Reload de anubis, ajout de eclat et ajout de redirection pour favicon.ico

hosts/vm/reverseproxy/anubis.nix

@@ -1,71 +0,0 @@
-{ pkgs, ... }:
-
-let
-  anubisBotsMirror = pkgs.writeText "anubis_bots_mirror.yaml" ''
-    - name: whitelist-crans
-      action: ALLOW
-      remote_addresses:
-        - 185.230.79.0/22
-        - 2a0c:700::/32
-        - 46.105.102.188/32
-        - 2001:41d0:2:d5bc::/128
-
-    - name: no-user-agent-string
-      action: DENY
-      expression: userAgent == ""
-
-    - name: ban-gpt
-      user_agent_regex: ".*gpt.*"
-      action: DENY
-
-    - name: ban-bot
-      user_agent_regex: ".*(b|B)ot.*"
-      action: DENY
-
-    - name: ban-WebKit
-      action: DENY
-      expression:
-        all:
-          - userAgent.startsWith("Mozilla")
-          - userAgent.matches("AppleWebKit")
-          - userAgent.matches("Safari")
-          - userAgent.matches("Chrome")
-
-    - name: ban-Barkrowler
-      user_agent_regex: ".*Barkrowler.*"
-      action: DENY
-  '';
-  anubisMirror = pkgs.writeText "anubis_mirror.json" ''
-    {
-      "bots": [
-        {
-          "import": "${anubisBotsMirror}"
-        },
-        {
-          "name": "allow-repo",
-          "path_regex": "^...*",
-          "action": "ALLOW"
-        },
-        {
-          "name": "deny-other",
-          "path_regex": ".*",
-          "action": "ALLOW"
-        }
-      ]
-    }
-  '';
-in {
-  services.anubis = {
-    instances."mirror" = {
-      enable = true;
-      settings = {
-        BIND_NETWORK = "tcp";
-        BIND = "127.0.0.1:7779";
-        TARGET = "http://localhost:8890";
-        COOKIE_DOMAIN = "crans.org";
-        REDIRECT_DOMAINS = "eclat.crans.org,mirror.crans.org";
-        POLICY_FNAME = "${anubisMirror}";
-      };
-    };
-  };
-}

hosts/vm/reverseproxy/default.nix

@@ -161,6 +161,11 @@ in {
       enable = true;
 
       virtualHosts = {
+        "eclat" = {
+          anubisConfig = "${anubisMirror}";
+          httpOnly = true;
+          target = "172.16.10.104";
+        };
         "eclats" = {
           anubisConfig = "${anubisMirrors}";
           target = "172.16.10.104";
@@ -199,7 +204,7 @@ in {
         };
         "wiki" = {
           anubisConfig = "${anubisChallenge}";
-          target = "172.16.10.161";
+          target = "[fd00::10:0:ff:fe01:6110]"; # l'ipv4 marche pas
           serverAliases = [
             "wikipedia"
           ];

modules/services/reverseproxy.nix

@@ -94,75 +94,84 @@ in
     };
   };
 
-  config.services = mkIf cfg.enable {
+  config = {
-    anubis = {
+    systemd.services = mapAttrs (
-      defaultOptions.group = "nginx";
+      vhostName: vhostConfig: {
-      instances = mapAttrs (
+        wantedBy = [ "multi-user.target" ];
-        vhostName: vhostConfig: {
+      }
-          enable = true;
+    ) cfg.virtualHosts;
-          settings = {
-            BIND = "/run/anubis/anubis-${vhostName}.sock";
-            BIND_NETWORK = "unix";
-            TARGET = "unix:///run/nginx/nginx-${vhostName}.sock";
-            COOKIE_DOMAIN = "crans.org";
-            REDIRECT_DOMAINS = "${vhostName}.crans.org";
-            SOCKET_MODE = "0660";
-            POLICY_FNAME =
-              if (vhostConfig.anubisConfig == "")
-              then allowAll
-              else vhostConfig.anubisConfig;
-          };
-        }
-      ) cfg.virtualHosts;
-    };
 
