2024-12-08 22:53:40 -06:00
|
|
|
{
|
|
|
|
|
flake,
|
|
|
|
|
config,
|
|
|
|
|
...
|
|
|
|
|
}: let
|
|
|
|
|
inherit (flake.config.machines.devices) server;
|
|
|
|
|
inherit (flake.config.services.instances) upRootNutrition web;
|
|
|
|
|
service = upRootNutrition;
|
|
|
|
|
localhost = web.localhost.address0;
|
|
|
|
|
host = web.domains.url3;
|
|
|
|
|
in {
|
|
|
|
|
services = {
|
|
|
|
|
caddy = {
|
|
|
|
|
virtualHosts = {
|
|
|
|
|
"${host}" = {
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
|
2024-12-19 19:56:45 -06:00
|
|
|
root * /var/lib/website
|
2024-12-08 22:53:40 -06:00
|
|
|
|
2024-12-19 19:56:45 -06:00
|
|
|
file_server
|
|
|
|
|
|
|
|
|
|
try_files {path} /index.html
|
|
|
|
|
encode gzip
|
|
|
|
|
|
|
|
|
|
header {
|
|
|
|
|
# Disable FLoC tracking
|
|
|
|
|
Permissions-Policy interest-cohort=()
|
|
|
|
|
# Enable HSTS
|
|
|
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
|
|
|
# Prevent MIME-type sniffing
|
|
|
|
|
X-Content-Type-Options nosniff
|
|
|
|
|
|
|
|
|
|
tls ${service.ssl.cert} ${service.ssl.key}
|
2024-12-08 22:53:40 -06:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
