penal-colony/nixos-vps
2
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions
No description
107 commits 3 branches 0 tags 363 KiB
Find a file
Franz Kafka fbea02867e feat(nginx): add security headers with per-domain CSP 
- Add HSTS (6 months, includeSubDomains, preload-ready)
- Add X-Content-Type-Options: nosniff
- Add Permissions-Policy (disable camera/mic/geolocation)
- Add Cross-Origin-Resource-Policy: same-origin
- Add Cross-Origin-Opener-Policy: same-origin
- Add configurable Content-Security-Policy per domain

Per-service CSP tuning:
- SearXNG: null (handles its own CSP in settings.yml)
- Forgejo: relaxed (unsafe-inline/eval for code highlighting)
- Vaultwarden: relaxed (unsafe-eval for WebCrypto vault)

Fixes: missing CSP, HSTS, X-Content-Type-Options headers
2026-03-19 13:42:41 +00:00
.claude fix: simplify CrowdSec module 2026-03-18 13:50:44 +01:00
docs/superpowers docs: add AdGuard Home implementation plan 2026-03-18 19:06:42 +01:00
modules feat(nginx): add security headers with per-domain CSP 2026-03-19 13:42:41 +00:00
secrets chore(secrets): add AdGuard ClientID secrets 2026-03-18 18:14:48 +00:00
.gitignore Add sops-nix for secrets management 2026-03-17 19:34:10 +01:00
.sops.yaml . 2026-03-17 18:59:15 +00:00
braveapi.py Convert Openclaw to Podman container 2026-03-18 01:35:02 +01:00
CLAUDE.md Add CLAUDE.md for future Claude Code instances 2026-03-18 02:42:21 +01:00
configuration.nix feat(nginx): add security headers with per-domain CSP 2026-03-19 13:42:41 +00:00
flake.lock chore: update flake.lock 2026-03-18 22:52:33 +00:00
flake.nix Update nixpkgs to unstable for Go 1.25 support 2026-03-17 20:10:18 +01:00
hardware-configuration.nix Initial commit 2026-03-17 18:20:35 +00:00
LICENSE Initial commit 2026-03-17 19:18:13 +01:00