Add anubis systemd and config env/botPolicies.yaml files

diff --git a/SETUP b/SETUP
index c84f2ce4befc47fe29887e5f2ba577a6c0fcc7ab..69735f05faf1e35e4983fdbb4796537f9dc6c099 100644 (file)
--- a/SETUP
+++ b/SETUP
@@ -61,6 +61,13 @@ adduser --system --shell /bin/bash --gecos 'Git' --group --disabled-password --h
 # Anubis will be wrapped around forgejo to keep the scraper bots out
 adduser --system --shell /bin/bash --gecos 'Anubis' --group --disabled-password --home /srv/anubis anubis
 
+# Install systemd service
+# /etc/systemd/system/anubis.service
+
+# And anubis environment and bot policies files
+# /srv/anubis/env
+# /srv/anubis/botPolicies.yaml
+
 # Make sure to get the keys to check updates
 wget https://pkgs.techaro.lol/techaro-pkgs.pub.asc
 gpg --import ./techaro-pkgs.pub.asc

diff --git a/config-files/etc/systemd/system/anubis.service b/config-files/etc/systemd/system/anubis.service
new file mode 100644 (file) index 0000000..80f4432
--- /dev/null
+++ b/config-files/etc/systemd/system/anubis.service
@@ -0,0 +1,12 @@
+Description=Anubis HTTP defence proxy
+After=network.target
+
+[Service]
+User=anubis
+ExecStart=/srv/anubis/anubis
+Restart=always
+RestartSec=30s
+EnvironmentFile=/srv/anubis/env
+
+[Install]
+WantedBy=multi-user.target

diff --git a/config-files/srv/anubis/botPolicies.yaml b/config-files/srv/anubis/botPolicies.yaml
new file mode 100644 (file) index 0000000..df6f4a7
--- /dev/null
+++ b/config-files/srv/anubis/botPolicies.yaml
@@ -0,0 +1,61 @@
+bots:
+  - import: (data)/bots/_deny-pathological.yaml
+  - import: (data)/bots/aggressive-brazilian-scrapers.yaml
+  - import: (data)/meta/ai-block-aggressive.yaml
+  - import: (data)/crawlers/_allow-good.yaml
+  - import: (data)/clients/x-firefox-ai.yaml
+  - import: (data)/common/keep-internet-working.yaml
+
+  - name: generic-browser
+    user_agent_regex: >-
+      Mozilla|Opera
+    action: WEIGH
+    weight:
+      adjust: 4
+
+dnsbl: false
+
+openGraph:
+  enabled: false
+  considerHost: false
+  ttl: 24h
+
+status_codes:
+  CHALLENGE: 200
+  DENY: 200
+
+store:
+  backend: memory
+  parameters: {}
+
+thresholds:
+  - name: minimal-suspicion
+    expression: weight <= 0
+    action: ALLOW
+  - name: mild-suspicion
+    expression:
+      all:
+        - weight > 0
+        - weight <= 10
+    action: CHALLENGE
+    challenge:
+      algorithm: metarefresh
+      difficulty: 1
+      report_as: 1
+  - name: moderate-suspicion
+    expression:
+      all:
+        - weight > 10
+        - weight < 20
+    action: CHALLENGE
+    challenge:
+      algorithm: fast
+      difficulty: 2
+      report_as: 2
+  - name: extreme-suspicion
+    expression: weight >= 20
+    action: CHALLENGE
+    challenge:
+      algorithm: fast
+      difficulty: 4
+      report_as: 4

diff --git a/config-files/srv/anubis/env b/config-files/srv/anubis/env
new file mode 100644 (file) index 0000000..681ae34
--- /dev/null
+++ b/config-files/srv/anubis/env
@@ -0,0 +1,5 @@
+BIND=:9001
+DIFFICULTY=2
+ED25519_PRIVATE_KEY_HEX=1430bfaf54e800a78a6c9e2e0853b032a6f36f72e6f3b4f7161279eb1d0c146e
+TARGET=http://localhost:3000
+POLICY_FNAME=/srv/anubis/botPolicies.yaml