Henry-Hiles/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add waf demo

Browse source
This commit is contained in:
Henry Hiles 2025-07-19 11:14:42 -04:00
commit d2d2b017b8
No known key found for this signature in database
2 changed files with 139 additions and 111 deletions
Download patch file Download diff file Expand all files Collapse all files

51
clients/quadraticserver/caddy.nix
View file

@ -10,3 +10,54 @@
};
};
}
# WAF demo
# {
# config,
# pkgs,
# lib,
# ...
# }: {
# config = {
# networking.firewall.allowedTCPPorts = [443];
# services.caddy = {
# enable = true;
# email = "henry@henryhiles.com";
# globalConfig = "order coraza_waf first";
# virtualHosts = lib.mapAttrs (_: hostCfg:
# hostCfg
# // {
# extraConfig = ''
# route {
# coraza_waf {
# load_owasp_crs
# directives `
# Include @coraza.conf-recommended
# Include @crs-setup.conf.example
# Include @owasp_crs/*.conf
# SecRuleRemoveById 920420
# SecRuleRemoveById 911100
# SecRuleEngine On
# `
# }
# }
# ${hostCfg.extraConfig or ""}
# '';
# })
# config.services.caddy.wafHosts;
# package = pkgs.caddy.withPlugins {
# plugins = ["github.com/ggicci/caddy-jwt@v1.1.0" "github.com/corazawaf/coraza-caddy/v2@v2.1.0"];
# hash = "sha256-1TmIs8CWMlNHF4NRqj7/W/pqRUIpcOFbJGALqPINVtk=";
# };
# };
# };
# options.services.caddy.wafHosts = lib.mkOption {
# type = lib.types.attrsOf (lib.types.submodule {
# options.extraConfig = lib.mkOption {
# type = lib.types.lines;
# default = "";
# };
# });
# default = {};
# };
# }

199
flake.lock generated
View file

@ -253,11 +253,11 @@
]
},
"locked": {
"lastModified": 1748883665,
"narHash": "sha256-R0W7uAg+BLoHjMRMQ8+oiSbTq8nkGz5RDpQ+ZfxxP3A=",
"lastModified": 1752264895,
"narHash": "sha256-1zBPE/PNAkPNUsOWFET4J0cjlvziH8DOekesDmjND+w=",
"owner": "cachix",
"repo": "cachix",
"rev": "f707778d902af4d62d8dd92c269f8e70de09acbe",
"rev": "47053aef762f452e816e44eb9a23fbc3827b241a",
"type": "github"
},
"original": {
@ -299,11 +299,11 @@
]
},
"locked": {
"lastModified": 1751075819,
"narHash": "sha256-po711J9vjNsUhlpkIAcy8bGh/249egbsqUVFcWi1Mho=",
"lastModified": 1752286006,
"narHash": "sha256-8FRVMNNRzDLzUbyxz55mzIDWIDisO9B2YL8fTmRCopY=",
"owner": "linyinfeng",
"repo": "commit-notifier",
"rev": "8f781a1851a17fe8f7d48467192a65f303ec5664",
"rev": "75c49e871e56ae9e43094b0fe398c3a8fd265932",
"type": "github"
},
"original": {
@ -545,11 +545,11 @@
]
},
"locked": {
"lastModified": 1751854533,
"narHash": "sha256-U/OQFplExOR1jazZY4KkaQkJqOl59xlh21HP9mI79Vc=",
"lastModified": 1752718651,
"narHash": "sha256-PkaR0qmyP9q/MDN3uYa+RLeBA0PjvEQiM0rTDDBXkL8=",
"owner": "nix-community",
"repo": "disko",
"rev": "16b74a1e304197248a1bc663280f2548dbfcae3c",
"rev": "d5ad4485e6f2edcc06751df65c5e16572877db88",
"type": "github"
},
"original": {
@ -591,11 +591,11 @@
]
