packages/anubis-files/src/policies/nextcloud.yaml at dd2f1614f985d05aa779b4a3cf4f8cf8ac7730a4 · pyrox.dev/nix

pyrox.dev / nix
My Nix Configuration
nix / packages / anubis-files / src / policies / nextcloud.yaml
at dd2f1614f985d05aa779b4a3cf4f8cf8ac7730a4 2.6 kB view raw
 1bots:
 2  - import: CUSTOM/policies/meta/base.yaml
 3  # Allow android apps that I use
 4  - name: allow-android-apps
 5    user_agent_regex: Nextcloud-android|DAVx5|ICSx5
 6    action: ALLOW
 7  # Allow the Thunderbird Filelink app
 8  - name: allow-thunderbird-filelink
 9    user_agent_regex: ^Filelink for \*cloud.*$
10    action: ALLOW
11  # Allow anyone accessing the **authenticated** DAV endpoint.
12  - name: allow-dav
13    path_regex: ^/remote.php/dav/.*$
14    action: ALLOW
15  # Allow public shares so that I can more easily send them
16  - name: allow-public-shares
17    path_regex: ^/s/.*$
18    action: ALLOW
19  # Allow clients to load assets to not break public shares
20  - name: allow-assets
21    action: ALLOW
22    expression:
23      any:
24        # Dist files from nextcloud core
25        - 'path.startsWith("/dist/")'
26        # Core Nextcloud files
27        - 'path.startsWith("/js/core")'
28        - 'path.startsWith("/core/css/")'
29        # Viewer app files
30        - 'path.startsWith("/apps/viewer")'
31        # Theme CSS
32        - 'path.startsWith("/apps/theming/")'
33        # Public DAV endpoint
34        - 'path.startsWith("/public.php/dav/files/")'
35dnsbl: false
36openGraph:
37  enabled: true
38  considerHost: false
39  ttl: 24h
40status_codes:
41  CHALLENGE: 200
42  DENY: 200
43thresholds:
44  - name: minimal-suspicion
45    expression: weight <= 0
46    action: ALLOW
47  - name: mild-suspicion
48    expression:
49      all:
50        - weight > 0
51        - weight < 10
52    action: CHALLENGE
53    challenge:
54      # https://anubis.techaro.lol/docs/admin/configuration/challenges/metarefresh
55      algorithm: metarefresh
56      difficulty: 1
57      report_as: 1
58  - name: moderate-suspicion
59    expression:
60      all:
61        - weight >= 10
62        - weight < 20
63    action: CHALLENGE
64    challenge:
65      # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
66      algorithm: fast
67      difficulty: 2 # two leading zeros, very fast for most clients
68      report_as: 2
69  - name: mild-proof-of-work
70    expression:
71      all:
72        - weight >= 20
73        - weight < 30
74    action: CHALLENGE
75    challenge:
76      # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
77      algorithm: fast
78      difficulty: 4
79      report_as: 4
80  # For clients that are browser like and have gained many points from custom rules
81  - name: extreme-suspicion
82    expression: weight >= 30
83    action: CHALLENGE
84    challenge:
85      # https://anubis.techaro.lol/docs/admin/configuration/challenges/proof-of-work
86      algorithm: fast
87      difficulty: 6
88      report_as: 5