Loading nixos/modules/services/networking/anubis.nix +13 −2 Original line number Diff line number Diff line Loading @@ -55,7 +55,7 @@ let type = types.str; }; botPolicy = lib.mkOption { botPolicy = mkDefaultOption "botPolicy" { default = null; description = '' Anubis policy configuration in Nix syntax. Set to `null` to use the baked-in policy which should be Loading Loading @@ -265,7 +265,18 @@ in wants = [ "network-online.target" ]; environment = lib.mapAttrs (lib.const (lib.generators.mkValueStringDefault { })) ( lib.filterAttrs (_: v: v != null) instance.settings lib.filterAttrs (_: v: v != null) ( instance.settings // { POLICY_FNAME = if instance.settings.POLICY_FNAME != null then instance.settings.POLICY_FNAME else if instance.botPolicy != null then jsonFormat.generate "${instanceName name}-botPolicy.json" instance.botPolicy else null; } ) ); serviceConfig = { Loading nixos/tests/anubis.nix +36 −4 Original line number Diff line number Diff line Loading @@ -11,10 +11,14 @@ { config, pkgs, ... }: { services.anubis = { defaultOptions.settings = { defaultOptions = { # Get default botPolicy botPolicy = lib.importJSON "${config.services.anubis.package.src}/data/botPolicies.json"; settings = { DIFFICULTY = 3; USER_DEFINED_DEFAULT = true; }; }; instances = { "".settings = { TARGET = "http://localhost:8080"; Loading @@ -38,11 +42,34 @@ group = "nginx"; settings.TARGET = "unix:///run/nginx/nginx.sock"; }; "botPolicy-default" = { botPolicy = null; settings.TARGET = "http://localhost:8080"; }; "botPolicy-file" = { settings = { TARGET = "http://localhost:8080"; POLICY_FNAME = "/etc/anubis-botPolicy.json"; }; }; }; }; # Empty json for testing environment.etc."anubis-botPolicy.json".text = lib.generators.toJSON { } { bots = [ { name = "allow-all"; user_agent_regex = ".*"; action = "ALLOW"; } ]; }; # support users.users.nginx.extraGroups = [ config.users.groups.anubis.name ]; users.users.nginx.extraGroups = [ config.services.anubis.defaultOptions.group ]; services.nginx = { enable = true; recommendedProxySettings = true; Loading Loading @@ -115,5 +142,10 @@ # Make sure defaults don't overwrite themselves machine.succeed('cat /run/current-system/etc/systemd/system/anubis.service | grep "DIFFICULTY=5"') machine.succeed('cat /run/current-system/etc/systemd/system/anubis-tcp.service | grep "DIFFICULTY=3"') # Check correct BotPolicy settings are applied machine.succeed('cat /run/current-system/etc/systemd/system/anubis.service | grep "POLICY_FNAME=/nix/store"') machine.fail('cat /run/current-system/etc/systemd/system/anubis-botPolicy-default.service | grep "POLICY_FNAME="') machine.succeed('cat /run/current-system/etc/systemd/system/anubis-botPolicy-file.service | grep "POLICY_FNAME=/etc/anubis-botPolicy.json"') ''; } Loading
nixos/modules/services/networking/anubis.nix +13 −2 Original line number Diff line number Diff line Loading @@ -55,7 +55,7 @@ let type = types.str; }; botPolicy = lib.mkOption { botPolicy = mkDefaultOption "botPolicy" { default = null; description = '' Anubis policy configuration in Nix syntax. Set to `null` to use the baked-in policy which should be Loading Loading @@ -265,7 +265,18 @@ in wants = [ "network-online.target" ]; environment = lib.mapAttrs (lib.const (lib.generators.mkValueStringDefault { })) ( lib.filterAttrs (_: v: v != null) instance.settings lib.filterAttrs (_: v: v != null) ( instance.settings // { POLICY_FNAME = if instance.settings.POLICY_FNAME != null then instance.settings.POLICY_FNAME else if instance.botPolicy != null then jsonFormat.generate "${instanceName name}-botPolicy.json" instance.botPolicy else null; } ) ); serviceConfig = { Loading
nixos/tests/anubis.nix +36 −4 Original line number Diff line number Diff line Loading @@ -11,10 +11,14 @@ { config, pkgs, ... }: { services.anubis = { defaultOptions.settings = { defaultOptions = { # Get default botPolicy botPolicy = lib.importJSON "${config.services.anubis.package.src}/data/botPolicies.json"; settings = { DIFFICULTY = 3; USER_DEFINED_DEFAULT = true; }; }; instances = { "".settings = { TARGET = "http://localhost:8080"; Loading @@ -38,11 +42,34 @@ group = "nginx"; settings.TARGET = "unix:///run/nginx/nginx.sock"; }; "botPolicy-default" = { botPolicy = null; settings.TARGET = "http://localhost:8080"; }; "botPolicy-file" = { settings = { TARGET = "http://localhost:8080"; POLICY_FNAME = "/etc/anubis-botPolicy.json"; }; }; }; }; # Empty json for testing environment.etc."anubis-botPolicy.json".text = lib.generators.toJSON { } { bots = [ { name = "allow-all"; user_agent_regex = ".*"; action = "ALLOW"; } ]; }; # support users.users.nginx.extraGroups = [ config.users.groups.anubis.name ]; users.users.nginx.extraGroups = [ config.services.anubis.defaultOptions.group ]; services.nginx = { enable = true; recommendedProxySettings = true; Loading Loading @@ -115,5 +142,10 @@ # Make sure defaults don't overwrite themselves machine.succeed('cat /run/current-system/etc/systemd/system/anubis.service | grep "DIFFICULTY=5"') machine.succeed('cat /run/current-system/etc/systemd/system/anubis-tcp.service | grep "DIFFICULTY=3"') # Check correct BotPolicy settings are applied machine.succeed('cat /run/current-system/etc/systemd/system/anubis.service | grep "POLICY_FNAME=/nix/store"') machine.fail('cat /run/current-system/etc/systemd/system/anubis-botPolicy-default.service | grep "POLICY_FNAME="') machine.succeed('cat /run/current-system/etc/systemd/system/anubis-botPolicy-file.service | grep "POLICY_FNAME=/etc/anubis-botPolicy.json"') ''; }