},
"locked": {
"lastModified": 1752251148,
"narHash": "sha256-LOigOhLS+DC0JUAxG8YfbHoUyOpk/CS919hce9H/YLY=",
"lastModified": 1752337423,
"narHash": "sha256-g2VYhoGgbswUx6EqhypXMQ8qbgYvqlj85GwjzuYJlFI=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "fcd9c1b4bded92ec89abe7b41cb2fdb1dd1dd370",
"rev": "f381dd05cc5685a65fec42fc0a4e34ac62e81806",
"type": "github"
},
"original": {
@ -636,11 +636,11 @@
"rust-analyzer-src": "rust-analyzer-src_2"
},
"locked": {
"lastModified": 1752216262,
"narHash": "sha256-OO7SPN6DfXK8TG62AKWHUYc6D8kVNaKgAStGhDBEcBc=",
"lastModified": 1752302273,
"narHash": "sha256-xXZ0JkrpcpSgeuhezJZV2T+7gHcYCo39ogc55c4FyRw=",
"owner": "nix-community",
"repo": "fenix",
"rev": "1b96480284e9b3f76fb1f68dc2be246c8ae90e13",
"rev": "910743660778c55917959d64980bf046f52142ef",
"type": "github"
},
"original": {
@ -652,11 +652,11 @@
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1748383148,
"narHash": "sha256-pGvD/RGuuPf/4oogsfeRaeMm6ipUIznI2QSILKjKzeA=",
"lastModified": 1752677629,
"narHash": "sha256-ze2bcq5RSasEwvT6PR8EMedF4o8RoBtVB5ny6Jd9tA4=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "4eb2714fbed2b80e234312611a947d6cb7d70caf",
"rev": "15ac3dfeaf828a9336e7e199123f8020cf04f440",
"type": "github"
},
"original": {
@ -848,11 +848,11 @@
]
},
"locked": {
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"lastModified": 1751413152,
"narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
"type": "github"
},
"original": {
@ -1195,11 +1195,11 @@
]
},
"locked": {
"lastModified": 1751824240,
"narHash": "sha256-aDDC0CHTlL7QDKWWhdbEgVPK6KwWt+ca0QkmHYZxMzI=",
"lastModified": 1752814804,
"narHash": "sha256-irfg7lnfEpJY+3Cffkluzp2MTVw1Uq9QGxFp6qadcXI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "fd9e55f5fac45a26f6169310afca64d56b681935",
"rev": "d0300c8808e41da81d6edfc202f3d3833c157daf",
"type": "github"
},
"original": {
@ -1216,11 +1216,11 @@
]
},
"locked": {
"lastModified": 1752246954,
"narHash": "sha256-c1Rq5Hc4WZLKj1RkmjLFCcX4QHBwrL+DIZNMEHno7DU=",
"lastModified": 1752286566,
"narHash": "sha256-A4nftqiNz2bNihz0bKY94Hq/6ydR6UQOcGioeL7iymY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e90b28967cacc64de7fb8742314ed0d7d12f47c6",
"rev": "392ddb642abec771d63688c49fa7bcbb9d2a5717",
"type": "github"
},
"original": {
@ -1315,11 +1315,11 @@
]
},
"locked": {
"lastModified": 1752228483,
"narHash": "sha256-5yzlcgDV7o3fdrt2101fE/9VxB71NbKtF+IbTS3iNe0=",
"lastModified": 1752315036,
"narHash": "sha256-8nJ9tYKmUu3cq2b+GTHUsvosNZrkcJ8S8TTjOJXh0O8=",
"owner": "xddxdd",
"repo": "nur-packages",
"rev": "17c3910b363bd32df0458ee3ae63144657ef76f0",
"rev": "e63b8f669b39dbbc417be40fee645cf64cb77e15",
"type": "github"
},
"original": {
@ -1406,11 +1406,11 @@
]
},
"locked": {
"lastModified": 1752238174,
