franz-kafka/nixos-vps
1
0
Fork 0
forked from penal-colony/nixos-vps
Code Pull requests Activity
nixos-vps/modules
History
Exact
Franz Kafka fbea02867e feat(nginx): add security headers with per-domain CSP 
- Add HSTS (6 months, includeSubDomains, preload-ready)
- Add X-Content-Type-Options: nosniff
- Add Permissions-Policy (disable camera/mic/geolocation)
- Add Cross-Origin-Resource-Policy: same-origin
- Add Cross-Origin-Opener-Policy: same-origin
- Add configurable Content-Security-Policy per domain

Per-service CSP tuning:
- SearXNG: null (handles its own CSP in settings.yml)
- Forgejo: relaxed (unsafe-inline/eval for code highlighting)
- Vaultwarden: relaxed (unsafe-eval for WebCrypto vault)

Fixes: missing CSP, HSTS, X-Content-Type-Options headers
2026-03-19 13:42:41 +00:00
..
adguard.nix Allow AdGuard Home to read ACME certificates via ReadOnlyPaths 2026-03-18 22:12:28 +01:00
backup.nix feat: add backup module with Restic + Backblaze B2 2026-03-18 14:11:11 +01:00
crowdsec.nix Fix CrowdSec GeoIP filter syntax 2026-03-18 21:54:34 +01:00
default.nix Add Forgejo self-hosted Git service with Nginx, PostgreSQL, and Restic backups 2026-03-18 23:32:01 +01:00
forgejo.nix feat(nginx): add security headers with per-domain CSP 2026-03-19 13:42:41 +00:00
nginx.nix feat(nginx): add security headers with per-domain CSP 2026-03-19 13:42:41 +00:00
openclaw-config.json Add Brave Search web search to OpenClaw 2026-03-18 02:50:09 +01:00
openclaw-podman.nix Fix OpenClaw config volume path to /home/node 2026-03-18 01:47:37 +01:00
podman.nix Add modular service configuration with SearXNG and Nginx 2026-03-17 19:47:43 +01:00
searxng.nix Simplify SearXNG module to use root-based podman 2026-03-17 20:17:20 +01:00
system.nix Add auto-update and maintenance options to system module 2026-03-19 00:03:58 +01:00
vaultwarden.nix feat(nginx): add security headers with per-domain CSP 2026-03-19 13:42:41 +00:00