coolneng
/
zion
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: coolneng:1dcd3fe1a451da86559ed0c2384cb52c2bde5123
Branches Tags
coolneng:master
..
compare: coolneng:bc5c561775112a5cb4220e84ba58c4b7a031abc1
Branches Tags
coolneng:master

No commits in common. "1dcd3fe1a451da86559ed0c2384cb52c2bde5123" and "bc5c561775112a5cb4220e84ba58c4b7a031abc1" have entirely different histories.
1dcd3fe1a4 ... bc5c561775

1 changed files with 9 additions and 16 deletions
Show Stats Expand all files Collapse all files

25
modules/webstack.nix
View File

@ -18,12 +18,13 @@
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
# Minimize information leaked to other domains # Minimize information leaked to other domains
add_header 'Referrer-Policy' 'strict-origin-when-cross-origin'; add_header 'Referrer-Policy' 'origin-when-cross-origin';
# Disable embedding as a frame, except from the same origin
add_header Content-Security-Policy "frame-src git.coolneng.duckdns.org; frame-ancestors git.coolneng.duckdns.org";
# Prevent injection of code in other mime types (XSS Attacks) # Prevent injection of code in other mime types (XSS Attacks)
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options SAMEORIGIN;
# This might create errors # This might create errors
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
@ -40,13 +41,12 @@
"rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;"; "rewrite ^/gitea/(.*)$ https://git.coolneng.duckdns.org/$1 last;";
"/miniflux/".extraConfig = "/miniflux/".extraConfig =
"rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;"; "rewrite ^/miniflux/(.*)$ https://rss.coolneng.duckdns.org/$1 last;";
# Delegation for Matrix
"/.well-known/" = { "/.well-known/" = {
alias = "${../well-known}" + "/"; alias = "${../well-known}" + "/";
extraConfig = '' extraConfig = ''
${config.services.nginx.commonHttpConfig} ${config.services.nginx.commonHttpConfig}
add_header Access-Control-Allow-Origin '*'; add_header Access-Control-Allow-Origin '*';
default_type application/json; add_header Content-Type application/json;
''; '';
}; };
}; };
@ -70,14 +70,7 @@
"git.coolneng.duckdns.org" = { "git.coolneng.duckdns.org" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/".proxyPass = "http://localhost:3000/";
proxyPass = "http://localhost:3000/";
extraConfig = ''
${config.services.nginx.commonHttpConfig}
# Disable embedding as a frame, except from the same origin
add_header Content-Security-Policy "frame-src git.coolneng.duckdns.org; frame-ancestors git.coolneng.duckdns.org";
'';
};
}; };
"rss.coolneng.duckdns.org" = { "rss.coolneng.duckdns.org" = {
enableACME = true; enableACME = true;
@ -111,9 +104,9 @@
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".root = pkgs.element-web.override { locations."/".root = pkgs.element-web.override {
conf.default_server_config = { conf.default_server_config."m.homeserver" = {
"m.homeserver"."base_url" = "https://matrix.coolneng.duckdns.org"; "base_url" = "https://matrix.coolneng.duckdns.org";
"m.identity_server"."base_url" = "https://vector.im"; "server_name" = "coolneng.duckdns.org";
}; };
}; };
}; };