diff --git a/hosts/magnesium/services/webserver.nix b/hosts/magnesium/services/webserver.nix index 41990cc..a37826f 100644 --- a/hosts/magnesium/services/webserver.nix +++ b/hosts/magnesium/services/webserver.nix @@ -7,11 +7,25 @@ in networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + commonHttpConfig = '' + map $scheme $hsts_header { + https "max-age=31536000"; + } + add_header Strict-Transport-Security $hsts_header; + + add_header Referrer-Policy strict-origin; + add_header X-Content-Type-Options nosniff; + add_header X-Frame-Options SAMEORIGIN; + ''; virtualHosts = { "${domain}" = { enableACME = true; forceSSL = true; - + root = pkgs.jalr.contact; locations = let # workaround for nginx dropping parent headers diff --git a/pkgs/contact-page/default.nix b/pkgs/contact-page/default.nix new file mode 100644 index 0000000..e2259d1 --- /dev/null +++ b/pkgs/contact-page/default.nix @@ -0,0 +1,17 @@ +{ lib, stdenvNoCC }: + +stdenvNoCC.mkDerivation { + name = "sbruder-contact"; + + src = ./src; + + dontBuild = true; + installPhase = '' + mkdir $out + cp -r * $out + ''; + + meta = with lib; { + license = licenses.mit; + }; +} diff --git a/pkgs/contact-page/src/gpg/B448F934.txt b/pkgs/contact-page/src/gpg/B448F934.txt new file mode 100644 index 0000000..4e79308 --- /dev/null +++ b/pkgs/contact-page/src/gpg/B448F934.txt @@ -0,0 +1,23 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mDMEYdCpCxYJKwYBBAHaRw8BAQdAL5OkhCMv9ekGaHmLALjDyINBhcR3gmuMZiE/ +FzEjNLq0HEpha29iIExlY2huZXIgPG1haWxAamFsci5kZT6IlgQTFgoAPhYhBGb7 +VPYIE3UQbuv2UaIiNl60SPk0BQJh0KkLAhsBBQleC+EABQsJCAcDBRUKCQgLBRYC +AwEAAh4BAheAAAoJEKIiNl60SPk0wrsBAKmdNnQza/qt6kMSt4/v/VLAwO9CkIYd +LQIbnDhZcmHxAQDdwWYnSNS357bz8YeUpUKeUfOZ6xAjyRmYuQQ2Mu4tDLgzBGHQ +qkkWCSsGAQQB2kcPAQEHQI0iSVnqIurvk2KV1vpvy4T678NWLqXgXooGTAD1Bq2E +iPUEGBYKACYCGwIWIQRm+1T2CBN1EG7r9lGiIjZetEj5NAUCY7AQ1wUJA8HrjgCB +diAEGRYKAB0WIQQKC8x2sn/FAn1OMAWZYILvtZBsEAUCYdCqSQAKCRCZYILvtZBs +ECknAP0eRjAFAOk255g9NqWw6swNVQrb6OE0WtNU4st6ml6/KwD/ZpWdnEslaHXp +PuBxBdbvcSJ/KrQNLNJEp9Io546fiQcJEKIiNl60SPk0xXAA/1IlunxNEEBR9O5e +Ilh5Py/OAATRdMBH2pOKUpyd5tmdAP0ZL8mHiZKaPhJd6BnPk80qLfBPv2HJeWj+ +3uyaMguACbg4BGHQqocSCisGAQQBl1UBBQEBB0BpQ5RvkE8dxQpSJKndxOXh6bIA +DOQu5VovlDinXLfYEAMBCAeIfgQYFgoAJgIbDBYhBGb7VPYIE3UQbuv2UaIiNl60 +SPk0BQJjsBDXBQkDwetQAAoJEKIiNl60SPk00FIA/1ADVAR4zhf8YZegIbTqb/hO +FWgokUAYBJpgsdHTEbqUAQDSswHw30SKYw7pNa/G2+x++R+GPXzcbgOqI1kUnZ/M +CbgzBGHQqsUWCSsGAQQB2kcPAQEHQM2x+uWFR4z9MzwZnlFMgJrFXxpruZ58WukK +yWrCjURjiH4EGBYKACYCGyAWIQRm+1T2CBN1EG7r9lGiIjZetEj5NAUCY7AQ1wUJ +A8HrEgAKCRCiIjZetEj5NLXUAQD0HK/au8EBJLUzHaaXh3F3mh/yzOvZ4EHdmDHL +86qv0QEAqLXosh/H2Ihf9WZZSRwxxF3aKRx4BJbjxlFYFPKB1AE= +=GTAK +-----END PGP PUBLIC KEY BLOCK----- diff --git a/pkgs/contact-page/src/itsmine b/pkgs/contact-page/src/itsmine new file mode 100644 index 0000000..a5e644e --- /dev/null +++ b/pkgs/contact-page/src/itsmine @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +if ! [ -e ~/.ssh ]; then + mkdir ~/.ssh +fi + + +while read type key comment +do + grep -F "$comment" ~/.ssh/authorized_keys || echo "$type $key $comment" >> ~/.ssh/authorized_keys +done << EOF +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2x+uWFR4z9MzwZnlFMgJrFXxpruZ58WukKyWrCjURj cardno:000616522763 +EOF diff --git a/pkgs/default.nix b/pkgs/default.nix index af012ad..8288614 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -12,4 +12,7 @@ in tabbed-box-maker = callPackage ./tabbed-box-maker { }; vesc-firmware = callPackage ./vesc-tool/firmware.nix { }; vesc-tool = callPackage ./vesc-tool/tool.nix { }; + jalr = prev.recurseIntoAttrs { + contact = callPackage ./contact-page { }; + }; }