From 27a426da8206375837ceaf68dcd5d40157748aba Mon Sep 17 00:00:00 2001
From: Pyjacpp <pyjacpp@crans.org>
Date: Sun, 15 Feb 2026 19:27:24 +0100
Subject: [PATCH 1/2] feat: cleanup and improve Anubis conf

Factorize and unify the Mirror policy
---
 hosts/vm/reverseproxy/reverseproxy.nix | 87 ++++----------------------
 1 file changed, 12 insertions(+), 75 deletions(-)

diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix
index 76a4a7e..02ad42e 100644
--- a/hosts/vm/reverseproxy/reverseproxy.nix
+++ b/hosts/vm/reverseproxy/reverseproxy.nix
@@ -4,83 +4,20 @@ let
   formatJSON = pkgs.formats.json { };
   formatYAML = pkgs.formats.yaml { };
 
-  anubisBotsMirror = formatYAML.generate "anubis_bots_mirror.yaml" [
-    {
-      name = "whitelist-crans";
-      action = "ALLOW";
-      remote_addresses = [
-        "185.230.79.0/22"
-        "2a0c:700::/32"
-        "46.105.102.188/32"
-        "2001:41d0:2:d5bc::/128"
-      ];
-    }
-    {
-      name = "no-user-agent";
-      action = "DENY";
-      expression = "userAgent == \"\"";
-    }
-    {
-      name = "ban-gpt";
-      action = "DENY";
-      user_agent_regex = ".*gpt.*";
-    }
-    {
-      name = "ban-bot";
-      action = "DENY";
-      user_agent_regex = ".*(b|B)ot.*";
-    }
-    {
-      name = "ban-WebKit";
-      action = "DENY";
-      expression = {
-        all = [
-          "userAgent.startsWith(\"Mozilla\")"
-          "userAgent.startsWith(\"AppleWebKit\")"
-          "userAgent.startsWith(\"Safari\")"
-          "userAgent.startsWith(\"Chrome\")"
-        ];
-      };
-    }
-    {
-      name = "ban-Barkrowler";
-      action = "DENY";
-      user_agent_regex = ".*Barkrowler.*";
-    }
-  ];
-
-  anubisMirror = formatJSON.generate "anubis_mirror.json" {
-    bots = [
-      {
-        import = "${anubisBotsMirror}";
-      }
-      {
-        name = "allow-repo";
-        action = "ALLOW";
-        path_regex = "^...*";
-      }
-      {
-        name = "deny-other";
-        path_regex = ".*";
-        action = "ALLOW";
-      }
-    ];
-  };
-
   antiBot = formatYAML.generate "antibot.yaml" [
     {
-      name = "whitelist-crans";
-      action = "ALLOW";
-      remote_addresses = [
-        "185.230.79.0/22"
-        "2a0c:700::/32"
-        "46.105.102.188/32"
-        "2001:41d0:2:d5bc::/128"
-      ];
+        name = "whitelist-crans";
+        action = "ALLOW";
+        remote_addresses = [
+          "185.230.79.0/22"
+          "2a0c:700::/32"
+          "46.105.102.188/32"
+          "2001:41d0:2:d5bc::/128"
+        ];
     }
     {
       # On refuse les bots qui font souvent de la merde.
-      # https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml
+      # https://github.com/TecharoHQ/anubis/blob/main/data/bots/_deny-pathological.yaml
       import = "(data)/bots/_deny-pathological.yaml";
     }
     {
@@ -101,7 +38,7 @@ let
     }
     {
       # On refuse si userAgent = ""
-      # https://github.com/TecharoHQ/anubis/blob/main/data/common/keep-internet-working.yaml
+      # https://github.com/TecharoHQ/anubis/blob/main/data/common/rfc-violations.yaml
       import = "(data)/common/rfc-violations.yaml";
     }
     {
@@ -186,7 +123,7 @@ in
           proxyWebsockets = true;
         };
         "eclat" = {
-          anubisConfig = "${anubisMirror}";
+          anubisConfig = "${anubisMirrors}";
           httpOnly = true;
           target = "172.16.10.104";
         };
@@ -219,7 +156,7 @@ in
           target = "172.16.10.104";
         };
         "mirror" = {
-          anubisConfig = "${anubisMirror}";
+          anubisConfig = "${anubisMirrors}";
           httpOnly = true;
           target = "172.16.10.104";
         };

From a180e6fc7c8028636a697369573414d7aa13238c Mon Sep 17 00:00:00 2001
From: Pyjacpp <pyjacpp@crans.org>
Date: Wed, 18 Feb 2026 21:28:42 +0100
Subject: [PATCH 2/2] feat: makes pages persos inherit antibot

---
 hosts/vm/reverseproxy/reverseproxy.nix | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix
index 02ad42e..2626238 100644
--- a/hosts/vm/reverseproxy/reverseproxy.nix
+++ b/hosts/vm/reverseproxy/reverseproxy.nix
@@ -6,14 +6,14 @@ let
 
   antiBot = formatYAML.generate "antibot.yaml" [
     {
-        name = "whitelist-crans";
-        action = "ALLOW";
-        remote_addresses = [
-          "185.230.79.0/22"
-          "2a0c:700::/32"
-          "46.105.102.188/32"
-          "2001:41d0:2:d5bc::/128"
-        ];
+      name = "whitelist-crans";
+      action = "ALLOW";
+      remote_addresses = [
+        "185.230.79.0/22"
+        "2a0c:700::/32"
+        "46.105.102.188/32"
+        "2001:41d0:2:d5bc::/128"
+      ];
     }
     {
       # On refuse les bots qui font souvent de la merde.
@@ -63,6 +63,9 @@ let
 
   anubisPerso = formatJSON.generate "anubis_perso.json" {
     "bots" = [
+      {
+        import = "${antiBot}";
+      }
       {
         name = "allow-public";
         path_regex = "^/[a-zA-Z0-9_-]*/public/.*";