mirror of https://gitlab.crans.org/nounous/nixos
72 lines
1.6 KiB
Nix
72 lines
1.6 KiB
Nix
{ pkgs, ... }:
|
|
|
|
let
|
|
anubisBotsMirror = pkgs.writeText "anubis_bots_mirror.yaml" ''
|
|
- name: whitelist-crans
|
|
action: ALLOW
|
|
remote_addresses:
|
|
- 185.230.79.0/22
|
|
- 2a0c:700::/32
|
|
- 46.105.102.188/32
|
|
- 2001:41d0:2:d5bc::/128
|
|
|
|
- name: no-user-agent-string
|
|
action: DENY
|
|
expression: userAgent == ""
|
|
|
|
- name: ban-gpt
|
|
user_agent_regex: ".*gpt.*"
|
|
action: DENY
|
|
|
|
- name: ban-bot
|
|
user_agent_regex: ".*(b|B)ot.*"
|
|
action: DENY
|
|
|
|
- name: ban-WebKit
|
|
action: DENY
|
|
expression:
|
|
all:
|
|
- userAgent.startsWith("Mozilla")
|
|
- userAgent.matches("AppleWebKit")
|
|
- userAgent.matches("Safari")
|
|
- userAgent.matches("Chrome")
|
|
|
|
- name: ban-Barkrowler
|
|
user_agent_regex: ".*Barkrowler.*"
|
|
action: DENY
|
|
'';
|
|
anubisMirror = pkgs.writeText "anubis_mirror.json" ''
|
|
{
|
|
"bots": [
|
|
{
|
|
"import": "${anubisBotsMirror}"
|
|
},
|
|
{
|
|
"name": "allow-repo",
|
|
"path_regex": "^...*",
|
|
"action": "ALLOW"
|
|
},
|
|
{
|
|
"name": "deny-other",
|
|
"path_regex": ".*",
|
|
"action": "ALLOW"
|
|
}
|
|
]
|
|
}
|
|
'';
|
|
in {
|
|
services.anubis = {
|
|
instances."mirror" = {
|
|
enable = true;
|
|
settings = {
|
|
BIND_NETWORK = "tcp";
|
|
BIND = "127.0.0.1:7779";
|
|
TARGET = "http://localhost:8890";
|
|
COOKIE_DOMAIN = "crans.org";
|
|
REDIRECT_DOMAINS = "eclat.crans.org,mirror.crans.org";
|
|
POLICY_FNAME = "${anubisMirror}";
|
|
};
|
|
};
|
|
};
|
|
}
|