Simon Bruder
f945341668
This applies the REUSE specification to the repository, so the licensing information can be tracked for every file individually.
64 lines
2.4 KiB
Nix
64 lines
2.4 KiB
Nix
# SPDX-FileCopyrightText: 2023 Simon Bruder <simon@sbruder.de>
|
||
#
|
||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||
|
||
# I don’t do this, because I want to.
|
||
# I think I might have to do this because of § 8.2 of Hetzner’s ToS.
|
||
{ config, lib, ... }:
|
||
let
|
||
serviceBlocks = {
|
||
nitter = [
|
||
{ path = "/ks1v/status/1439866313476689924"; report = "2023-04-21-Hetzner-C591581F-ROSKOMNADZOR.txt"; }
|
||
];
|
||
iv = [
|
||
{ video = "NR57D2UVqm4"; report = "2023-04-28-Hetzner-C633C02D-ROSKOMNADZOR.txt"; }
|
||
];
|
||
libreddit = [
|
||
];
|
||
};
|
||
in
|
||
{
|
||
services.nginx.virtualHosts = lib.mapAttrs'
|
||
(domain: blocks: lib.nameValuePair "${domain}.sbruder.xyz" {
|
||
locations = lib.listToAttrs
|
||
(map
|
||
(block:
|
||
let
|
||
# workaround for nginx dropping parent headers
|
||
# see https://github.com/yandex/gixy/blob/master/docs/en/plugins/addheaderredefinition.md
|
||
parentHeaders = lib.concatStringsSep "\n" (lib.filter
|
||
(lib.hasPrefix "add_header ")
|
||
(lib.splitString "\n" config.services.nginx.commonHttpConfig));
|
||
transparency_url = "https://sbruder.xyz/transparency/${block.report}";
|
||
return_statement = ''
|
||
${parentHeaders}
|
||
add_header Link "<${transparency_url}>; rel=blocked-by" always;
|
||
add_header Content-Type text/html always;
|
||
return 451 '<html><head><title>451 Unavailable For Legal Reasons</title></head><body><center><h1>451 Unavailable For Legal Reasons</h1><p><a href="${transparency_url}">Transparency</a></p></center><hr><center>nginx</center></body></html>';
|
||
'';
|
||
path =
|
||
if block ? "path"
|
||
then block.path
|
||
else
|
||
(if block ? "video"
|
||
then "/" # not pretty, but I don’t know how to do this differently
|
||
else throw "invalid block");
|
||
location_block =
|
||
if block ? "video"
|
||
then {
|
||
extraConfig = ''
|
||
if ($arg_v = ${block.video}) {
|
||
${return_statement}
|
||
}
|
||
'';
|
||
}
|
||
else { extraConfig = return_statement; };
|
||
in
|
||
lib.nameValuePair
|
||
path
|
||
location_block)
|
||
blocks);
|
||
})
|
||
serviceBlocks;
|
||
}
|