diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-03-01 11:47:50 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-03-01 11:47:50 +0100 |
commit | 4022922b969772fb6475a13e8a2f12da7afe311d (patch) | |
tree | 0a8a4ff59e691c23a4693c6cb500e674ae7605b4 | |
parent | 9fbaa9c893c425cae1495d721ae12dbc3a63fe9d (diff) | |
download | nixos-4022922b969772fb6475a13e8a2f12da7afe311d.tar nixos-4022922b969772fb6475a13e8a2f12da7afe311d.tar.gz nixos-4022922b969772fb6475a13e8a2f12da7afe311d.tar.bz2 nixos-4022922b969772fb6475a13e8a2f12da7afe311d.tar.xz nixos-4022922b969772fb6475a13e8a2f12da7afe311d.zip |
surtr: matrix: ...
-rw-r--r-- | hosts/surtr/http.nix | 2 | ||||
-rw-r--r-- | hosts/surtr/matrix/default.nix | 9 |
2 files changed, 9 insertions, 2 deletions
diff --git a/hosts/surtr/http.nix b/hosts/surtr/http.nix index a17f846e..af27f178 100644 --- a/hosts/surtr/http.nix +++ b/hosts/surtr/http.nix | |||
@@ -27,7 +27,7 @@ | |||
27 | access_log syslog:server=unix:/dev/log main; | 27 | access_log syslog:server=unix:/dev/log main; |
28 | error_log syslog:server=unix:/dev/log info; | 28 | error_log syslog:server=unix:/dev/log info; |
29 | 29 | ||
30 | client_body_temp_path /run/nginx-client-bodies; | 30 | client_body_temp_path /run/nginx-client-bodies; |
31 | ''; | 31 | ''; |
32 | additionalModules = with pkgs.nginxModules; [ dav pam ]; | 32 | additionalModules = with pkgs.nginxModules; [ dav pam ]; |
33 | virtualHosts = { | 33 | virtualHosts = { |
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index 936a0528..55adffd3 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix | |||
@@ -57,6 +57,8 @@ with lib; | |||
57 | "url_preview_ip_range_whitelist" = [ | 57 | "url_preview_ip_range_whitelist" = [ |
58 | "2a03:4000:52:ada::/128" | 58 | "2a03:4000:52:ada::/128" |
59 | ]; | 59 | ]; |
60 | |||
61 | "max_upload_size" = "500M"; | ||
60 | })) | 62 | })) |
61 | ]; | 63 | ]; |
62 | }; | 64 | }; |
@@ -112,7 +114,7 @@ with lib; | |||
112 | add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type, Authorization'; | 114 | add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type, Authorization'; |
113 | add_header Access-Control-Max-Age 7200; | 115 | add_header Access-Control-Max-Age 7200; |
114 | ''; | 116 | ''; |
115 | in listToAttrs (map (n: nameValuePair n { proxyPass = "http://matrix-synapse"; }) ["/_matrix" "/_synapse/client" "/_synapse/admin"]) // { | 117 | in listToAttrs (map (n: nameValuePair n { proxyPass = "http://matrix-synapse"; extraConfig = "client_max_body_size 500M;"; }) ["/_matrix" "/_synapse/client" "/_synapse/admin"]) // { |
116 | "= /.well-known/matrix/server" = { | 118 | "= /.well-known/matrix/server" = { |
117 | extraConfig = '' | 119 | extraConfig = '' |
118 | default_type application/json; | 120 | default_type application/json; |
@@ -143,6 +145,11 @@ with lib; | |||
143 | sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem"; | 145 | sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem"; |
144 | extraConfig = '' | 146 | extraConfig = '' |
145 | add_header Strict-Transport-Security "max-age=63072000" always; | 147 | add_header Strict-Transport-Security "max-age=63072000" always; |
148 | |||
149 | add_header X-Frame-Options SAMEORIGIN; | ||
150 | add_header X-Content-Type-Options nosniff; | ||
151 | add_header X-XSS-Protection "1; mode=block"; | ||
152 | add_header Content-Security-Policy "frame-ancestors 'none'"; | ||
146 | ''; | 153 | ''; |
147 | 154 | ||
148 | root = pkgs.element-web.override { | 155 | root = pkgs.element-web.override { |