diff --git a/assets/nix-crans_bootloader.png b/assets/nix-crans_bootloader.png new file mode 100644 index 0000000..9c3a74c Binary files /dev/null and b/assets/nix-crans_bootloader.png differ diff --git a/flake.lock b/flake.lock index 411f8a6..3674d40 100644 --- a/flake.lock +++ b/flake.lock @@ -50,11 +50,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -86,11 +86,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1771714954, - "narHash": "sha256-nhZJPnBavtu40/L2aqpljrfUNb2rxmWTmSjK2c9UKds=", + "lastModified": 1773068389, + "narHash": "sha256-vMrm7Pk2hjBRPnCSjhq1pH0bg350Z+pXhqZ9ICiqqCs=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "afbbf774e2087c3d734266c22f96fca2e78d3620", + "rev": "44bae273f9f82d480273bab26f5c50de3724f52f", "type": "github" }, "original": { @@ -102,11 +102,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1769909678, - "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", + "lastModified": 1772328832, + "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "72716169fe93074c333e8d0173151350670b824c", + "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", "type": "github" }, "original": { @@ -145,11 +145,11 @@ ] }, "locked": { - "lastModified": 1770228511, - "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=", + "lastModified": 1772660329, + "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7", + "rev": "3710e0e1218041bbad640352a0440114b1e10428", "type": "github" }, "original": { diff --git a/hosts/vm/nextcloud/nextcloud.nix b/hosts/vm/nextcloud/nextcloud.nix index c1bb29d..0636726 100644 --- a/hosts/vm/nextcloud/nextcloud.nix +++ b/hosts/vm/nextcloud/nextcloud.nix @@ -16,7 +16,7 @@ services.nextcloud = { enable = true; - package = pkgs.nextcloud32; + package = pkgs.nextcloud33; configureRedis = true; hostName = "nextcloud.crans.org"; diff --git a/hosts/vm/reverseproxy/reverseproxy.nix b/hosts/vm/reverseproxy/reverseproxy.nix index 76a4a7e..2626238 100644 --- a/hosts/vm/reverseproxy/reverseproxy.nix +++ b/hosts/vm/reverseproxy/reverseproxy.nix @@ -4,69 +4,6 @@ let formatJSON = pkgs.formats.json { }; formatYAML = pkgs.formats.yaml { }; - anubisBotsMirror = formatYAML.generate "anubis_bots_mirror.yaml" [ - { - name = "whitelist-crans"; - action = "ALLOW"; - remote_addresses = [ - "185.230.79.0/22" - "2a0c:700::/32" - "46.105.102.188/32" - "2001:41d0:2:d5bc::/128" - ]; - } - { - name = "no-user-agent"; - action = "DENY"; - expression = "userAgent == \"\""; - } - { - name = "ban-gpt"; - action = "DENY"; - user_agent_regex = ".*gpt.*"; - } - { - name = "ban-bot"; - action = "DENY"; - user_agent_regex = ".*(b|B)ot.*"; - } - { - name = "ban-WebKit"; - action = "DENY"; - expression = { - all = [ - "userAgent.startsWith(\"Mozilla\")" - "userAgent.startsWith(\"AppleWebKit\")" - "userAgent.startsWith(\"Safari\")" - "userAgent.startsWith(\"Chrome\")" - ]; - }; - } - { - name = "ban-Barkrowler"; - action = "DENY"; - user_agent_regex = ".*Barkrowler.*"; - } - ]; - - anubisMirror = formatJSON.generate "anubis_mirror.json" { - bots = [ - { - import = "${anubisBotsMirror}"; - } - { - name = "allow-repo"; - action = "ALLOW"; - path_regex = "^...*"; - } - { - name = "deny-other"; - path_regex = ".*"; - action = "ALLOW"; - } - ]; - }; - antiBot = formatYAML.generate "antibot.yaml" [ { name = "whitelist-crans"; @@ -80,7 +17,7 @@ let } { # On refuse les bots qui font souvent de la merde. - # https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml + # https://github.com/TecharoHQ/anubis/blob/main/data/bots/_deny-pathological.yaml import = "(data)/bots/_deny-pathological.yaml"; } { @@ -101,7 +38,7 @@ let } { # On refuse si userAgent = "" - # https://github.com/TecharoHQ/anubis/blob/main/data/common/keep-internet-working.yaml + # https://github.com/TecharoHQ/anubis/blob/main/data/common/rfc-violations.yaml import = "(data)/common/rfc-violations.yaml"; } { @@ -126,6 +63,9 @@ let anubisPerso = formatJSON.generate "anubis_perso.json" { "bots" = [ + { + import = "${antiBot}"; + } { name = "allow-public"; path_regex = "^/[a-zA-Z0-9_-]*/public/.*"; @@ -186,7 +126,7 @@ in proxyWebsockets = true; }; "eclat" = { - anubisConfig = "${anubisMirror}"; + anubisConfig = "${anubisMirrors}"; httpOnly = true; target = "172.16.10.104"; }; @@ -219,7 +159,7 @@ in target = "172.16.10.104"; }; "mirror" = { - anubisConfig = "${anubisMirror}"; + anubisConfig = "${anubisMirrors}"; httpOnly = true; target = "172.16.10.104"; }; diff --git a/modules/crans/default.nix b/modules/crans/default.nix index cac4a63..30cfbb2 100644 --- a/modules/crans/default.nix +++ b/modules/crans/default.nix @@ -8,6 +8,7 @@ in { imports = [ ./age.nix + ./grub.nix ./home.nix ./locale.nix ./networking.nix diff --git a/modules/crans/grub.nix b/modules/crans/grub.nix new file mode 100644 index 0000000..c4ce65b --- /dev/null +++ b/modules/crans/grub.nix @@ -0,0 +1,7 @@ +{...}: +{ + boot.loader.grub = { + splashImage = ../../assets/nix-crans_bootloader.png; + backgroundColor = "#ad1f1f"; + }; +}