Merge branch 'main' into wiki

2026-03-18 22:54:31 +01:00 · 2026-03-18 22:54:31 +01:00 · 92afe359dc
parent 88168a9a3a 261059a6ac
commit 92afe359dc
6 changed files with 28 additions and 80 deletions
--- a/assets/nix-crans_bootloader.png
+++ b/assets/nix-crans_bootloader.png
--- a/flake.lock
+++ b/flake.lock
@ -50,11 +50,11 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1769996383,
+        "lastModified": 1772408722,
-        "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
+        "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
        "owner": "hercules-ci",
        "repo": "flake-parts",
-        "rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
+        "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
        "type": "github"
      },
      "original": {
@ -86,11 +86,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1771714954,
+        "lastModified": 1773068389,
-        "narHash": "sha256-nhZJPnBavtu40/L2aqpljrfUNb2rxmWTmSjK2c9UKds=",
+        "narHash": "sha256-vMrm7Pk2hjBRPnCSjhq1pH0bg350Z+pXhqZ9ICiqqCs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "afbbf774e2087c3d734266c22f96fca2e78d3620",
+        "rev": "44bae273f9f82d480273bab26f5c50de3724f52f",
        "type": "github"
      },
      "original": {
@ -102,11 +102,11 @@
    },
    "nixpkgs-lib": {
      "locked": {
-        "lastModified": 1769909678,
+        "lastModified": 1772328832,
-        "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=",
+        "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "72716169fe93074c333e8d0173151350670b824c",
+        "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
        "type": "github"
      },
      "original": {
@ -145,11 +145,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1770228511,
+        "lastModified": 1772660329,
-        "narHash": "sha256-wQ6NJSuFqAEmIg2VMnLdCnUc0b7vslUohqqGGD+Fyxk=",
+        "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=",
        "owner": "numtide",
        "repo": "treefmt-nix",
-        "rev": "337a4fe074be1042a35086f15481d763b8ddc0e7",
+        "rev": "3710e0e1218041bbad640352a0440114b1e10428",
        "type": "github"
      },
      "original": {
--- a/hosts/vm/nextcloud/nextcloud.nix
+++ b/hosts/vm/nextcloud/nextcloud.nix
@ -16,7 +16,7 @@
  services.nextcloud = {
    enable = true;
-    package = pkgs.nextcloud32;
+    package = pkgs.nextcloud33;
    configureRedis = true;
    hostName = "nextcloud.crans.org";
--- a/hosts/vm/reverseproxy/reverseproxy.nix
+++ b/hosts/vm/reverseproxy/reverseproxy.nix
@ -4,69 +4,6 @@ let
  formatJSON = pkgs.formats.json { };
  formatYAML = pkgs.formats.yaml { };
  anubisBotsMirror = formatYAML.generate "anubis_bots_mirror.yaml" [
    {
      name = "whitelist-crans";
      action = "ALLOW";
      remote_addresses = [
        "185.230.79.0/22"
        "2a0c:700::/32"
        "46.105.102.188/32"
        "2001:41d0:2:d5bc::/128"
      ];
    }
    {
      name = "no-user-agent";
      action = "DENY";
      expression = "userAgent == \"\"";
    }
    {
      name = "ban-gpt";
      action = "DENY";
      user_agent_regex = ".*gpt.*";
    }
    {
      name = "ban-bot";
      action = "DENY";
      user_agent_regex = ".*(b|B)ot.*";
    }
    {
      name = "ban-WebKit";
      action = "DENY";
      expression = {
        all = [
          "userAgent.startsWith(\"Mozilla\")"
          "userAgent.startsWith(\"AppleWebKit\")"
          "userAgent.startsWith(\"Safari\")"
          "userAgent.startsWith(\"Chrome\")"
        ];
      };
    }
    {
      name = "ban-Barkrowler";
      action = "DENY";
      user_agent_regex = ".*Barkrowler.*";
    }
  ];
  anubisMirror = formatJSON.generate "anubis_mirror.json" {
    bots = [
      {
        import = "${anubisBotsMirror}";
      }
      {
        name = "allow-repo";
        action = "ALLOW";
        path_regex = "^...*";
      }
      {
        name = "deny-other";
        path_regex = ".*";
        action = "ALLOW";
      }
    ];
  };
  antiBot = formatYAML.generate "antibot.yaml" [
    {
      name = "whitelist-crans";
@ -80,7 +17,7 @@ let
    }
    {
      # On refuse les bots qui font souvent de la merde.
-      # https://github.com/TecharoHQ/anubis/blob/main/data/bots/deny-pathological.yaml
+      # https://github.com/TecharoHQ/anubis/blob/main/data/bots/_deny-pathological.yaml
      import = "(data)/bots/_deny-pathological.yaml";
    }
    {
@ -101,7 +38,7 @@ let
    }
    {
      # On refuse si userAgent = ""
-      # https://github.com/TecharoHQ/anubis/blob/main/data/common/keep-internet-working.yaml
+      # https://github.com/TecharoHQ/anubis/blob/main/data/common/rfc-violations.yaml
      import = "(data)/common/rfc-violations.yaml";
    }
    {
@ -126,6 +63,9 @@ let
  anubisPerso = formatJSON.generate "anubis_perso.json" {
    "bots" = [
      {
        import = "${antiBot}";
      }
      {
        name = "allow-public";
        path_regex = "^/[a-zA-Z0-9_-]*/public/.*";
@ -186,7 +126,7 @@ in
          proxyWebsockets = true;
        };
        "eclat" = {
-          anubisConfig = "${anubisMirror}";
+          anubisConfig = "${anubisMirrors}";
          httpOnly = true;
          target = "172.16.10.104";
        };
@ -219,7 +159,7 @@ in
          target = "172.16.10.104";
        };
        "mirror" = {
-          anubisConfig = "${anubisMirror}";
+          anubisConfig = "${anubisMirrors}";
          httpOnly = true;
          target = "172.16.10.104";
        };
--- a/modules/crans/default.nix
+++ b/modules/crans/default.nix
@ -8,6 +8,7 @@ in
 {
  imports = [
    ./age.nix
    ./grub.nix
    ./home.nix
    ./locale.nix
    ./networking.nix
--- a/modules/crans/grub.nix
+++ b/modules/crans/grub.nix
@ -0,0 +1,7 @@
 {...}:
 {
  boot.loader.grub = {
    splashImage = ../../assets/nix-crans_bootloader.png;
    backgroundColor = "#ad1f1f";
  };
 }