From f3e3fd8e2b72314eaee6b12e32815cf9dd55d185 Mon Sep 17 00:00:00 2001
From: toufic ar <contact@toufy.me>
Date: Wed, 4 Mar 2026 03:49:02 +0200
Subject: [PATCH] nginx use headers-more module

---
 config/http/default.nix | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/config/http/default.nix b/config/http/default.nix
index 178dcdf..a7080de 100644
--- a/config/http/default.nix
+++ b/config/http/default.nix
@@ -1,4 +1,8 @@
-{config, ...}: let
+{
+  config,
+  pkgs,
+  ...
+}: let
   customDomain = config.customOps.domain.fqdn;
 in {
   imports = [
@@ -11,6 +15,11 @@ in {
 
   services.nginx = {
     enable = true;
+    package = pkgs.nginx.override {
+      modules = [
+        pkgs.nginxModules.moreheaders
+      ];
+    };
 
     recommendedTlsSettings = true;
     recommendedOptimisation = true;
@@ -25,11 +34,11 @@ in {
       map $scheme $hsts_header {
           https   "max-age=31536000; includeSubdomains; preload";
       }
-      add_header Strict-Transport-Security $hsts_header;
-      add_header Content-Security-Policy "default-src 'none'";
-      add_header 'Referrer-Policy' 'origin-when-cross-origin';
-      add_header X-Frame-Options DENY;
-      add_header X-Content-Type-Options nosniff;
+      more_set_headers 'Strict-Transport-Security: $hsts_header';
+      more_set_headers 'Content-Security-Policy: default-src "none"';
+      more_set_headers 'Referrer-Policy: origin-when-cross-origin';
+      more_set_headers 'X-Frame-Options: DENY';
+      more_set_headers 'X-Content-Type-Options: nosniff';
     '';
 
     virtualHosts.${customDomain} = {