"narHash": "sha256-8Of4X7L8vnHNtC27+FL3i0KGYK9VqLYGey9WjbVzATU=",
"lastModified": 1752285416,
"narHash": "sha256-dwIY/usIu9d+eFEw/37SbNmcBplAuB5GWs5tc0xuCQQ=",
"owner": "linyinfeng",
"repo": "nur-packages",
"rev": "5dea91448e25a515208aac5743b43dcfa3daf49e",
"rev": "1e823957ea11e14e6d7f76eb927cd74199d5db6e",
"type": "github"
},
"original": {
@ -1509,11 +1509,11 @@
]
},
"locked": {
"lastModified": 1751647353,
"narHash": "sha256-vh586RBnVW/jOGkorg9GvT07uxGnE5rjH/uE/4ZugRM=",
"lastModified": 1752251870,
"narHash": "sha256-mdYdCaEHfrV5RacRG91fuROEeE//ElcmH10XDI07tOQ=",
"owner": "linyinfeng",
"repo": "mc-config-nuc",
"rev": "423039d75fdbc13fdfcda253129e79a93097338e",
"rev": "2e0c8147b049ec34f89fc6ea907560386d34094e",
"type": "github"
},
"original": {
@ -1563,11 +1563,11 @@
]
},
"locked": {
"lastModified": 1752199133,
"narHash": "sha256-cSlbaQGu94liy+/N1YJQmoRG8ZJoLkgP8tymyMmhD/4=",
"lastModified": 1752285580,
"narHash": "sha256-OfUvcz+1LEc/V9vte/10tTS6RLhUNJ+QyKmgjj7C1pc=",
"owner": "ninlives",
"repo": "minecraft.nix",
"rev": "73d0552089a3650d884838ef543517c2847f4897",
"rev": "e231a13c4a048d3650527fff28d87f06f8632c1a",
"type": "github"
},
"original": {
@ -1633,11 +1633,11 @@
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
},
"locked": {
"lastModified": 1752078530,
"narHash": "sha256-TrRmlYdhWcadWvBpDjB9Xlry4uT4ZUIO46d+o5tjtCQ=",
"lastModified": 1752291616,
"narHash": "sha256-zpPFo4cgr5tOy8DCLIoD++idsKjnzgVPnBeZLmazYc4=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "d231d92313192d4d0c78d6ef04167fed9dee87cf",
"rev": "30962469e2e8fb93c3672ee605316b89b8e9a198",
"type": "github"
},
"original": {
@ -1843,11 +1843,11 @@
]
},
"locked": {
"lastModified": 1751774635,
"narHash": "sha256-DuOznGdgMxeSlPpUu6Wkq0ZD5e2Cfv9XRZeZlHWMd1s=",
"lastModified": 1752305182,
"narHash": "sha256-6i4Q68G7wzNq1m2+l3lJUYgGZ9PwULvSVJpRSTTC46o=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "85686025ba6d18df31cc651a91d5adef63378978",
"rev": "ad29e2961dd0d58372384563bf00d510fc9f2e15",
"type": "github"
},
"original": {
@ -2150,11 +2150,11 @@
},
"nixpkgs-latest": {
"locked": {
"lastModified": 1752250779,
"narHash": "sha256-bCYMUyfHfGL8+4rNxWJARawldVUzD2Zs/7bt5yIQqSE=",
"lastModified": 1752336159,
"narHash": "sha256-mthHgsgpRZ+VwS+AcDyoHs25QqOZBHZtrr8BJ52QvV8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "a4fd72001ab44553fe601934a350ac5bcfea4f79",
"rev": "aca3b8acd1f6bc0d0e5a16acb34e054fb033bfd1",
"type": "github"
},
"original": {
@ -2228,11 +2228,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1751943650,
"narHash": "sha256-7orTnNqkGGru8Je6Un6mq1T8YVVU/O5kyW4+f9C1mZQ=",
"lastModified": 1752162966,
"narHash": "sha256-3MxxkU8ZXMHXcbFz7UE4M6qnIPTYGcE/7EMqlZNnVDE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88983d4b665fb491861005137ce2b11a9f89f203",
