0660"; SOCKET_MODE = "0660";
# OpenGraph config
OG_PASSTHROUGH = vhostConfig.anubisOpenGraph;
OG_EXPIRY_TIME = "24h";
OG_CACHE_CONSIDER_HOST = true;
# Policy config
POLICY_FNAME = if (vhostConfig.anubisConfig == "") then "${allowAll}" else vhostConfig.anubisConfig; POLICY_FNAME = if (vhostConfig.anubisConfig == "") then "${allowAll}" else vhostConfig.anubisConfig;
}; };
}) cfg.virtualHosts; }) cfg.virtualHosts;
@ -147,6 +170,11 @@ in
proxyWebsockets = vhostConfig.proxyWebsockets; proxyWebsockets = vhostConfig.proxyWebsockets;
}; };
serverName = "${vhostName}.crans.${mainTld}"; serverName = "${vhostName}.crans.${mainTld}";
extraConfig = "
set_real_ip_from 172.16.0.0/16;
set_real_ip_from fd00::/56;
real_ip_header X-Real-Ip;
";
} }
) cfg.virtualHosts; ) cfg.virtualHosts;
@ -165,6 +193,11 @@ in
listen = [ listen = [
{ addr = "unix:/run/nginx/nginx-${vhostName}.sock"; } { addr = "unix:/run/nginx/nginx-${vhostName}.sock"; }
]; ];
serverName = "${vhostName}.crans.${mainTld}";
extraConfig = "
set_real_ip_from unix:;
real_ip_header X-Real-IP;
";
}) cfg.virtualHosts; }) cfg.virtualHosts;
# Configuration des alias .fr et .eu # Configuration des alias .fr et .eu