about summary refs log tree commit diff
path: root/nixos/modules/services/web-apps/peertube.nix
diff options
context:
space:
mode:
authorIzorkin <izorkin@elven.pw>2022-10-31 00:15:13 +0300
committerIzorkin <izorkin@elven.pw>2022-10-31 01:34:29 +0300
commitd4296648b504b77760025eae2daf1342f1f5bdc9 (patch)
tree662c63d026f10658b7930f75d07416b932d533cd /nixos/modules/services/web-apps/peertube.nix
parentcf97d84982c3d08139cd011f517f7bd57854faeb (diff)
downloadnixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.tar
nixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.tar.gz
nixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.tar.bz2
nixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.tar.lz
nixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.tar.xz
nixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.tar.zst
nixlib-d4296648b504b77760025eae2daf1342f1f5bdc9.zip
nixos/peertube: add hsts header to nginx configuration
Diffstat (limited to 'nixos/modules/services/web-apps/peertube.nix')
-rw-r--r--nixos/modules/services/web-apps/peertube.nix14


1 files changed, 13 insertions, 1 deletions
diff --git a/nixos/modules/services/web-apps/peertube.nix b/nixos/modules/services/web-apps/peertube.nix
index a42d1a1a932e..95dce42eba0e 100644
--- a/nixos/modules/services/web-apps/peertube.nix
+++ b/nixos/modules/services/web-apps/peertube.nix
@@ -67,7 +67,9 @@ let
     node ~/dist/server/tools/peertube.js $@
   '';
 
-  nginxCommonHeaders = ''
+  nginxCommonHeaders = lib.optionalString cfg.enableWebHttps ''
+    add_header Strict-Transport-Security      'max-age=63072000; includeSubDomains';
+  '' + ''
     add_header Access-Control-Allow-Origin    '*';
     add_header Access-Control-Allow-Methods   'GET, OPTIONS';
     add_header Access-Control-Allow-Headers   'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
@@ -487,6 +489,8 @@ in {
           extraConfig = ''
             client_max_body_size                        12G;
             add_header X-File-Maximum-Size              8G always;
+          '' + lib.optionalString cfg.enableWebHttps ''
+            add_header Strict-Transport-Security        'max-age=63072000; includeSubDomains';
           '';
         };
 
@@ -497,6 +501,8 @@ in {
           extraConfig = ''
             client_max_body_size                        6M;
             add_header X-File-Maximum-Size              4M always;
+          '' + lib.optionalString cfg.enableWebHttps ''
+            add_header Strict-Transport-Security        'max-age=63072000; includeSubDomains';
           '';
         };
 
@@ -560,6 +566,8 @@ in {
           priority = 1320;
           extraConfig = ''
             add_header Cache-Control                    'public, max-age=604800, immutable';
+          '' + lib.optionalString cfg.enableWebHttps ''
+            add_header Strict-Transport-Security        'max-age=63072000; includeSubDomains';
           '';
         };
 
@@ -718,6 +726,10 @@ in {
             rewrite ^/static/webseed/(.*)$              /$1 break;
           '';
         };
+
+        extraConfig = lib.optionalString cfg.enableWebHttps ''
+          add_header Strict-Transport-Security          'max-age=63072000; includeSubDomains';
+        '';
       };
     };
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-07 06:46:52 +0000