diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/caddy.nix | 47 | ||||
| -rw-r--r-- | lib/default.nix | 24 |
2 files changed, 61 insertions, 10 deletions
diff --git a/lib/caddy.nix b/lib/caddy.nix new file mode 100644 index 00000000..42777eeb --- /dev/null +++ b/lib/caddy.nix @@ -0,0 +1,47 @@ +{ lib +, ... +}: +rec { + subValue = v: + if builtins.isList v + then + builtins.concatStringsSep " " + (builtins.map + (v: + (if lib.strings.hasPrefix "http" v + then v + else "'${v}'")) + v) + else toString v; + + headerValue = sep: val: + if builtins.isAttrs val + then + builtins.concatStringsSep "; " + (lib.attrsets.mapAttrsToList + (k: v: + if builtins.isBool v then k else + "${k}${sep}${subValue v}" + ) + val) + else toString val; + genHeader = header: + let + sep = if header == "content-security-policy" then " " else "="; + in + value: "${header} \"${headerValue sep value}\""; + + headers = matcher: headers: '' + header ${matcher} { + ${builtins.concatStringsSep "\n" + (lib.attrsets.mapAttrsToList genHeader headers)} + } + ''; + security-headers = { matcher ? "", overrides ? { } }: headers matcher ({ + strict-transport-security = { + max-age = 2 * 365 * 24 * 60 * 60; + }; + x-content-type-options = "nosniff"; + x-frame-options = "DENY"; + } // overrides); +} diff --git a/lib/default.nix b/lib/default.nix index 023566e5..2cbaf55c 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -6,16 +6,20 @@ in rec { importPathStore = p: "${append ../. "/${p}"}"; - mkPathable = s: - if - s.type == "local" - then - toString (lib.path.append ../. s.outPath) - else - toString s.outPath - ; + mkPathable = s: toString ( + if lib.path.subpath.isValid s + then (lib.path.append ../. s) + else s + ); + + kvPath = k: v: "${k}=${v}"; + + fromSources = sources: + lib.attrsets.mapAttrs + (k: v: v.outPath) + sources; mkNixPath = sources: lib.attrsets.mapAttrsToList - (k: v: "${k}=${mkPathable v}") - (removeAttrs sources [ "__functor" ]); + (k: v: kvPath k (mkPathable v)) + sources; } |