diff options
author | Izorkin <izorkin@elven.pw> | 2022-10-31 00:15:13 +0300 |
---|---|---|
committer | Izorkin <izorkin@elven.pw> | 2022-10-31 01:34:29 +0300 |
commit | d4296648b504b77760025eae2daf1342f1f5bdc9 (patch) | |
tree | 662c63d026f10658b7930f75d07416b932d533cd /nixos/modules/services/web-apps/peertube.nix | |
parent | cf97d84982c3d08139cd011f517f7bd57854faeb (diff) | |
download | nixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.tar nixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.tar.gz nixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.tar.bz2 nixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.tar.lz nixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.tar.xz nixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.tar.zst nixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.zip |
nixos/peertube: add hsts header to nginx configuration
Diffstat (limited to 'nixos/modules/services/web-apps/peertube.nix')
-rw-r--r-- | nixos/modules/services/web-apps/peertube.nix | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/nixos/modules/services/web-apps/peertube.nix b/nixos/modules/services/web-apps/peertube.nix index a42d1a1a932e..95dce42eba0e 100644 --- a/nixos/modules/services/web-apps/peertube.nix +++ b/nixos/modules/services/web-apps/peertube.nix @@ -67,7 +67,9 @@ let node ~/dist/server/tools/peertube.js $@ ''; - nginxCommonHeaders = '' + nginxCommonHeaders = lib.optionalString cfg.enableWebHttps '' + add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; + '' + '' add_header Access-Control-Allow-Origin '*'; add_header Access-Control-Allow-Methods 'GET, OPTIONS'; add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; @@ -487,6 +489,8 @@ in { extraConfig = '' client_max_body_size 12G; add_header X-File-Maximum-Size 8G always; + '' + lib.optionalString cfg.enableWebHttps '' + add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; ''; }; @@ -497,6 +501,8 @@ in { extraConfig = '' client_max_body_size 6M; add_header X-File-Maximum-Size 4M always; + '' + lib.optionalString cfg.enableWebHttps '' + add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; ''; }; @@ -560,6 +566,8 @@ in { priority = 1320; extraConfig = '' add_header Cache-Control 'public, max-age=604800, immutable'; + '' + lib.optionalString cfg.enableWebHttps '' + add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; ''; }; @@ -718,6 +726,10 @@ in { rewrite ^/static/webseed/(.*)$ /$1 break; ''; }; + + extraConfig = lib.optionalString cfg.enableWebHttps '' + add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; + ''; }; }; |