jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nginx fixes

Browse Source
This commit is contained in:
Danilo Reyes
2026-02-06 08:27:58 -06:00
parent 41298f0980
commit 6d5422f447
2 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/websites/lidarr-mb-report.nix
View File

@@ -5,7 +5,7 @@
}: }:
let let
cfg = config.my.websites.lidarrMbReport; cfg = config.my.websites.lidarrMbReport;
mbHeaders = '' mbSecurityHeaders = ''
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
''; '';
@@ -23,20 +23,22 @@ in
"/" = { "/" = {
extraConfig = '' extraConfig = ''
try_files $uri /missing_albums.html; try_files $uri /missing_albums.html;
${mbSecurityHeaders}
''; '';
}; };
"~* \\.html$" = { "~* \\.html$" = {
extraConfig = '' extraConfig = ''
add_header Content-Type "text/html; charset=utf-8"; add_header Content-Type "text/html; charset=utf-8";
${mbSecurityHeaders}
''; '';
}; };
"~* \\.json$" = { "~* \\.json$" = {
extraConfig = '' extraConfig = ''
add_header Content-Type "application/json"; add_header Content-Type "application/json";
${mbSecurityHeaders}
''; '';
}; };
}; };
extraConfig = mbHeaders;
}; };
}; };
} }

11
modules/websites/portfolio.nix
View File

@@ -6,7 +6,7 @@
let let
cfg = config.my.websites.portfolio; cfg = config.my.websites.portfolio;
issoCfg = config.my.servers.isso; issoCfg = config.my.servers.isso;
hugoHeaders = '' hugoSecurityHeaders = ''
add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always; add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
@@ -17,22 +17,26 @@ let
"/" = { "/" = {
extraConfig = '' extraConfig = ''
try_files $uri $uri/ /index.html; try_files $uri $uri/ /index.html;
${hugoSecurityHeaders}
''; '';
}; };
"~* \\.html$" = { "~* \\.html$" = {
extraConfig = '' extraConfig = ''
try_files $uri $uri/ /index.html; try_files $uri $uri/ /index.html;
${hugoSecurityHeaders}
''; '';
}; };
"~* \\.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|xml)$" = { "~* \\.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|xml)$" = {
extraConfig = '' extraConfig = ''
expires 1y; expires 1y;
add_header Cache-Control "public, max-age=31536000, immutable"; add_header Cache-Control "public, max-age=31536000, immutable";
${hugoSecurityHeaders}
''; '';
}; };
"~ /\\.(?!well-known).*" = { "~ /\\.(?!well-known).*" = {
extraConfig = '' extraConfig = ''
return 404; return 404;
${hugoSecurityHeaders}
''; '';
}; };
"= /js/script.js" = { "= /js/script.js" = {
@@ -40,12 +44,14 @@ let
extraConfig = '' extraConfig = ''
proxy_set_header Host analytics.lebubu.org; proxy_set_header Host analytics.lebubu.org;
rewrite ^ /js/script.file-downloads.hash.outbound-links.js break; rewrite ^ /js/script.file-downloads.hash.outbound-links.js break;
${hugoSecurityHeaders}
''; '';
}; };
"= /api/event" = { "= /api/event" = {
proxyPass = "https://analytics.lebubu.org"; proxyPass = "https://analytics.lebubu.org";
extraConfig = '' extraConfig = ''
proxy_set_header Host analytics.lebubu.org; proxy_set_header Host analytics.lebubu.org;
${hugoSecurityHeaders}
''; '';
}; };
}; };
@@ -71,7 +77,6 @@ in
enableACME = true; enableACME = true;
root = "/var/www/html/portfolio"; root = "/var/www/html/portfolio";
locations = hugoLocations; locations = hugoLocations;
extraConfig = hugoHeaders;
}; };
"blog.danilo-reyes.com" = { "blog.danilo-reyes.com" = {
forceSSL = true; forceSSL = true;
@@ -83,10 +88,10 @@ in
extraConfig = '' extraConfig = ''
rewrite ^/isso/?(.*)$ /$1 break; rewrite ^/isso/?(.*)$ /$1 break;
proxy_set_header Host $host; proxy_set_header Host $host;
${hugoSecurityHeaders}
''; '';
}; };
}; };
extraConfig = hugoHeaders;
}; };
}; };
}; };