Merge pull request #80 from sioodmy/niri

Niri
sioodmy · May 1, 2024 · 20e8866 · 20e8866
2 parents fd93061 + 5908370
commit 20e8866
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 8 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -170,6 +170,10 @@
       url = "github:lighttigerXIV/catppuccinifier";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    website = {
+      url = "github:sioodmy/website";
+      flake = false;
+    };
   };
 }
 # see also:

diff --git a/home/rice/niri/config.nix b/home/rice/niri/config.nix
@@ -22,6 +22,7 @@ with theme.colors; ''
 
       warp-mouse-to-focus
       focus-follows-mouse
+      workspace-auto-back-and-forth
   }
 
   output "eDP-1" {

diff --git a/system/server/default.nix b/system/server/default.nix
@@ -8,16 +8,38 @@
   services.nginx = {
     enable = true;
     # package = pkgs.nginx.override {openssl = pkgs.libressl;};
-    package = pkgs.angieQuic;
+    package = pkgs.angieQuic.override {openssl = pkgs.libressl;};
 
-    # # lets be more picky on our ciphers and protocols
-    # sslCiphers = "EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL";
-    # sslProtocols = "TLSv1.3 TLSv1.2";
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    recommendedZstdSettings = true;
+
+    # lets be more picky on our ciphers and protocols
+    sslCiphers = "EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL";
+    sslProtocols = "TLSv1.3 TLSv1.2";
+
+        commonHttpConfig = ''
+      #real_ip_header CF-Connecting-IP;
+      add_header 'Referrer-Policy' 'origin-when-cross-origin';
+      add_header X-Frame-Options DENY;
+      add_header X-Content-Type-Options nosniff;
+    '';
 
     virtualHosts = {
       "sioodmy.dev" = {
-        root = "${inputs.sioodmy-dev.packages.${pkgs.system}.website}/";
+        root = inputs.website;
         enableACME = true;
+        locations."/" = {
+        tryFiles = "$uri $uri.html $uri/ =404";
+        extraConfig = ''
+          if ($request_uri ~ ^/(.*)\.html$) {
+            return 302 /$1;
+          }
+        '';
+        };
+
         forceSSL = true;
       };
       "search.sioodmy.dev" = {
@@ -37,7 +59,6 @@
   };
 
   networking.firewall = {
-    allowedUDPPorts = [51820 5232];
-    allowedTCPPorts = [5232 80 3000];
+    allowedTCPPorts = [80 443];
   };
 }