Himeji: Properly configure Anubis for September

5 files changed, 46 insertions, 19 deletions

diff --git a/hosts/himeji/configuration.nix b/hosts/himeji/configuration.nix
index c20d88b..39d4f09 100644
--- a/hosts/himeji/configuration.nix
+++ b/hosts/himeji/configuration.nix
@@ -19,7 +19,7 @@
         engine = "podman";
 
         extraOptions = [
-          "--restart=always"
+          "--restart=on-failure"
           "--pull=newer"
         ];
       };
diff --git a/justfile b/justfile
index 3f9a96f..f8e840f 100644
--- a/justfile
+++ b/justfile
@@ -39,12 +39,18 @@ commit message:
 restore path='.':
   git restore --staged {{path}} && git restore {{path}}
 
-deploy hostname user='root' ip=hostname:
+deploy_action action hostname user='root' ip=hostname:
   git add . && nixos-rebuild \
     --flake .#{{hostname}} \
     --target-host {{user}}@{{ip}} \
     --use-remote-sudo \
-    switch
+    {{action}}
+
+deploy hostname user='root' ip=hostname:
+  just deploy_action boot {{hostname}} {{user}} {{ip}}
+
+deploy_switch hostname user='root' ip=hostname:
+  just deploy_action switch {{hostname}} {{user}} {{ip}}
 
 provision ip hostname:
   doas nix run github:nix-community/nixos-anywhere \
diff --git a/modules/server/virtualisation/containers/anubis.nix b/modules/server/virtualisation/containers/anubis.nix
new file mode 100644
index 0000000..d3b0d8a
--- /dev/null
+++ b/modules/server/virtualisation/containers/anubis.nix
@@ -0,0 +1,36 @@
+{ config, ... }:
+let
+  port = builtins.toString 8092;
+in
+{
+  services.caddy.virtualHosts."fuwn.me".extraConfig = ''
+    reverse_proxy localhost:${port}
+
+    header Onion-Location http://fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion{path}
+  '';
+
+  # @blocked {
+  #   path /proxy/illegaldrugs.net/cgi-bin/news.php*
+  #   path /proxy/scholasticdiversity.us.to/scriptures/*
+  #   path /proxy/jsreed5.org/oeis/*
+  #   path /proxy/mastogem.picasoft.net/thread/*
+  #   path /proxy/mastogem.picasoft.net/toot/*
+  # }
+
+  # respond @blocked 403
+
+  virtualisation.oci-containers.containers.anubis = {
+    image = "ghcr.io/techarohq/anubis:latest";
+    autoStart = true;
+    ports = [ "127.0.0.1:${port}:${port}" ];
+    extraOptions = config.modules.containers.extraOptions ++ [ "--network=host" ];
+
+    environment = {
+      BIND = ":${port}";
+      OG_PASSTHROUGH = "true";
+      SERVE_ROBOTS_TXT = "false";
+      TARGET = "http://127.0.0.1:8084";
+      USE_REMOTE_ADDRESS = "true";
+    };
+  };
+}
diff --git a/modules/server/virtualisation/containers/default.nix b/modules/server/virtualisation/containers/default.nix
index 722b393..56b817b 100644
--- a/modules/server/virtualisation/containers/default.nix
+++ b/modules/server/virtualisation/containers/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
+    ./anubis.nix # 8092
     # ./beszel.nix # 8083
     # ./beszel-agent.nix # 45876
     ./dozzle.nix # 8091
diff --git a/modules/server/virtualisation/containers/september.nix b/modules/server/virtualisation/containers/september.nix
index ab12e00..535bc22 100644
--- a/modules/server/virtualisation/containers/september.nix
+++ b/modules/server/virtualisation/containers/september.nix
@@ -3,22 +3,6 @@ let
   port = builtins.toString 8084;
 in
 {
-  services.caddy.virtualHosts."fuwn.me".extraConfig = ''
-    reverse_proxy localhost:${port}
-
-    header Onion-Location http://fuwnme4wbs5x36jjf2usedw2zscozwhazykhyfkjsmudtb7egs3mb7yd.onion{path}
-
-    @blocked {
-      path /proxy/illegaldrugs.net/cgi-bin/news.php*
-      path /proxy/scholasticdiversity.us.to/scriptures/*
-      path /proxy/jsreed5.org/oeis/*
-      path /proxy/mastogem.picasoft.net/thread/*
-      path /proxy/mastogem.picasoft.net/toot/*
-    }
-
-    respond @blocked 403
-  '';
-
   virtualisation.oci-containers.containers.september = {
     inherit (config.modules.containers) extraOptions;