33 lines
895 B
Nix
33 lines
895 B
Nix
{config, ...}: let
|
|
domain = "tel.weinturm.de";
|
|
in {
|
|
networking.firewall.allowedTCPPorts = [
|
|
config.services.nginx.defaultHTTPListenPort
|
|
config.services.nginx.defaultSSLListenPort
|
|
];
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
commonHttpConfig = ''
|
|
map $scheme $hsts_header {
|
|
https "max-age=31536000";
|
|
}
|
|
add_header Strict-Transport-Security $hsts_header;
|
|
|
|
add_header Referrer-Policy strict-origin;
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-Frame-Options SAMEORIGIN;
|
|
'';
|
|
virtualHosts = {
|
|
"${domain}" = {
|
|
serverAliases = ["tel.weinturm-open-air.de"];
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
root = "/persist/html";
|
|
};
|
|
};
|
|
};
|
|
}
|