Compare commits
3 Commits
4ea537af4d
...
ca1b011888
Author | SHA1 | Date |
---|---|---|
Sandro - | ca1b011888 | |
Sandro - | 3aa5a47abe | |
Sandro - | d1bb9acd4a |
|
@ -119,7 +119,7 @@ in
|
|||
virtualHosts."${cfge.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = lib.mkDefault true;
|
||||
root = (cfge.package.override {
|
||||
locations."/".root = (cfge.package.override {
|
||||
conf = with config.services.matrix-synapse.settings; {
|
||||
default_server_config."m.homeserver" = {
|
||||
"base_url" = public_baseurl;
|
||||
|
|
|
@ -71,10 +71,9 @@ in
|
|||
|
||||
locations = lib.mkOption {
|
||||
type = with lib.types; attrsOf (submodule {
|
||||
options.extraConfig = lib.mkOption {};
|
||||
config.extraConfig = lib.optionalString cfg.setHSTSHeader /* nginx */ ''
|
||||
config.extraConfig = lib.mkIf cfg.setHSTSHeader (/* nginx */ ''
|
||||
more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains; preload";
|
||||
'' + cfg.commonServerConfig + cfgv.commonLocationsConfig;
|
||||
'' + cfg.commonServerConfig + cfgv.commonLocationsConfig);
|
||||
});
|
||||
};
|
||||
};
|
||||
|
@ -89,6 +88,13 @@ in
|
|||
];
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
assertions = lib.mkIf cfg.setHSTSHeader (lib.attrValues (lib.mapAttrs (host: hostConfig: {
|
||||
assertion = hostConfig.root == null;
|
||||
message = let
|
||||
name = ''services.nginx.virtualHosts."${host}"'';
|
||||
in "Use ${name}.locations./.root instead of ${name}.root to properly apply .locations.*.extraConfig set by services.nginx.setHSTSHeader";
|
||||
}) cfg.virtualHosts));
|
||||
|
||||
boot.kernel.sysctl = lib.mkIf cfg.tcpFastOpen {
|
||||
# enable tcp fastopen for outgoing and incoming connections
|
||||
"net.ipv4.tcp_fastopen" = 3;
|
||||
|
|
Loading…
Reference in New Issue