simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity
nixos-config/machines/renge/services/sbruder.xyz/blocks.nix
Simon Bruder 4880116919
renge/sbruder.xyz: Add censorship infrastructure 
I don’t want to do this, but I might have to. Hetzner’s ToS are very
vague in what content they don’t allow, so I think I might have to
comply with the Russian censorship authority.
2023-04-29 09:41:00 +02:00

60 lines
2.3 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# I dont do this, because I want to.
# I think I might have to do this because of § 8.2 of Hetzners ToS.
{ config, lib, ... }:
let
serviceBlocks = {
nitter = [
{ path = "/ks1v/status/1439866313476689924"; report = "2023-04-21-Hetzner-C591581F-ROSKOMNADZOR.txt"; }
];
iv = [
{ video = "NR57D2UVqm4"; report = "2023-04-28-Hetzner-C633C02D-ROSKOMNADZOR.txt"; }
];
libreddit = [
];
};
in
{
services.nginx.virtualHosts = lib.mapAttrs'
(domain: blocks: lib.nameValuePair "${domain}.sbruder.xyz" {
locations = lib.listToAttrs
(map
(block:
let
# workaround for nginx dropping parent headers
# see https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md
parentHeaders = lib.concatStringsSep "\n" (lib.filter
(lib.hasPrefix "add_header ")
(lib.splitString "\n" config.services.nginx.commonHttpConfig));
transparency_url = "https://sbruder.xyz/transparency/${block.report}";
return_statement = ''
${parentHeaders}
add_header Link "<${transparency_url}>; rel=blocked-by" always;
add_header Content-Type text/html always;
return 451 '<html><head><title>451 Unavailable For Legal Reasons</title></head><body><center><h1>451 Unavailable For Legal Reasons</h1><p><a href="${transparency_url}">Transparency</a></p></center><hr><center>nginx</center></body></html>';
'';
path =
if block ? "path"
then block.path
else
(if block ? "video"
then "/" # not pretty, but I dont know how to do this differently
else throw "invalid block");
location_block =
if block ? "video"
then {
extraConfig = ''
if ($arg_v = ${block.video}) {
${return_statement}
}
'';
}
else { extraConfig = return_statement; };
in
lib.nameValuePair
path
location_block)
blocks);
})
serviceBlocks;
}
Reference in a new issue View git blame Copy permalink