diff options
Diffstat (limited to 'lib/caddy.nix')
| -rw-r--r-- | lib/caddy.nix | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/lib/caddy.nix b/lib/caddy.nix new file mode 100644 index 00000000..42777eeb --- /dev/null +++ b/lib/caddy.nix @@ -0,0 +1,47 @@ +{ lib +, ... +}: +rec { + subValue = v: + if builtins.isList v + then + builtins.concatStringsSep " " + (builtins.map + (v: + (if lib.strings.hasPrefix "http" v + then v + else "'${v}'")) + v) + else toString v; + + headerValue = sep: val: + if builtins.isAttrs val + then + builtins.concatStringsSep "; " + (lib.attrsets.mapAttrsToList + (k: v: + if builtins.isBool v then k else + "${k}${sep}${subValue v}" + ) + val) + else toString val; + genHeader = header: + let + sep = if header == "content-security-policy" then " " else "="; + in + value: "${header} \"${headerValue sep value}\""; + + headers = matcher: headers: '' + header ${matcher} { + ${builtins.concatStringsSep "\n" + (lib.attrsets.mapAttrsToList genHeader headers)} + } + ''; + security-headers = { matcher ? "", overrides ? { } }: headers matcher ({ + strict-transport-security = { + max-age = 2 * 365 * 24 * 60 * 60; + }; + x-content-type-options = "nosniff"; + x-frame-options = "DENY"; + } // overrides); +} |