From 4022922b969772fb6475a13e8a2f12da7afe311d Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 1 Mar 2022 11:47:50 +0100 Subject: surtr: matrix: ... --- hosts/surtr/http.nix | 2 +- hosts/surtr/matrix/default.nix | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/hosts/surtr/http.nix b/hosts/surtr/http.nix index a17f846e..af27f178 100644 --- a/hosts/surtr/http.nix +++ b/hosts/surtr/http.nix @@ -27,7 +27,7 @@ access_log syslog:server=unix:/dev/log main; error_log syslog:server=unix:/dev/log info; - client_body_temp_path /run/nginx-client-bodies; + client_body_temp_path /run/nginx-client-bodies; ''; additionalModules = with pkgs.nginxModules; [ dav pam ]; virtualHosts = { diff --git a/hosts/surtr/matrix/default.nix b/hosts/surtr/matrix/default.nix index 936a0528..55adffd3 100644 --- a/hosts/surtr/matrix/default.nix +++ b/hosts/surtr/matrix/default.nix @@ -57,6 +57,8 @@ with lib; "url_preview_ip_range_whitelist" = [ "2a03:4000:52:ada::/128" ]; + + "max_upload_size" = "500M"; })) ]; }; @@ -112,7 +114,7 @@ with lib; add_header Access-Control-Allow-Headers 'X-Requested-With, Content-Type, Authorization'; add_header Access-Control-Max-Age 7200; ''; - in listToAttrs (map (n: nameValuePair n { proxyPass = "http://matrix-synapse"; }) ["/_matrix" "/_synapse/client" "/_synapse/admin"]) // { + in listToAttrs (map (n: nameValuePair n { proxyPass = "http://matrix-synapse"; extraConfig = "client_max_body_size 500M;"; }) ["/_matrix" "/_synapse/client" "/_synapse/admin"]) // { "= /.well-known/matrix/server" = { extraConfig = '' default_type application/json; @@ -143,6 +145,11 @@ with lib; sslTrustedCertificate = "/run/credentials/nginx.service/element.synapse.li.chain.pem"; extraConfig = '' add_header Strict-Transport-Security "max-age=63072000" always; + + add_header X-Frame-Options SAMEORIGIN; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header Content-Security-Policy "frame-ancestors 'none'"; ''; root = pkgs.element-web.override { -- cgit v1.2.3