chore(gitea): test botstopper

Signed-off-by: Xe Iaso <me@xeiaso.net>

4 files changed, 94 insertions, 3 deletions

diff --git a/kube/alrest/gitea/cfg/anubis/botPolicies.yaml b/kube/alrest/gitea/cfg/anubis/botPolicies.yaml
new file mode 100644
index 0000000..585be15
--- /dev/null
+++ b/kube/alrest/gitea/cfg/anubis/botPolicies.yaml
@@ -0,0 +1,50 @@
+## Anubis has the ability to let you import snippets of configuration into the main
+## configuration file. This allows you to break up your config into smaller parts
+## that get logically assembled into one big file.
+##
+## Of note, a bot rule can either have inline bot configuration or import a
+## bot config snippet. You cannot do both in a single bot rule.
+##
+## Import paths can either be prefixed with (data) to import from the common/shared
+## rules in the data folder in the Anubis source tree or will point to absolute/relative
+## paths in your filesystem. If you don't have access to the Anubis source tree, check
+## /usr/share/docs/anubis/data or in the tarball you extracted Anubis from.
+
+bots:
+# Pathological bots to deny
+- # This correlates to data/bots/ai-robots-txt.yaml in the source tree
+  import: (data)/bots/ai-robots-txt.yaml
+- import: (data)/bots/cloudflare-workers.yaml 
+- import: (data)/bots/headless-browsers.yaml
+- import: (data)/bots/us-ai-scraper.yaml
+
+# Search engines to allow
+- import: (data)/crawlers/googlebot.yaml
+- import: (data)/crawlers/bingbot.yaml
+- import: (data)/crawlers/duckduckbot.yaml
+- import: (data)/crawlers/qwantbot.yaml
+- import: (data)/crawlers/internet-archive.yaml
+- import: (data)/crawlers/kagibot.yaml
+- import: (data)/crawlers/marginalia.yaml
+- import: (data)/crawlers/mojeekbot.yaml
+
+# Allow common "keeping the internet working" routes (well-known, favicon, robots.txt)
+- import: (data)/common/keep-internet-working.yaml
+
+# # Punish any bot with "bot" in the user-agent string
+# # This is known to have a high false-positive rate, use at your own risk
+# - name: generic-bot-catchall
+#   user_agent_regex: (?i:bot|crawler)
+#   action: CHALLENGE
+#   challenge:
+#     difficulty: 16  # impossible
+#     report_as: 4    # lie to the operator
+#     algorithm: slow # intentionally waste CPU cycles and time
+
+# Generic catchall rule
+- name: generic-browser
+  user_agent_regex: >
+    Mozilla|Opera
+  action: CHALLENGE
+
+dnsbl: false
diff --git a/kube/alrest/gitea/cfg/botstopper/custom.css b/kube/alrest/gitea/cfg/botstopper/custom.css
new file mode 100644
index 0000000..dc4ce7f
--- /dev/null
+++ b/kube/alrest/gitea/cfg/botstopper/custom.css
@@ -0,0 +1,24 @@
+:root {
+  --body-sans-font: sans-serif;
+  --body-preformatted-font: monospace;
+  --body-title-font: serif;
+
+  --dark-background: #000000;
+  --dark-text: #ffffff;
+  --dark-text-selection: #d3869b;
+  --dark-preformatted-background: #3c3836;
+  --dark-link-foreground: #b16286;
+  --dark-link-background: #282828;
+  --dark-blockquote-border-left: 1px solid #bdae93;
+
+  --light-background: #ffffff;
+  --light-text: #000000;
+  --light-text-selection: #d3869b;
+  --light-preformatted-background: #ebdbb2;
+  --light-link-foreground: #b16286;
+  --light-link-background: #fbf1c7;
+  --light-blockquote-border-left: 1px solid #655c54;
+
+  --progress-bar-outline: #afafaf solid 4px;
+  --progress-bar-fill: #4f4f4f;
+}
diff --git a/kube/alrest/gitea/deployment.yaml b/kube/alrest/gitea/deployment.yaml
index 5bab6f7..ab2457f 100644
--- a/kube/alrest/gitea/deployment.yaml
+++ b/kube/alrest/gitea/deployment.yaml
@@ -56,6 +56,8 @@ spec:
     spec:
       securityContext:
         fsGroup: 1000
+      imagePullSecrets:
+      - name: techarohq-botstopper
       volumes:
         - name: data
           persistentVolumeClaim:
@@ -69,6 +71,9 @@ spec:
         - name: anubis
           configMap:
             name: anubis-cfg
+        - name: botstopper-css
+          configMap:
+            name: botstopper-custom-css
       containers:
         - name: main
           image: gitea/gitea:1-rootless
@@ -150,17 +155,21 @@ spec:
               mountPath: "/xe/pki"
               readOnly: true
         - name: anubis
-          image: ghcr.io/techarohq/anubis:main
+          image: ghcr.io/techarohq/botstopper/anubis:latest
           imagePullPolicy: Always
           env:
           - name: "BIND"
             value: ":8080"
           - name: "DIFFICULTY"
             value: "4"
+          - name: "ERROR_TITLE"
+            value: "Error detected"
           - name: "METRICS_BIND"
             value: ":9090"
+          - name: "OVERLAY_FOLDER"
+            value: "/xe/cfg/botstopper"
           - name: "POLICY_FNAME"
-            value: "/xe/cfg/anubis/botPolicies.json"
+            value: "/xe/cfg/anubis/botPolicies.yaml"
           - name: "SERVE_ROBOTS_TXT"
             value: "true"
           - name: "TARGET"
@@ -175,6 +184,8 @@ spec:
           volumeMounts:
           - name: anubis
             mountPath: /xe/cfg/anubis
+          - name: botstopper-css
+            mountPath: /xe/cfg/botstopper/static/css
           resources:
             limits:
               cpu: 500m
diff --git a/kube/alrest/gitea/kustomization.yaml b/kube/alrest/gitea/kustomization.yaml
index 366bbb6..51722a7 100644
--- a/kube/alrest/gitea/kustomization.yaml
+++ b/kube/alrest/gitea/kustomization.yaml
@@ -14,4 +14,10 @@ configMapGenerator:
 - name: anubis-cfg
   behavior: create
   files:
-  - ./cfg/anubis/botPolicies.json
\ No newline at end of file
+  - ./cfg/anubis/botPolicies.json
+  - ./cfg/anubis/botPolicies.yaml
+
+- name: botstopper-custom-css
+  behavior: create
+  files:
+  - ./cfg/botstopper/custom.css
\ No newline at end of file