refactor: move services out of systems/tewi/

2026-02-09 04:19:19 -08:00 · 2024-01-09 13:12:55 -08:00 · 2024-01-09 13:12:55 -08:00 · 5a661e8809
commit 5a661e8809
parent 2f68968238
30 changed files with 992 additions and 638 deletions
--- a/nixos/nginx.nix
+++ b/nixos/nginx.nix
@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  networking.firewall.allowedTCPPorts = [
+    443
+    80
+  ];
+
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = false;
+    commonHttpConfig = ''
+      map $scheme $hsts_header {
+          https   "max-age=31536000; includeSubdomains; preload";
+      }
+      #add_header Strict-Transport-Security $hsts_header;
+      #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+      add_header 'Referrer-Policy' 'origin-when-cross-origin';
+      #add_header X-Frame-Options DENY;
+      #add_header X-Content-Type-Options nosniff;
+      #add_header X-XSS-Protection "1; mode=block";
+      #proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
+    '';
+    clientMaxBodySize = "512m";
+  };
+}