dump-dvb/nix-config
dump-dvb/nix-config
3
0
Fork 0
mirror of https://github.com/dump-dvb/nix-config.git synced 2024-06-14 03:46:59 +02:00
Code Issues Projects Releases Wiki Activity

fix headers

Browse Source
This commit is contained in:
oxapentane - 2022-09-15 21:53:29 +02:00
parent 46f3c8cf66
commit 82d5d9ae87
Signed by: oxapentane
GPG Key ID: 91FA5E5BF9AA901C
2 changed files with 18 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/data-hoarder/dvb-api.nix
View File

@ -23,9 +23,6 @@ in
"api.${config.dump-dvb.domain}" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
add_header Access-Control-Allow-Origin: *;
'';
locations = {
"/" = {
proxyPass = with config.dump-dvb.api; "http://127.0.0.1:${toString port}/";

28
modules/data-hoarder/nginx.nix
View File

@ -1,11 +1,6 @@
{ ... }: {
security.acme.acceptTerms = true;
security.acme.defaults.email = "dump-dvb@protonmail.com";
services.nginx = {
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
commonHttpConfig = ''
{ pkgs, config, lib, ... }:
let
default-headers = ''
# Permissions Policy - gps only
add_header Permissions-Policy "geolocation=()";
@ -24,6 +19,19 @@
# STS
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
'';
};
'';
data-hoarder-headers = if lib.hasSuffix "data-hoarder" config.networking.hostName then ''
add_header Access-Control-Allow-Origin: *;
'' else '''';
headers = default-headers + data-hoarder-headers;
in
{
security.acme.acceptTerms = true;
security.acme.defaults.email = "dump-dvb@protonmail.com";
services.nginx = {
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
commonHttpConfig = headers;
};
}