summary refs log tree commit diff
path: root/hosts/vps/services/website.nix
blob: 8aa51b0f4cd2e6cf735619bfed359d7e83f00d1c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
{
  pkgs,
  config,
  lib,
  ...
}: {
  options.website.defaultHeaders = lib.mkOption {
    type = lib.types.str;
    default = ''
      header {
        -Server
        -Date
        -Last-Modified
        -Etag
        -Accept-Ranges
        # disable indexing by search engines

        X-Robots-Tag "noindex, nofollow"

       # disable FLoC tracking
        # Permissions-Policy interest-cohort=()

        # enable HSTS
        # Strict-Transport-Security max-age=31536000;

        # disable clients from sniffing the media type
        # X-Content-Type-Options nosniff

        # clickjacking protection
        # X-Frame-Options DENY

        # keep referrer data off of HTTP connections
        # Referrer-Policy no-referrer-when-downgrade
      }
    '';
  };
  config = {
    services.caddy = {
      enable = true;
      virtualHosts = {
        "tzlil.net".extraConfig = ''
          bind 0.0.0.0
          handle_path / {
            try_files ${pkgs.writeText "index.html" ''
                    <style>
                    @media (prefers-color-scheme: dark) {
                        body { background-color: #121212; color: #d4d4d4; }
                        a { color: #7878ff; }
                        a:visited { color: #6464fa; }
                    }
             .mail:before {
               content: attr(b) "\0040" attr(a);
               unicode-bidi: bidi-override;
               direction: rtl;
                    </style>
                    <pre>
                   ~?~+=I?~~IIIII++,:   .?= .,I=O8OZ.DNNO, ZD7:::=.? ,,:,,I,,:,~+?II?I?II?=+=~+7$ZO
                   ?==++??==+I???7..:.   :II$77?I+ID~NND8.ZMN7~=~I7:,., :?7,.,.~+?I???????,+~7+$ZOZ
                   7+===I+~===?I77:  ?   ,$7$.:.,I?=7NNNINMMMNOI=++ .~==I$7, ..++?I???I+=?.+:O+ZZOZ
                   ===++I+==?III??I,?,   ~I7NN,..  ??ONNNMMMD$777$7I$ZOO$7?....+=????I~=+,:+,O8DNMM
                   ~=~==7II=+I?II7I,I+,8Z.II8D+=~:.,7$NMMMMMN8$7~. ..  :88I. ..?=?++I:~+=.~~~NMMMNN
                   ~====II?I~+?I?$7I?~8D7+7$ZZNONDN8Z8NMMMMMMNNON:=. :,$.I7  .,+=??I:,=, .:,=DNNMMN
                   =+?==+==?~+=I?$$I+88D:I$8NMNDDNNNDNNNMMMMMMMMM8I$77=MMDO.  :~=+?,,,   .~,?8DDD8D
                   =~=+==I7I=IIIIO$=~OOD=I7ODNNNNMNNDNDNMMMMMMMMNO$O+OZ 78.,.I::++:..   .,::=888OOO
                   ===I=I?~=?I???$I$?OODZ=7Z8NDONNN7D88MMMMMMMMMMNNNN8DNN~..~:7,,+7?,:,:::+8=Z888OO
                   ~+===7?=??I????7Z7ZOD8I777$+NNN:OOZOMMMMMMMMMMMMMMNMM+..~=?=O:+?::=+~:~+IDD888OZ
                   I==II??=I???=::7OI?O88Z=I~,?ZDD,Z$IDMMMMMMMMMMMMMMMM:$$?.~?+=?:,~+?I??==+++I8OOO
                   ==+++??+=.,~,~:7Z$?7I77$=. $I$8I$7+~8NMMMMMMMMMMMMDDMN$ ,:+?=.~==?II+++=+=?II+OZ
                   ==+?+I?,=:+?=~~??I++~7$$$= 777Z,$Z$$ONNMMMMMMMMMMMMMM8? .~=?:.==+?I~+?=+=??II?I8
                   ?=+?I:=~??II=~~, II?+ 7$7?=?77$?$Z:8NMMMNMMMMMMMMMMMD7 ,,===::~=?II.??++?++III+~
                   ??+.I+I=+I+??=~=~ =I+:?7$77?$$$ZI7Z8DM7NMMNMMMMMMMMOI. .,=~~.~~+I?:???==~????II?
                   I??:==?I++I?~==+=~:.?I7I77$?IZ$ZODDOIDNNNNNMMMMNM8?.:. ,,+=,::~+==II=~,=?+?IIIII
                   ??I:?=,=+++?II+=:,:, +77777$$777ODDMMNO~DNNNDD8?..::: .,,+~.,::=??????=+?IIIII?I
                   ????++=~:=?IIIII=~:: ~~+II77$$7$ZO8NMMMND.+:   .=7+=~ ,,:?...~II??+??I?+??IIII?I
                   ??III7II+~:?II7+II?, ~,:,~7777$$$I$8DNMMNO   .~I  .Z:.,:~: ,+???+=,IIIIII??IIIII
                   ???I7I:,~=:,+II+=~I??:.,,,.:77777777$ODMM8 .:+ZI. ,~,..~~ :II?==~:?II??IIIIIIIII
                   No matter where you go, everyone's connected

                   <a href="https://fm.tzlil.net">fm.tzlil.net</a> music
                   <a href="https://git.tzlil.net">git.tzlil.net</a> code
                   <a href="/arXiv">arXiv randomizer</a>
            matrix @tzlil:tzlil.net
            email tzlils protonmail com
                   </pre>
          ''} /
            file_server
          }
        '';
      };
    };
    networking.firewall.allowedTCPPorts = [80 443];

    environment.persistence."/nix/persist".directories = [
      {
        directory = "/var/lib/caddy";
        user = "caddy";
        group = "caddy";
      }
    ];
  };
}