-
Notifications
You must be signed in to change notification settings - Fork 0
/
nixos-module.nix
88 lines (87 loc) · 3.14 KB
/
nixos-module.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
{self}: {
config,
pkgs,
lib,
...
}:
with builtins; let
std = pkgs.lib;
nginx = config.services.nginx;
mkRobotsTxt = robots: let
agents = std.concatStringsSep "\n" (map (agent: "User-agent: ${agent}") robots);
in
pkgs.writeText "robots.txt" ''
${agents}
Disallow: /
'';
regexEscapes = ["\"" "[" "]" "(" ")" "{" "}" "^" "$" "+" "*" "." "|" "?" "\\"];
defaultBlockList = attrNames (fromJSON (readFile "${self.inputs.ai-robots-txt}/robots.json"));
in {
options = with lib; {
services.nginx = {
virtualHostDefaults = mkOption {
type = types.deferredModuleWith {
staticModules = [];
};
description = "Default configuration merged into every virtual host.";
default = {};
};
virtualHosts = mkOption {
# type-merge the `virtualHosts` submodule so we can import `nginx.virtualHostDefaults` into every virtualHost
type = types.attrsOf (types.submoduleWith {
# avoid conflict with default submodule declaration
shorthandOnlyDefinesConfig = true;
modules = [
nginx.virtualHostDefaults
({
config,
lib,
...
}: {
options = {
blockAgents = {
enable = mkEnableOption "blocking a set of user agents from accessing this virtual host.";
agents = mkOption {
type = types.listOf types.str;
description = "User agent strings to block from accessing this virtual host.";
default = defaultBlockList;
defaultText = "The user agent list from [github:ai-robots-txt/ai.robots.txt](https://github.com/ai-robots-txt/ai.robots.txt).";
example = ["Amazonbot" "AI2Bot" "Applebot"];
};
robotsTxt = {
enable = mkEnableOption "robots.txt";
};
method = mkOption {
type = types.str;
description = "Method by which to block agents.";
default = "return 444";
defaultText = "`return 444`, dropping the connection.";
example = "return 307 https://ash-speed.hetzner.com/10GB.bin";
};
};
};
config = lib.mkMerge [
(lib.mkIf (config.blockAgents.enable && (length config.blockAgents.agents) > 0) {
locations."=/robots.txt" = lib.mkIf config.blockAgents.robotsTxt.enable {
alias = mkRobotsTxt config.blockAgents.agents;
};
extraConfig = let
agentRules = lib.concatStringsSep "|" (map (lib.strings.escape regexEscapes) config.blockAgents.agents);
in ''
if ($http_user_agent ~* "(${agentRules})") {
${config.blockAgents.method};
}
'';
})
];
})
];
});
};
};
};
disabledModules = [];
imports = [];
config = {};
meta = {};
}