This commit is contained in:
parent
8bfe367ff4
commit
f3e3fd8e2b
SSH key fingerprint:
SHA256:/NaO5I1nG3gYKzrzSiTYIdRyaIYxDWfr1U+d+yfJ/4k
1 changed files with 15 additions and 6 deletions
|
|
@ -1,4 +1,8 @@
|
||||||
{config, ...}: let
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
customDomain = config.customOps.domain.fqdn;
|
customDomain = config.customOps.domain.fqdn;
|
||||||
in {
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
|
|
@ -11,6 +15,11 @@ in {
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
package = pkgs.nginx.override {
|
||||||
|
modules = [
|
||||||
|
pkgs.nginxModules.moreheaders
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
|
|
@ -25,11 +34,11 @@ in {
|
||||||
map $scheme $hsts_header {
|
map $scheme $hsts_header {
|
||||||
https "max-age=31536000; includeSubdomains; preload";
|
https "max-age=31536000; includeSubdomains; preload";
|
||||||
}
|
}
|
||||||
add_header Strict-Transport-Security $hsts_header;
|
more_set_headers 'Strict-Transport-Security: $hsts_header';
|
||||||
add_header Content-Security-Policy "default-src 'none'";
|
more_set_headers 'Content-Security-Policy: default-src "none"';
|
||||||
add_header 'Referrer-Policy' 'origin-when-cross-origin';
|
more_set_headers 'Referrer-Policy: origin-when-cross-origin';
|
||||||
add_header X-Frame-Options DENY;
|
more_set_headers 'X-Frame-Options: DENY';
|
||||||
add_header X-Content-Type-Options nosniff;
|
more_set_headers 'X-Content-Type-Options: nosniff';
|
||||||
'';
|
'';
|
||||||
|
|
||||||
virtualHosts.${customDomain} = {
|
virtualHosts.${customDomain} = {
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue