pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / anubis.md
at 25.11-pre 1.9 kB view raw view code

Anubis {#module-services-anubis}#

Anubis is a scraper defense software that blocks AI scrapers. It is designed to sit between a reverse proxy and the service to be protected.

Quickstart {#module-services-anubis-quickstart}#

This module is designed to use Unix domain sockets as the socket paths can be automatically configured for multiple instances, but TCP sockets are also supported.

A minimal configuration with nginx may look like the following:

{ config, ... }: {
  services.anubis.instances.default.settings.TARGET = "http://localhost:8000";

  # required due to unix socket permissions
  users.users.nginx.extraGroups = [ config.users.groups.anubis.name ];
  services.nginx.virtualHosts."example.com" = {
    locations = {
      "/".proxyPass = "http://unix:${config.services.anubis.instances.default.settings.BIND}";
    };
  };
}

If Unix domain sockets are not needed or desired, this module supports operating with only TCP sockets.

{
  services.anubis = {
    instances.default = {
      settings = {
        TARGET = "http://localhost:8080";
        BIND = ":9000";
        BIND_NETWORK = "tcp";
        METRICS_BIND = "127.0.0.1:9001";
        METRICS_BIND_NETWORK = "tcp";
      };
    };
  };
}

Configuration {#module-services-anubis-configuration}#

It is possible to configure default settings for all instances of Anubis, via {option}services.anubis.defaultOptions.

{
  services.anubis.defaultOptions = {
    botPolicy = { dnsbl = false; };
    settings.DIFFICULTY = 3;
  };
}

Note that at the moment, a custom bot policy is not merged with the baked-in one. That means to only override a setting like dnsbl, copying the entire bot policy is required. Check the upstream repository for the policy.