tangled.org
+7
-17
flake.nix
+7
-17
flake.nix
···
22
22
system = "x86_64-linux";
23
23
commonArgs = import ./common/ssh.nix;
24
24
25
-
colmenaHive = colmena.lib.makeHive {
26
-
meta = {
27
-
nixpkgs = nixpkgs.legacyPackages.x86_64-linux;
28
-
specialArgs = {
29
-
nixery-pkgs = import nixery-flake.outPath {
30
-
pkgs = import nixpkgs { system = "x86_64-linux"; };
31
-
};
32
-
tangled-pkgs = tangled.packages.x86_64-linux;
33
-
commonArgs = import ./common/ssh.nix;
34
-
};
35
25
# Helper function to create nixosConfiguration
36
26
mkHost = hostname: extraModules:
37
27
nixpkgs.lib.nixosSystem {
···
44
34
};
45
35
46
36
# Helper function to create colmena host
47
-
mkColmenaHost = hostname: targetHost: extraModules:
37
+
mkColmenaHost = hostname: targetHost: targetPort: extraModules:
48
38
{
49
39
deployment = {
50
40
inherit targetHost;
51
-
targetPort = 22;
41
+
inherit targetPort;
52
42
targetUser = "tangler";
53
43
buildOnTarget = true;
54
44
};
···
137
127
environment.systemPackages = [ pkgs.curl ];
138
128
};
139
129
140
-
appview = mkColmenaHost "appview" hosts.appview.target hosts.appview.modules;
141
-
pds = mkColmenaHost "pds" hosts.pds.target hosts.pds.modules;
142
-
nixery = mkColmenaHost "nixery" hosts.nixery.target hosts.nixery.modules;
143
-
spindle = mkColmenaHost "spindle" hosts.spindle.target hosts.spindle.modules;
144
-
knot1 = mkColmenaHost "knot1" hosts.knot1.target hosts.knot1.modules;
130
+
appview = mkColmenaHost "appview" hosts.appview.target 2222 hosts.appview.modules;
131
+
pds = mkColmenaHost "pds" hosts.pds.target 22 hosts.pds.modules;
132
+
nixery = mkColmenaHost "nixery" hosts.nixery.target 22 hosts.nixery.modules;
133
+
spindle = mkColmenaHost "spindle" hosts.spindle.target 22 hosts.spindle.modules;
134
+
knot1 = mkColmenaHost "knot1" hosts.knot1.target 22 hosts.knot1.modules;
145
135
};
146
136
};
147
137
}
+1
hosts/appview/configuration.nix
+1
hosts/appview/configuration.nix
+37
-7
hosts/appview/services/nginx.nix
+37
-7
hosts/appview/services/nginx.nix
···
7
7
recommendedOptimisation = true;
8
8
recommendedGzipSettings = true;
9
9
10
+
# bot blocking
11
+
appendHttpConfig = ''
12
+
map $http_user_agent $block_bot {
13
+
default 0;
14
+
~*PerplexityBot 1;
15
+
~*GPTBot 1;
16
+
~*ChatGPT-User 1;
17
+
~*CCBot 1;
18
+
~*anthropic-ai 1;
19
+
~*Claude-Web 1;
20
+
}
21
+
'';
22
+
23
+
streamConfig = ''
24
+
upstream knot-sailor {
25
+
server 94.237.110.185:22;
26
+
}
27
+
28
+
server {
29
+
listen 22;
30
+
listen [::]:22;
31
+
proxy_pass knot-sailor;
32
+
}
33
+
'';
34
+
10
35
virtualHosts = {
11
36
# Redirect tangled.sh โ tangled.org
12
37
"tangled.sh" = {
···
44
69
enableACME = true;
45
70
46
71
extraConfig = ''
72
+
if ($block_bot) {
73
+
return 403;
74
+
}
75
+
47
76
# Redirect www โ bare domain
48
77
if ($host = www.tangled.org) {
49
78
return 301 https://tangled.org$request_uri;
···
53
82
'';
54
83
55
84
locations."~ ^/@tangled\\.sh(/.*)?$" = {
56
-
return = "301 https://tangled.org/@tangled.org$1$is_args$args";
85
+
extraConfig = ''
86
+
rewrite ^/@tangled\.sh(.*)$ https://tangled.org/@tangled.org$1 permanent;
87
+
'';
57
88
};
58
89
59
90
locations."~ ^/tangled\\.sh(/.*)?$" = {
60
-
return = "301 https://tangled.org/tangled.org$1$is_args$args";
91
+
extraConfig = ''
92
+
rewrite ^/tangled\.sh(.*)$ https://tangled.org/tangled.org$1 permanent;
93
+
'';
61
94
};
95
+
62
96
63
97
locations."~ /logs$" = {
64
98
proxyPass = "http://127.0.0.1:3000";
···
71
105
locations."/" = {
72
106
proxyPass = "http://127.0.0.1:3000";
73
107
extraConfig = ''
74
-
proxy_set_header Host $host;
75
-
proxy_set_header X-Real-IP $remote_addr;
76
-
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
77
-
proxy_set_header X-Forwarded-Proto $scheme;
78
108
client_max_body_size 100M;
79
109
'';
80
110
};
···
83
113
};
84
114
85
115
# Open firewall ports
86
-
networking.firewall.allowedTCPPorts = [ 80 443 ];
116
+
networking.firewall.allowedTCPPorts = [ 80 443 2222 22 ];
87
117
88
118
# ACME configuration for Let's Encrypt
89
119
security.acme = {