diff options
Diffstat (limited to 'config/nix.org')
| -rw-r--r-- | config/nix.org | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/config/nix.org b/config/nix.org index c355ba5..29d558a 100644 --- a/config/nix.org +++ b/config/nix.org @@ -1719,9 +1719,13 @@ to the outside world under a domain. root = "${monorepoSelf.packages.${pkgs.system}.website}"; addSSL = true; enableACME = true; + quic = true; + locations."/" = { extraConfig = '' add_header Cache-Control "no-cache, must-revalidate"; + add_header Alt-Svc 'h3=":443"; ma=86400'; + include ${monorepoSelf.packages.${pkgs.system}.website}/csp_header.conf; expires off; ''; }; @@ -1729,11 +1733,12 @@ to the outside world under a domain. locations."~* \\.(?:woff2|ttf|otf|eot|woff|ico|css|js|gif|jpe?g|png|svg|mp3|mp4|iso|webmanifest)$" = { extraConfig = '' add_header Cache-Control "public, max-age=31536000, immutable"; + add_header Alt-Svc 'h3=":443"; ma=86400'; + include ${monorepoSelf.packages.${pkgs.system}.website}/csp_header.conf; access_log off; ''; }; extraConfig = '' - include ${monorepoSelf.packages.${pkgs.system}.website}/csp_header.conf; rewrite ^/graph_view/?(.*)$ https://graph.${config.monorepo.vars.remoteHost}/$1 permanent; ''; }; @@ -1769,8 +1774,12 @@ to the outside world under a domain. root = "${monorepoSelf.packages.${pkgs.system}.website}"; addSSL = true; enableACME = true; + quic = true; locations."/" = { - extraConfig = "rewrite ^/$ /graph_view/index.html break;"; + extraConfig = '' + add_header Alt-Svc 'h3=":443"; ma=86400'; + rewrite ^/$ /graph_view/index.html break; + ''; }; extraConfig = '' @@ -1781,6 +1790,7 @@ to the outside world under a domain. }; networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ]; + networking.firewall.allowedUDPPorts = lib.mkIf config.services.nginx.enable [ 443 ]; networking.domains.subDomains = lib.mkIf config.services.nginx.enable { "${config.monorepo.vars.remoteHost}" = {}; |