This commit is contained in:
parent
8bfe367ff4
commit
f3e3fd8e2b
SSH key fingerprint:
SHA256:/NaO5I1nG3gYKzrzSiTYIdRyaIYxDWfr1U+d+yfJ/4k
1 changed files with 15 additions and 6 deletions
|
|
@ -1,4 +1,8 @@
|
|||
{config, ...}: let
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
customDomain = config.customOps.domain.fqdn;
|
||||
in {
|
||||
imports = [
|
||||
|
|
@ -11,6 +15,11 @@ in {
|
|||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
package = pkgs.nginx.override {
|
||||
modules = [
|
||||
pkgs.nginxModules.moreheaders
|
||||
];
|
||||
};
|
||||
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
|
|
@ -25,11 +34,11 @@ in {
|
|||
map $scheme $hsts_header {
|
||||
https "max-age=31536000; includeSubdomains; preload";
|
||||
}
|
||||
add_header Strict-Transport-Security $hsts_header;
|
||||
add_header Content-Security-Policy "default-src 'none'";
|
||||
add_header 'Referrer-Policy' 'origin-when-cross-origin';
|
||||
add_header X-Frame-Options DENY;
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
more_set_headers 'Strict-Transport-Security: $hsts_header';
|
||||
more_set_headers 'Content-Security-Policy: default-src "none"';
|
||||
more_set_headers 'Referrer-Policy: origin-when-cross-origin';
|
||||
more_set_headers 'X-Frame-Options: DENY';
|
||||
more_set_headers 'X-Content-Type-Options: nosniff';
|
||||
'';
|
||||
|
||||
virtualHosts.${customDomain} = {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue