Skip to content

Commit cd67749

Browse files
mweineltmweinelt
committed
Reapply "hydra-proxy: replace abuse handling with anubis"
This reverts commit 4900942.
1 parent 8f83749 commit cd67749

File tree

3 files changed

+30
-38
lines changed

3 files changed

+30
-38
lines changed

build/hydra-proxy.nix

Lines changed: 12 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -1,35 +1,26 @@
11
{
22
config,
3-
lib,
43
pkgs,
54
...
65
}:
76

8-
let
9-
bannedUserAgentPatterns = [
10-
"Trident/"
11-
"Android\\s[123456789]\\."
12-
"iPod"
13-
"iPad\\sOS\\s"
14-
"iPhone\\sOS\\s[23456789]"
15-
"Opera/[89]"
16-
# Chrome 134+
17-
"(Chrome|CriOS)/(\\d\\d?\\.|1[012]|13[0123])"
18-
# Firefox ESR 128 and Firefox 137+
19-
"(Firefox|FxiOS)/(\\d\\d?\\.|1[01]|12[012345679]|13[0123456])"
20-
"PPC\\sMac\\sOS"
21-
"Windows\\sCE"
22-
"Windows\\s95"
23-
"Windows\\s98"
24-
"Windows\\sNT\\s[12345]\\."
25-
];
26-
in
277
{
288
networking.firewall.allowedTCPPorts = [
299
80
3010
443
11+
9001
3112
];
3213

14+
services.anubis.instances."hydra-server" = {
15+
settings = {
16+
TARGET = "http://127.0.0.1:3000";
17+
BIND = ":3001";
18+
BIND_NETWORK = "tcp";
19+
METRICS_BIND = ":9001";
20+
METRICS_BIND_NETWORK = "tcp";
21+
};
22+
};
23+
3324
services.nginx = {
3425
enable = true;
3526
enableReload = true;
@@ -51,15 +42,6 @@ in
5142
worker_connections 1024;
5243
'';
5344

54-
appendHttpConfig = ''
55-
map $http_user_agent $badagent {
56-
default 0;
57-
${lib.concatMapStringsSep "\n" (pattern: ''
58-
~${pattern} 1;
59-
'') bannedUserAgentPatterns}
60-
}
61-
'';
62-
6345
virtualHosts."hydra.nixos.org" = {
6446
forceSSL = true;
6547
enableACME = true;
@@ -82,19 +64,12 @@ in
8264
'';
8365

8466
locations."/" = {
85-
proxyPass = "http://127.0.0.1:3000";
86-
extraConfig = ''
87-
if ($badagent) {
88-
access_log /var/log/nginx/abuse.log;
89-
return 403;
90-
}
91-
'';
67+
proxyPass = "http://127.0.0.1:3001";
9268
};
9369

9470
locations."/static/" = {
9571
alias = "${config.services.hydra-dev.package}/libexec/hydra/root/static/";
9672
};
9773
};
9874
};
99-
10075
}

build/pluto/prometheus/default.nix

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
{
44
imports = [
55
./alertmanager.nix
6-
./exporters/up.nix
6+
./exporters/anubis.nix
77
./exporters/blackbox.nix
88
./exporters/channel.nix
99
./exporters/domain.nix
@@ -17,6 +17,7 @@
1717
./exporters/owncast.nix
1818
./exporters/postgresql.nix
1919
./exporters/rasdaemon.nix
20+
./exporters/up.nix
2021
./exporters/zfs.nix
2122
];
2223

build/pluto/prometheus/exporters/anubis.nix

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
{
2+
services.prometheus = {
3+
scrapeConfigs = [
4+
{
5+
job_name = "anubis";
6+
static_configs = [
7+
{
8+
targets = [
9+
"hydra.nixos.org:9001"
10+
];
11+
}
12+
];
13+
}
14+
];
15+
};
16+
}

0 commit comments

Comments
 (0)