atridad/haschel
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added anubis (testing)
Some checks failed
Deploy NixOS / deploy (push) Failing after 35s
Details

Browse Source
This commit is contained in:
Atridad Lahiji
2026-03-08 12:20:10 -06:00
parent 2a077bad21
commit e56a4ddb4b
4 changed files with 19 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configuration.nix
View File

@@ -12,6 +12,7 @@
./modules/proxy.nix ./modules/proxy.nix
./modules/matrix.nix ./modules/matrix.nix
./modules/fail2ban.nix ./modules/fail2ban.nix
./modules/anubis.nix
]; ];
nix.settings.experimental-features = [ nix.settings.experimental-features = [
@@ -23,6 +24,7 @@
git git
gnumake gnumake
openssl openssl
anubis
]; ];
system.stateVersion = "25.11"; system.stateVersion = "25.11";

6
flake.lock generated
View File

@@ -2,11 +2,11 @@
"nodes": { "nodes": {
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1772624091, "lastModified": 1772773019,
"narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", "rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
"type": "github" "type": "github"
}, },
"original": { "original": {

12
modules/anubis.nix Normal file
View File

@@ -0,0 +1,12 @@
{ ... }:
{
services.anubis = {
enable = true;
settings = {
firewall.enabled = true;
firewall.block_openai = true;
firewall.block_google = true;
};
};
}

2
modules/proxy.nix
View File

@@ -84,6 +84,7 @@ in
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff" X-Content-Type-Options "nosniff"
X-Frame-Options "DENY" X-Frame-Options "DENY"
X-Robots-Tag "noimageindex, noodp, noydir, noindex, nofollow"
Referrer-Policy "strict-origin-when-cross-origin" Referrer-Policy "strict-origin-when-cross-origin"
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://*.atri.dad https://*.atash.dev; font-src 'self' data:; connect-src 'self' wss: https://*.atri.dad https://*.atash.dev; object-src 'none'; base-uri 'self'; frame-ancestors 'none'" Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://*.atri.dad https://*.atash.dev; font-src 'self' data:; connect-src 'self' wss: https://*.atri.dad https://*.atash.dev; object-src 'none'; base-uri 'self'; frame-ancestors 'none'"
-Server -Server
@@ -98,6 +99,7 @@ in
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff" X-Content-Type-Options "nosniff"
X-Frame-Options "DENY" X-Frame-Options "DENY"
X-Robots-Tag "noimageindex, noodp, noydir, noindex, nofollow"
Referrer-Policy "strict-origin-when-cross-origin" Referrer-Policy "strict-origin-when-cross-origin"
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self' wss: https://*.atri.dad https://*.atash.dev; media-src 'self' https://rogers-hls.leanstream.co; object-src 'none'; base-uri 'self'; frame-ancestors 'none'" Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https:; font-src 'self' data:; connect-src 'self' wss: https://*.atri.dad https://*.atash.dev; media-src 'self' https://rogers-hls.leanstream.co; object-src 'none'; base-uri 'self'; frame-ancestors 'none'"
-Server -Server