Séparation de la configuration du reverseproxy

hosts/vm/reverseproxy/default.nix

@@ -1,139 +1,10 @@
 { pkgs, ... }:
 
-let
+{
-  anubisBotsMirror = pkgs.writeText "anubis_bots_mirror.yaml"
-    ''
-      - name: whitelist-crans
-        action: ALLOW
-        remote_addresses:
-          - 185.230.79.0/22
-          - 2a0c:700::/32
-          - 46.105.102.188/32
-          - 2001:41d0:2:d5bc::/128
-
-      - name: no-user-agent-string
-        action: DENY
-        expression: userAgent == ""
-
-      - name: ban-gpt
-        user_agent_regex: ".*gpt.*"
-        action: DENY
-
-      - name: ban-bot
-        user_agent_regex: ".*(b|B)ot.*"
-        action: DENY
-
-      - name: ban-WebKit
-        action: DENY
-        expression:
-          all:
-            - userAgent.startsWith("Mozilla")
-            - userAgent.matches("AppleWebKit")
-            - userAgent.matches("Safari")
-            - userAgent.matches("Chrome")
-
-      - name: ban-Barkrowler
-        user_agent_regex: ".*Barkrowler.*"
-        action: DENY
-    '';
-  anubisMirror = pkgs.writeText "anubis_mirror.json"
-    ''
-      {
-        "bots": [
-          {
-            "import": "${anubisBotsMirror}"
-          },
-          {
-            "name": "allow-repo",
-            "path_regex": "^...*",
-            "action": "ALLOW"
-          },
-          {
-            "name": "deny-other",
-            "path_regex": ".*",
-            "action": "ALLOW"
-          }
-        ]
-      }
-    '';
-  antibot = pkgs.writeText "antibot.yaml"
-    ''
-      - name: whitelist-crans
-        action: ALLOW
-        remote_addresses:
-          - 185.230.79.0/22
-          - 2a0c:700::/32
-          - 46.105.102.188/32
-          - 2001:41d0:2:d5bc::/128
-
-      - name: no-user-agent-string
-        action: DENY
-        expression: userAgent == ""
-
-      - name: ban-gpt
-        user_agent_regex: ".*gpt.*"
-        action: DENY
-
-      - name: ban-bot
-        user_agent_regex: ".*(b|B)ot.*"
-        action: DENY
-
-      - name: ban-WebKit
-        action: CHALLENGE
-        expression:
-          all:
-            - userAgent.startsWith("Mozilla")
-            - userAgent.matches("AppleWebKit")
-            - userAgent.matches("Safari")
-            - userAgent.matches("Chrome")
-
-      - name: ban-Barkrowler
-        user_agent_regex: ".*Barkrowler.*"
-        action: DENY
-    '';
-  anubisChallenge = pkgs.writeText "anubis_challenge.json"
-    ''
-      {
-        "bots": [
-          {
-            "import": "${antibot}"
-          },
-          {
-            "name": "challenge-other",
-            "path_regex": "^*",
-            "action": "CHALLENGE"
-          }
-        ]
-      }
-    '';
-  anubisMirrors = pkgs.writeText "anubis_mirrors.json"
-    ''
-      {
-        "bots": [
-          {
-            "import": "${antibot}"
-          },
-          {
-            "name": "deny-other",
-            "path_regex": ".*cdimage-.*",
-            "action": "ALLOW"
-          },
-          {
-            "name": "allow-repo",
-            "path_regex": "^...*",
-            "action": "ALLOW"
-          },
-          {
-            "name": "deny-other",
-            "path_regex": ".*",
-            "action": "CHALLENGE"
-          }
-        ]
-     }
-    '';
-in {
   imports = [
     ./hardware-configuration.nix
+
+    ./reverseproxy.nix
   ];
 
   networking.hostName = "reverseproxy";
@@ -157,68 +28,6 @@ in {
 
     resticClient.when = "03:42";
 
-    reverseProxy = {
-      enable = true;
-
-      virtualHosts = {
-        "eclat" = {
-          anubisConfig = "${anubisMirror}";
-          httpOnly = true;
-          target = "172.16.10.104";
-        };
-        "eclats" = {
-          anubisConfig = "${anubisMirrors}";
-          target = "172.16.10.104";
-        };
-        "install-party" = {
-          anubisConfig = "${anubisChallenge}";
-          target = "/var/www/install-party.crans.org";
-          serverAliases = [
-            "i-p"
-            "adopteunmanchot"
-            "adopteunpingouin"
-          ];
-        };
-        "lists" = {
-          anubisConfig = "${anubisChallenge}";
-          target = "172.16.10.110";
-        };
-        "mediawiki" = {
-          anubisConfig = "${anubisChallenge}";
-          target = "172.16.10.144";
-          serverAliases = [
-            "mediakiwi"
-          ];
-        };
-        "mirrors" = {
-          anubisConfig = "${anubisMirrors}";
-          target = "172.16.10.104";
-        };
-        "mirror" = {
-          anubisConfig = "${anubisMirror}";
-          httpOnly = true;
-          target = "172.16.10.104";
-        };
-        "perso" = {
-          anubisConfig = "${anubisChallenge}";
-          target = "172.16.10.31";
-          serverAliases = [
-            "clubs"
-          ];
-        };
-        "wiki" = {
-          anubisConfig = "${anubisChallenge}";
-          target = "[fd00::10:0:ff:fe01:6110]"; # l'ipv4 marche pas
-          serverAliases = [
-            "wikipedia"
-          ];
-        };
-      };
-    };
-
-    services = {
-      acme.enable = true;
-    };
   };
 
