emelie/nix-deploy
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Wiki Activity

Unify user configuration, update to nixos-21.11

Browse source
This commit is contained in:
Emelie Graven 2021-12-18 09:58:36 +01:00
parent bb394d63a6
commit 9ad2284444
Signed by: emelie
GPG key ID: C11123726DBB55A1
7 changed files with 37 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

4
config/common/services/nginx.nix
View file

@ -9,6 +9,8 @@
recommendedProxySettings = true;
recommendedTlsSettings = true;
clientMaxBodySize = "100M";
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
@ -24,7 +26,7 @@
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
# Minimize information leaked to other domains
add_header 'Referrer-Policy' 'origin-when-cross-origin';
add_header 'Referrer-Policy' 'same-origin';
# Disable embedding as a frame
add_header X-Frame-Options DENY;