"rev": "10e687235226880ed5e9f33f1ffa71fe60f2638a",
"type": "github"
},
"original": {
@ -2244,11 +2244,11 @@
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1752206449,
"narHash": "sha256-NVAbC/s4CupABWGXF8M9mDiVw/n0YCftxwc1KatVjDk=",
"lastModified": 1752298176,
"narHash": "sha256-wY7/8k5mJbljXxBUX1bDHFVUcMrWdrDT8FNDrcPwLbA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1bd4d0d4a678d48b63eb18f457d74df2fcee6c69",
"rev": "d3807bc34e7d086b4754e1c842505570e23f9d01",
"type": "github"
},
"original": {
@ -2260,11 +2260,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1751792365,
"narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
"lastModified": 1752687322,
"narHash": "sha256-RKwfXA4OZROjBTQAl9WOZQFm7L8Bo93FQwSJpAiSRvo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1fd8bada0b6117e6c7eb54aad5813023eed37ccb",
"rev": "6e987485eb2c77e5dcc5af4e3c70843711ef9251",
"type": "github"
},
"original": {
@ -2283,15 +2283,14 @@
"nixpkgs": [
"stylix",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix_3"
]
},
"locked": {
"lastModified": 1748730660,
"narHash": "sha256-5LKmRYKdPuhm8j5GFe3AfrJL8dd8o57BQ34AGjJl1R0=",
"lastModified": 1751906969,
"narHash": "sha256-BSQAOdPnzdpOuCdAGSJmefSDlqmStFNScEnrWzSqKPw=",
"owner": "nix-community",
"repo": "NUR",
"rev": "2c0bc52fe14681e9ef60e3553888c4f086e46ecb",
"rev": "ddb679f4131e819efe3bbc6457ba19d7ad116f25",
"type": "github"
},
"original": {
@ -2419,11 +2418,11 @@
"flake": false,
"locked": {
"host": "gitlab.postmarketos.org",
"lastModified": 1752231397,
"narHash": "sha256-ttjVpoDehT5r/79BAhGxfy9ZPSC4uKsT4nz9Q57F/dc=",
"lastModified": 1752334735,
"narHash": "sha256-LRF8l6a3HrXdfWer+RWAQE356daYGnAKR/eLsEvcDDE=",
"owner": "postmarketOS",
"repo": "pmaports",
"rev": "3620e3713e047f3a7c56d54ac8de135434548ebe",
"rev": "bb57bd6b80450101be2fdf8ecbc609ea53ed03d7",
"type": "gitlab"
},
"original": {
@ -2522,11 +2521,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1751899529,
"narHash": "sha256-Ze/69a2jN/zsgVj87zNEaT0RwJRhhDJFm5kE9jY1vsY=",
"lastModified": 1752830985,
"narHash": "sha256-DDOoKKX9XRyHaTGPOd+Fe9b6fp2QVwuXnqfKs9VpgZs=",
"owner": "wamserma",
"repo": "flake-programs-sqlite",
"rev": "527944f812daf16a8295f75a0d3e84dd679646e6",
"rev": "aa86c1bd59ec767d29da4705ee4168e239b079a2",
"type": "github"
},
"original": {
@ -2618,11 +2617,11 @@
"rust-analyzer-src_2": {
"flake": false,
"locked": {
"lastModified": 1752182378,
"narHash": "sha256-bKzsGh+1AWSpL2Q2/0FKgNchTJOmYpQH2BS9dCyKXaI=",
"lastModified": 1752262373,
"narHash": "sha256-eRDeo/hVnf958ESWy8qV/jZj4ZRbFXsmMdw1cnI57dE=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "e2c8cefa63bd4cafb66978867c0f1ec2ba14bb03",
"rev": "a489123e806ceadfdc5568bf9609b0468f5a2e6a",
"type": "github"
},
"original": {
