nixos/config/hosts/capetillo/services/nginx.nix

69 lines
2.2 KiB
Nix
Raw Permalink Normal View History

2021-11-26 13:45:04 +00:00
{ lib, ... }:
{
imports = [ ../../../common/services/nginx.nix ];
services.nginx.virtualHosts = {
"nixaalb.org" = {
enableACME = true;
forceSSL = true;
root = "/var/www/nixaalb.org/public";
2021-11-26 13:51:00 +00:00
extraConfig = ''
add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'same-origin';
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
2021-11-26 13:52:38 +00:00
add_header Onion-Location http://ag6mlqzpyswq3oogpnuykgllnv5gevjew6dshzmotwgnpo5jw2jqltad.onion$request_uri;
'';
};
"vault.dotsrc.org" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8812";
proxyWebsockets = true;
};
locations."/notifications/hub" = {
proxyPass = "http://127.0.0.1:3012";
proxyWebsockets = true;
};
locations."/notifications/hub/negotiate" = {
proxyPass = "http://127.0.0.1:8812";
proxyWebsockets = true;
};
};
"mta-sts.nixaalb.org" = {
enableACME = true;
forceSSL = true;
root = "/var/www/mta-sts/public";
extraConfig = ''
add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'same-origin';
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
'';
};
2021-11-26 13:45:04 +00:00
"ag6mlqzpyswq3oogpnuykgllnv5gevjew6dshzmotwgnpo5jw2jqltad.onion" = {
# TODO: Do this with unix sockets instead
listen = [ {
addr = "[::1]";
port = 8080;
} ];
root = "/var/www/nixaalb.org/public";
extraConfig = ''
add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
add_header 'Referrer-Policy' 'same-origin';
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
'';
2021-11-26 13:51:00 +00:00
2021-11-26 13:45:04 +00:00
};
};
}