   system.stateVersion = "25.05";

hosts/vm/reverseproxy/reverseproxy.nix

@@ -0,0 +1,198 @@
+{ pkgs, ... }:
+
+let
+  anubisBotsMirror = pkgs.writeText "anubis_bots_mirror.yaml"
+    ''
+      - name: whitelist-crans
+        action: ALLOW
+        remote_addresses:
+          - 185.230.79.0/22
+          - 2a0c:700::/32
+          - 46.105.102.188/32
+          - 2001:41d0:2:d5bc::/128
+
+      - name: no-user-agent-string
+        action: DENY
+        expression: userAgent == ""
+
+      - name: ban-gpt
+        user_agent_regex: ".*gpt.*"
+        action: DENY
+
+      - name: ban-bot
+        user_agent_regex: ".*(b|B)ot.*"
+        action: DENY
+
+      - name: ban-WebKit
+        action: DENY
+        expression:
+          all:
+            - userAgent.startsWith("Mozilla")
+            - userAgent.matches("AppleWebKit")
+            - userAgent.matches("Safari")
+            - userAgent.matches("Chrome")
+
+      - name: ban-Barkrowler
+        user_agent_regex: ".*Barkrowler.*"
+        action: DENY
+    '';
+  anubisMirror = pkgs.writeText "anubis_mirror.json"
+    ''
+      {
+        "bots": [
+          {
+            "import": "${anubisBotsMirror}"
+          },
+          {
+            "name": "allow-repo",
+            "path_regex": "^...*",
+            "action": "ALLOW"
+          },
+          {
+            "name": "deny-other",
+            "path_regex": ".*",
+            "action": "ALLOW"
+          }
+        ]
+      }
+    '';
+  antibot = pkgs.writeText "antibot.yaml"
+    ''
+      - name: whitelist-crans
+        action: ALLOW
+        remote_addresses:
+          - 185.230.79.0/22
+          - 2a0c:700::/32
+          - 46.105.102.188/32
+          - 2001:41d0:2:d5bc::/128
+
+      - name: no-user-agent-string
+        action: DENY
+        expression: userAgent == ""
+
+      - name: ban-gpt
+        user_agent_regex: ".*gpt.*"
+        action: DENY
+
+      - name: ban-bot
+        user_agent_regex: ".*(b|B)ot.*"
+        action: DENY
+
+      - name: ban-WebKit
+        action: CHALLENGE
+        expression:
+          all:
+            - userAgent.startsWith("Mozilla")
+            - userAgent.matches("AppleWebKit")
+            - userAgent.matches("Safari")
+            - userAgent.matches("Chrome")
+
+      - name: ban-Barkrowler
+        user_agent_regex: ".*Barkrowler.*"
+        action: DENY
+    '';
+  anubisChallenge = pkgs.writeText "anubis_challenge.json"
+    ''
+      {
+        "bots": [
+          {
+            "import": "${antibot}"
+          },
+          {
+            "name": "challenge-other",
+            "path_regex": "^*",
+            "action": "CHALLENGE"
+          }
+        ]
+      }
+    '';
+  anubisMirrors = pkgs.writeText "anubis_mirrors.json"
+    ''
+      {
+        "bots": [
+          {
+            "import": "${antibot}"
+          },
+          {
+            "name": "deny-other",
+            "path_regex": ".*cdimage-.*",
+            "action": "ALLOW"
+          },
+          {
+            "name": "allow-repo",
+            "path_regex": "^...*",
+            "action": "ALLOW"
+          },
+          {
+            "name": "deny-other",
+            "path_regex": ".*",
+            "action": "CHALLENGE"
+          }
+        ]
+     }
+    '';
+in {
+  crans = {
+    reverseProxy = {
+      enable = true;
+      virtualHosts = {
+        "eclat" = {
+          anubisConfig = "${anubisMirror}";
+          httpOnly = true;
+          target = "172.16.10.104";
+        };
+        "eclats" = {
+          anubisConfig = "${anubisMirrors}";
+          target = "172.16.10.104";
+        };
+        "install-party" = {
+          anubisConfig = "${anubisChallenge}";
+          target = "/var/www/install-party.crans.org";
+          serverAliases = [
+            "i-p"
+            "adopteunmanchot"
+            "adopteunpingouin"
+          ];
+        };
+        "lists" = {
+          anubisConfig = "${anubisChallenge}";
+          target = "172.16.10.110";
+        };
+        "mediawiki" = {
+          anubisConfig = "${anubisChallenge}";
+          target = "172.16.10.144";
+          serverAliases = [
+            "mediakiwi"
+          ];
+        };
+        "mirrors" = {
+          anubisConfig = "${anubisMirrors}";
+          target = "172.16.10.104";
+        };
+        "mirror" = {
+          anubisConfig = "${anubisMirror}";
+          httpOnly = true;
+          target = "172.16.10.104";
+        };
+        "perso" = {
+          anubisConfig = "${anubisChallenge}";
+          target = "172.16.10.31";
+          serverAliases = [
+            "clubs"
+          ];
+        };
+        "wiki" = {
+          anubisConfig = "${anubisChallenge}";
+          target = "[fd00::10:0:ff:fe01:6110]"; # l'ipv4 marche pas
+          serverAliases = [
+            "wikipedia"
+          ];
+        };
+      };
+    };
+
+    services = {
+      acme.enable = true;
+    };
+  };
+}