@ -2661,11 +2660,11 @@
]
},
"locked": {
"lastModified": 1752201818,
"narHash": "sha256-d8KczaVT8WFEZdWg//tMAbv8EDyn2YTWcJvSY8gqKBU=",
"lastModified": 1752288212,
"narHash": "sha256-f2PMqtf61mWAM11QoIfGv3hjD2AsJrij4FCzftepuaE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "bd8f8329780b348fedcd37b53dbbee48c08c496d",
"rev": "678296525a4cce249c608749b171d0b2ceb8b2ff",
"type": "github"
},
"original": {
@ -2799,11 +2798,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1751914048,
"narHash": "sha256-xHO3xlw35tCC0f3pN3osPNjgwwwAgusTuZk5iC8oDiE=",
"lastModified": 1752750082,
"narHash": "sha256-NoVAqy+Wj4tgkvrYB8zWncl8Z6Hb80aX3t/TYGdsfaM=",
"owner": "danth",
"repo": "stylix",
"rev": "bf0ef81c8fcc30c32db9dab32d379f8d9db835e4",
"rev": "03699ed214f6e8195bc7199d6ae3aeccf9732b08",
"type": "github"
},
"original": {
@ -2938,11 +2937,11 @@
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1748180480,
"narHash": "sha256-7n0XiZiEHl2zRhDwZd/g+p38xwEoWtT0/aESwTMXWG4=",
"lastModified": 1750770351,
"narHash": "sha256-LI+BnRoFNRa2ffbe3dcuIRYAUcGklBx0+EcFxlHj0SY=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "87d652edd26f5c0c99deda5ae13dfb8ece2ffe31",
"rev": "5a775c6ffd6e6125947b393872cde95867d85a2a",
"type": "github"
},
"original": {
@ -2954,11 +2953,11 @@
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1748740859,
"narHash": "sha256-OEM12bg7F4N5WjZOcV7FHJbqRI6jtCqL6u8FtPrlZz4=",
"lastModified": 1751159871,
"narHash": "sha256-UOHBN1fgHIEzvPmdNMHaDvdRMgLmEJh2hNmDrp3d3LE=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "57d5f9683ff9a3b590643beeaf0364da819aedda",
"rev": "bded5e24407cec9d01bd47a317d15b9223a1546c",
"type": "github"
},
"original": {
@ -2970,11 +2969,11 @@
"tinted-zed": {
"flake": false,
"locked": {
"lastModified": 1725758778,
"narHash": "sha256-8P1b6mJWyYcu36WRlSVbuj575QWIFZALZMTg5ID/sM4=",
"lastModified": 1751158968,
"narHash": "sha256-ksOyv7D3SRRtebpXxgpG4TK8gZSKFc4TIZpR+C98jX8=",
"owner": "tinted-theming",
"repo": "base16-zed",
"rev": "122c9e5c0e6f27211361a04fae92df97940eccf9",
"rev": "86a470d94204f7652b906ab0d378e4231a5b3384",
"type": "github"
},
"original": {
@ -3025,28 +3024,6 @@
"type": "github"
}
},
"treefmt-nix_3": {
"inputs": {
"nixpkgs": [
"stylix",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733222881,
"narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1678901627,
@ -3079,11 +3056,11 @@
},
"wrapper-manager": {
"locked": {
"lastModified": 1750605920,
"narHash": "sha256-H7aKzVWtX2Efp8DwCuMrZex+IiXII2/PF5rO+Mu5oYU=",
"lastModified": 1751998186,
"narHash": "sha256-np2RxS8tRz/jGfUSYKxzg7cCi4dS8PL8gutLZfPMbIY=",
"owner": "viperML",
"repo": "wrapper-manager",
"rev": "238d49c10383cd1db56d694bff9d573684c71526",
"rev": "8ad2484b485acad0632cb0af15b5eb704e3c1d0a",
"type": "github"
},
"original": {