summaryrefslogtreecommitdiff
path: root/hosts/surtr
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-03-01 11:47:50 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-03-01 11:47:50 +0100
commit4022922b969772fb6475a13e8a2f12da7afe311d (patch)
tree0a8a4ff59e691c23a4693c6cb500e674ae7605b4 /hosts/surtr
parent9fbaa9c893c425cae1495d721ae12dbc3a63fe9d (diff)
downloadnixos-4022922b969772fb6475a13e8a2f12da7afe311d.tar
nixos-4022922b969772fb6475a13e8a2f12da7afe311d.tar.gz
nixos-4022922b969772fb6475a13e8a2f12da7afe311d.tar.bz2
nixos-4022922b969772fb6475a13e8a2f12da7afe311d.tar.xz
nixos-4022922b969772fb6475a13e8a2f12da7afe311d.zip
surtr: matrix: ...
Diffstat (limited to 'hosts/surtr')
-rw-r--r--hosts/surtr/http.nix2
-rw-r--r--hosts/surtr/matrix/default.nix9
2 files changed, 9 insertions, 2 deletions
diff --git a/hosts/surtr/http.nix b/hosts/surtr/http.nix
index a17f846e..af27f178 100644
--- a/hosts/surtr/http.nix
+++ b/hosts/surtr/http.nix
@@ -27,7 +27,7 @@
27 access_log syslog:server=unix:/dev/log main; 27 access_log syslog:server=unix:/dev/log main;
28 error_log syslog:server=unix:/dev/log info; 28 error_log syslog:server=unix:/dev/log info;
29 29
30 client_body_temp_path /run/nginx-client-bodies; 30 client_body_temp_path /run/nginx-client-bodies;
31 ''; 31 '';
32 additionalModules = with pkgs.nginxModules; [ dav pam ]; 32 additionalModules = with pkgs.nginxModules; [ dav pam ];
33 virtualHosts = { 33 virtualHosts = {
diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix
index 936a0528..55adffd3 100644
--- a/hosts/surtr/matrix/default.nix
+++ b/hosts/surtr/matrix/default.nix
@@ -57,6 +57,8 @@ with lib;
57 "url_preview_ip_range_whitelist" = [ 57 "url_preview_ip_range_whitelist" = [
58 "2a03:4000:52:ada::/128" 58 "2a03:4000:52:ada::/128"
59 ]; 59 ];
60
61 "max_upload_size" = "500M";
60 })) 62 }))
61 ]; 63 ];
62 }; 64 };
@@ -112,7 +114,7 @@ with lib;
112 add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type, Authorization'; 114 add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type, Authorization';
113 add_header Access-Control-Max-Age 7200; 115 add_header Access-Control-Max-Age 7200;
114 ''; 116 '';
115 in listToAttrs (map (n: nameValuePair n { proxyPass = "http://matrix-synapse"; }) ["/_matrix" "/_synapse/client" "/_synapse/admin"]) // { 117 in listToAttrs (map (n: nameValuePair n { proxyPass = "http://matrix-synapse"; extraConfig = "client_max_body_size 500M;"; }) ["/_matrix" "/_synapse/client" "/_synapse/admin"]) // {
116 "= /.well-known/matrix/server" = { 118 "= /.well-known/matrix/server" = {
117 extraConfig = '' 119 extraConfig = ''
118 default_type application/json; 120 default_type application/json;
@@ -143,6 +145,11 @@ with lib;
143 sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem"; 145 sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem";
144 extraConfig = '' 146 extraConfig = ''
145 add_header Strict-Transport-Security "max-age=63072000" always; 147 add_header Strict-Transport-Security "max-age=63072000" always;
148
149 add_header X-Frame-Options SAMEORIGIN;
150 add_header X-Content-Type-Options nosniff;
151 add_header X-XSS-Protection "1; mode=block";
152 add_header Content-Security-Policy "frame-ancestors 'none'";
146 ''; 153 '';
147 154
148 root = pkgs.element-web.override { 155 root = pkgs.element-web.override {