crans
/
nixos
mirror of https://gitlab.crans.org/nounous/nixos
19
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'anubis' into 'main' 

feat: cleanup and improve Anubis conf

See merge request nounous/nixos!59
merge-requests/59/merge
Pyjacpp 2026-02-27 17:51:15 +01:00
parent c16f217ac1 a180e6fc7c
commit 82d9cc743c
1 changed files with 7 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
hosts/vm/reverseproxy/reverseproxy.nix
View File

@ -4,69 +4,6 @@ let
formatJSON = pkgs.formats.json { }; formatJSON = pkgs.formats.json { };
formatYAML = pkgs.formats.yaml { }; formatYAML = pkgs.formats.yaml { };
anubisBotsMirror = formatYAML.generate "anubis_bots_mirror.yaml" [
{
name = "whitelist-crans";
action = "ALLOW";
remote_addresses = [
"185.230.79.0/22"
"2a0c:700::/32"
"46.105.102.188/32"
"2001:41d0:2:d5bc::/128"
];
}
{
name = "no-user-agent";
action = "DENY";
expression = "userAgent == \"\"";
}
{
name = "ban-gpt";
action = "DENY";
user_agent_regex = ".*gpt.*";
}
{
name = "ban-bot";
action = "DENY";
user_agent_regex = ".*(b|B)ot.*";
}
{
name = "ban-WebKit";
action = "DENY";
expression = {
all = [
"userAgent.startsWith(\"Mozilla\")"
"userAgent.startsWith(\"AppleWebKit\")"
"userAgent.startsWith(\"Safari\")"
"userAgent.startsWith(\"Chrome\")"
];
};
}
{
name = "ban-Barkrowler";
action = "DENY";
user_agent_regex = ".*Barkrowler.*";
}
];
anubisMirror = formatJSON.generate "anubis_mirror.json" {
bots = [
{
import = "${anubisBotsMirror}";
}
{
name = "allow-repo";
action = "ALLOW";
path_regex = "^...*";
}
{
name = "deny-other";
path_regex = ".*";
action = "ALLOW";
}
];
};
antiBot = formatYAML.generate "antibot.yaml" [ antiBot = formatYAML.generate "antibot.yaml" [
{ {
name = "whitelist-crans"; name = "whitelist-crans";
@ -80,7 +17,7 @@ let
} }
{ {
# On refuse les bots qui font souvent de la merde. # On refuse les bots qui font souvent de la merde.
# https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml # https://github.com/TecharoHQ/anubis/blob/main/data/bots/_deny-pathological.yaml
import = "(data)/bots/_deny-pathological.yaml"; import = "(data)/bots/_deny-pathological.yaml";
} }
{ {
@ -101,7 +38,7 @@ let
} }
{ {
# On refuse si userAgent = "" # On refuse si userAgent = ""
# https://github.com/TecharoHQ/anubis/blob/main/data/common/keep-internet-working.yaml # https://github.com/TecharoHQ/anubis/blob/main/data/common/rfc-violations.yaml
import = "(data)/common/rfc-violations.yaml"; import = "(data)/common/rfc-violations.yaml";
} }
{ {
@ -126,6 +63,9 @@ let
anubisPerso = formatJSON.generate "anubis_perso.json" { anubisPerso = formatJSON.generate "anubis_perso.json" {
"bots" = [ "bots" = [
{
import = "${antiBot}";
}
{ {
name = "allow-public"; name = "allow-public";
path_regex = "^/[a-zA-Z0-9_-]*/public/.*"; path_regex = "^/[a-zA-Z0-9_-]*/public/.*";
@ -186,7 +126,7 @@ in
proxyWebsockets = true; proxyWebsockets = true;
}; };
"eclat" = { "eclat" = {
anubisConfig = "${anubisMirror}"; anubisConfig = "${anubisMirrors}";
httpOnly = true; httpOnly = true;
target = "172.16.10.104"; target = "172.16.10.104";
}; };
@ -219,7 +159,7 @@ in
target = "172.16.10.104"; target = "172.16.10.104";
}; };
"mirror" = { "mirror" = {
anubisConfig = "${anubisMirror}"; anubisConfig = "${anubisMirrors}";
httpOnly = true; httpOnly = true;
target = "172.16.10.104"; target = "172.16.10.104";
}; };