blob: f3ef7b81bf230d632f670936a203cae74101d9fa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
{
pkgs,
config,
lib,
...
}: {
options.website.defaultHeaders = lib.mkOption {
type = lib.types.str;
default = ''
header {
-Server
-Date
-Last-Modified
-Etag
-Accept-Ranges
# disable indexing by search engines
X-Robots-Tag "noindex, nofollow"
# disable FLoC tracking
# Permissions-Policy interest-cohort=()
# enable HSTS
# Strict-Transport-Security max-age=31536000;
# disable clients from sniffing the media type
# X-Content-Type-Options nosniff
# clickjacking protection
# X-Frame-Options DENY
# keep referrer data off of HTTP connections
# Referrer-Policy no-referrer-when-downgrade
}
'';
};
config = {
services.caddy = {
enable = true;
virtualHosts = {
"tzlil.net".extraConfig = ''
bind 0.0.0.0
handle_path / {
try_files ${pkgs.writeText "index.html" ''
<style>
@media (prefers-color-scheme: dark) {
body { background-color: #121212; color: #d4d4d4; }
a { color: #7878ff; }
a:visited { color: #6464fa; }
}
</style>
<pre>
<a href="https://fm.tzlil.net">fm.tzlil.net</a> music
<a href="https://git.tzlil.net">git.tzlil.net</a> for everything im too embarrased to put on sourcehut
<a href="/arXiv">arXiv randomizer</a>
</pre>
''} /
file_server
}
'';
};
};
networking.firewall.allowedTCPPorts = [80 443];
environment.persistence."/nix/persist".directories = [
{
directory = "/var/lib/caddy";
user = "caddy";
group = "caddy";
}
];
};
}
|
