nix-config/modules/data-hoarder/map.nix

{ pkgs, config, ... }: {
  services = {
    nginx = {
      enable = true;
      recommendedProxySettings = true;
      virtualHosts = {
        "map.${config.deployment-TLMS.domain}" = {
          forceSSL = true;
          enableACME = true;
          extraConfig = ''
            autoindex on;
          '';

          locations = let 
            nginx_config = ''
              # Permissions Policy - gps only
              add_header Permissions-Policy "geolocation=()";

              # Minimize information leaked to other domains
              add_header 'Referrer-Policy' 'origin-when-cross-origin';

              # Disable embedding as a frame
              add_header X-Frame-Options DENY;

              # Prevent injection of code in other mime types (XSS Attacks)
              add_header X-Content-Type-Options nosniff;

              # Enable XSS protection of the browser.
              # May be unnecessary when CSP is configured properly (see above)
              add_header X-XSS-Protection "1; mode=block";

              # STS
              add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
              add_header "Access-Control-Allow-Origin" "*";
              '';
              json_dump = "/var/lib/json_dump/";
          in {
            "/" = {
              root = if (config.deployment-TLMS.domain == "dvb.solutions") then "${pkgs.windshield}/bin/" else "${pkgs.windshield-staging}/bin/";
              index = "index.html";

              tryFiles = "$uri /index.html =404";
            };
            "~ ^/stop/.*\.json$" = {
              root = json_dump;
              extraConfig = nginx_config;
            };
            "~ ^/graph/.*\.json$" = {
              root = json_dump;
              extraConfig = nginx_config;
            };
            "~ ^/region/.*\.json$" = {
              root = json_dump;
              extraConfig = nginx_config;
            };
          };
        };
      };
    };
  };
}
Remove dead code (#10) Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> 2022-06-27 20:59:16 +02:00			`{ pkgs, config, ... }: {`
add basic map site 2022-05-02 12:38:16 +02:00			`services = {`
			`nginx = {`
			`enable = true;`
			`recommendedProxySettings = true;`
			`virtualHosts = {`
REBRANDING. Shit is broken 2022-12-30 18:29:13 +01:00			`"map.${config.deployment-TLMS.domain}" = {`
better TLS config and add security headers 2022-05-13 19:42:30 +02:00			`forceSSL = true;`
add basic map site 2022-05-02 12:38:16 +02:00			`enableACME = true;`
add autoindex for testing 2022-07-28 22:36:56 +02:00			`extraConfig = ''`
			`autoindex on;`
			`'';`

updating map 2022-12-09 23:16:10 +01:00			`locations = let`
			`nginx_config = ''`
			`# Permissions Policy - gps only`
			`add_header Permissions-Policy "geolocation=()";`

			`# Minimize information leaked to other domains`
			`add_header 'Referrer-Policy' 'origin-when-cross-origin';`

			`# Disable embedding as a frame`
			`add_header X-Frame-Options DENY;`

			`# Prevent injection of code in other mime types (XSS Attacks)`
			`add_header X-Content-Type-Options nosniff;`

			`# Enable XSS protection of the browser.`
			`# May be unnecessary when CSP is configured properly (see above)`
			`add_header X-XSS-Protection "1; mode=block";`

			`# STS`
			`add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;`
			`add_header "Access-Control-Allow-Origin" "*";`
TLMS.nix: yeet (#12) 2023-03-05 14:07:31 +01:00			`'';`
			`json_dump = "/var/lib/json_dump/";`
updating map 2022-12-09 23:16:10 +01:00			`in {`
add basic map site 2022-05-02 12:38:16 +02:00			`"/" = {`
REBRANDING. Shit is broken 2022-12-30 18:29:13 +01:00			`root = if (config.deployment-TLMS.domain == "dvb.solutions") then "${pkgs.windshield}/bin/" else "${pkgs.windshield-staging}/bin/";`
adding ftp for data downloads 2022-05-02 17:37:41 +02:00			`index = "index.html";`
404 to index.html on map 2022-10-16 15:59:17 +02:00
			`tryFiles = "$uri /index.html =404";`
add basic map site 2022-05-02 12:38:16 +02:00			`};`
try fixing stops.json serving 2022-10-16 18:33:46 +02:00			`"~ ^/stop/.*\.json$" = {`
TLMS.nix: yeet (#12) 2023-03-05 14:07:31 +01:00			`root = json_dump;`
updating map 2022-12-09 23:16:10 +01:00			`extraConfig = nginx_config;`
			`};`
			`"~ ^/graph/.*\.json$" = {`
TLMS.nix: yeet (#12) 2023-03-05 14:07:31 +01:00			`root = json_dump;`
updating map 2022-12-09 23:16:10 +01:00			`extraConfig = nginx_config;`
			`};`
			`"~ ^/region/.*\.json$" = {`
TLMS.nix: yeet (#12) 2023-03-05 14:07:31 +01:00			`root = json_dump;`
updating map 2022-12-09 23:16:10 +01:00			`extraConfig = nginx_config;`
adding location for graph.json 2022-07-28 22:50:35 +02:00			`};`
add basic map site 2022-05-02 12:38:16 +02:00			`};`
			`};`
			`};`
			`};`
			`};`
			`}`