diff options
author | Alan Pearce | 2024-06-07 10:04:16 +0200 |
---|---|---|
committer | Alan Pearce | 2024-06-07 10:31:38 +0200 |
commit | b32bf5bbd6ab2d493df866b0e6f7ecc83b731eaa (patch) | |
tree | eaa83569b25af5d7f0c83c9124a27db724eae80f /lib | |
parent | abbb369ade5c2450e85c0803b47dc6808653951c (diff) | |
download | nixfiles-b32bf5bbd6ab2d493df866b0e6f7ecc83b731eaa.tar.lz nixfiles-b32bf5bbd6ab2d493df866b0e6f7ecc83b731eaa.tar.zst nixfiles-b32bf5bbd6ab2d493df866b0e6f7ecc83b731eaa.zip |
linde: extract git server setup to own file
Diffstat (limited to 'lib')
-rw-r--r-- | lib/caddy.nix | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/lib/caddy.nix b/lib/caddy.nix new file mode 100644 index 00000000..42777eeb --- /dev/null +++ b/lib/caddy.nix @@ -0,0 +1,47 @@ +{ lib +, ... +}: +rec { + subValue = v: + if builtins.isList v + then + builtins.concatStringsSep " " + (builtins.map + (v: + (if lib.strings.hasPrefix "http" v + then v + else "'${v}'")) + v) + else toString v; + + headerValue = sep: val: + if builtins.isAttrs val + then + builtins.concatStringsSep "; " + (lib.attrsets.mapAttrsToList + (k: v: + if builtins.isBool v then k else + "${k}${sep}${subValue v}" + ) + val) + else toString val; + genHeader = header: + let + sep = if header == "content-security-policy" then " " else "="; + in + value: "${header} \"${headerValue sep value}\""; + + headers = matcher: headers: '' + header ${matcher} { + ${builtins.concatStringsSep "\n" + (lib.attrsets.mapAttrsToList genHeader headers)} + } + ''; + security-headers = { matcher ? "", overrides ? { } }: headers matcher ({ + strict-transport-security = { + max-age = 2 * 365 * 24 * 60 * 60; + }; + x-content-type-options = "nosniff"; + x-frame-options = "DENY"; + } // overrides); +} |