-    nginx =
+    services = mkIf cfg.enable {
-      let
+      anubis = {
-        domaines = [
+        defaultOptions.group = "nginx";
-          "crans.org"
+        instances = mapAttrs (
-          "crans.fr"
-          "crans.eu"
-        ];
-        redirectConfig = mapAttrs (
           vhostName: vhostConfig: {
-            locations = mkIf ((substring 0 1 vhostConfig.target) != "/") {
+            enable = true;
-              "/".proxyPass = "http://${vhostConfig.target}";
+            settings = {
+              BIND = "/run/anubis/anubis-${vhostName}.sock";
+              BIND_NETWORK = "unix";
+              TARGET = "unix:///run/nginx/nginx-${vhostName}.sock";
+              COOKIE_DOMAIN = "crans.org";
+              REDIRECT_DOMAINS = "${vhostName}.crans.org";
+              SOCKET_MODE = "0660";
+              POLICY_FNAME =
+                if (vhostConfig.anubisConfig == "")
+                then allowAll
+                else vhostConfig.anubisConfig;
             };
-            root = mkIf ((substring 0 1 vhostConfig.target) == "/") vhostConfig.target;
-            listen = [
-              { addr = "unix:/run/nginx/nginx-${vhostName}.sock"; }
-            ];
           }
         ) cfg.virtualHosts;
-        aliasConfig =  mapAttrs' (
-          vhostName: vhostConfig: nameValuePair (vhostName + "-alias") {
-            enableACME = !vhostConfig.httpOnly;
-            forceSSL = !vhostConfig.httpOnly;
-            rejectSSL = vhostConfig.httpOnly;
-            serverName = "${vhostName}.crans.fr";
-            serverAliases = let
-              aliases = cartesianProduct {
-                name = vhostConfig.serverAliases;
-                domaine = domaines;
-              };
-            in [
-              "${vhostName}.crans.eu"
-            ] ++ map (value: value.name + "." + value.domaine) aliases;
-            globalRedirect = "${vhostName}.crans.org";
-          }
-        ) cfg.virtualHosts;
-        anubisConfig = mapAttrs' (
-          vhostName: vhostConfig: nameValuePair (vhostName + "-anubis") {
-            enableACME = !vhostConfig.httpOnly;
-            forceSSL = !vhostConfig.httpOnly;
-            rejectSSL = vhostConfig.httpOnly;
-            locations."/".proxyPass = "http://unix:/run/anubis/anubis-${vhostName}.sock";
-            serverName = "${vhostName}.crans.org";
-          }
-        ) cfg.virtualHosts;
-      in {
-        enable = true;
-        virtualHosts = redirectConfig // aliasConfig // anubisConfig;
       };
+
+      nginx =
+        let
+          domaines = [
+            "crans.org"
+            "crans.fr"
+            "crans.eu"
+          ];
+          redirectConfig = mapAttrs (
+            vhostName: vhostConfig: {
+              locations = mkIf ((substring 0 1 vhostConfig.target) != "/") {
+                "/favicon.ico".root = "/var/www/logo/";
+                "/".proxyPass = "http://${vhostConfig.target}";
+              };
+              root = mkIf ((substring 0 1 vhostConfig.target) == "/") vhostConfig.target;
+              listen = [
+                { addr = "unix:/run/nginx/nginx-${vhostName}.sock"; }
+              ];
+            }
+          ) cfg.virtualHosts;
+          aliasConfig =  mapAttrs' (
+            vhostName: vhostConfig: nameValuePair (vhostName + "-alias") {
+              enableACME = !vhostConfig.httpOnly;
+              forceSSL = !vhostConfig.httpOnly;
+              rejectSSL = vhostConfig.httpOnly;
+              serverName = "${vhostName}.crans.fr";
+              serverAliases = let
+                aliases = cartesianProduct {
+                  name = vhostConfig.serverAliases;
+                  domaine = domaines;
+                };
+              in [
+                "${vhostName}.crans.eu"
+              ] ++ map (value: value.name + "." + value.domaine) aliases;
+              globalRedirect = "${vhostName}.crans.org";
+            }
+          ) cfg.virtualHosts;
+          anubisConfig = mapAttrs' (
+            vhostName: vhostConfig: nameValuePair (vhostName + "-anubis") {
+              enableACME = !vhostConfig.httpOnly;
+              forceSSL = !vhostConfig.httpOnly;
+              rejectSSL = vhostConfig.httpOnly;
+              locations."/".proxyPass = "http://unix:/run/anubis/anubis-${vhostName}.sock";
+              serverName = "${vhostName}.crans.org";
+            }
+          ) cfg.virtualHosts;
+        in {
+          enable = true;
+          virtualHosts = redirectConfig // aliasConfig // anubisConfig;
+        };
+    };
   };
 }