diff options
| author | Sandro <sandro.jaeckel@gmail.com> | 2022-11-16 02:51:47 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-16 02:51:47 +0100 |
| commit | 655ab77b16201a96e481daab6da45073ea8c42d2 (patch) | |
| tree | fc4e5ea7443af6fa6f1ad15e426f9ee28fc4e5b5 /nixos/modules/services | |
| parent | 7e2a6249d1203265f8641dfaed7f64a42bd8976b (diff) | |
| parent | c4f9538875af001e6173b192874e2826eab2a148 (diff) | |
Merge pull request #198724 from Izorkin/update-peertube
Diffstat (limited to 'nixos/modules/services')
| -rw-r--r-- | nixos/modules/services/web-apps/peertube.nix | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/nixos/modules/services/web-apps/peertube.nix b/nixos/modules/services/web-apps/peertube.nix index 046577e61566a..4dbcb09d2ae28 100644 --- a/nixos/modules/services/web-apps/peertube.nix +++ b/nixos/modules/services/web-apps/peertube.nix @@ -67,7 +67,11 @@ let node ~/dist/server/tools/peertube.js $@ ''; - nginxCommonHeaders = '' + nginxCommonHeaders = lib.optionalString cfg.enableWebHttps '' + add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; + '' + lib.optionalString config.services.nginx.virtualHosts.${cfg.localDomain}.http3 '' + add_header Alt-Svc 'h3=":443"; ma=86400'; + '' + '' add_header Access-Control-Allow-Origin '*'; add_header Access-Control-Allow-Methods 'GET, OPTIONS'; add_header Access-Control-Allow-Headers 'Range,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type'; @@ -370,7 +374,7 @@ in { systemd.services.peertube-init-db = lib.mkIf cfg.database.createLocally { description = "Initialization database for PeerTube daemon"; after = [ "network.target" "postgresql.service" ]; - wantedBy = [ "multi-user.target" ]; + requires = [ "postgresql.service" ]; script = let psqlSetupCommands = pkgs.writeText "peertube-init.sql" '' @@ -399,7 +403,9 @@ in { systemd.services.peertube = { description = "PeerTube daemon"; after = [ "network.target" ] - ++ lib.optionals cfg.redis.createLocally [ "redis.service" ] + ++ lib.optional cfg.redis.createLocally "redis-peertube.service" + ++ lib.optionals cfg.database.createLocally [ "postgresql.service" "peertube-init-db.service" ]; + requires = lib.optional cfg.redis.createLocally "redis-peertube.service" ++ lib.optionals cfg.database.createLocally [ "postgresql.service" "peertube-init-db.service" ]; wantedBy = [ "multi-user.target" ]; @@ -487,6 +493,10 @@ in { extraConfig = '' client_max_body_size 12G; add_header X-File-Maximum-Size 8G always; + '' + lib.optionalString cfg.enableWebHttps '' + add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; + '' + lib.optionalString config.services.nginx.virtualHosts.${cfg.localDomain}.http3 '' + add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }; @@ -497,6 +507,10 @@ in { extraConfig = '' client_max_body_size 6M; add_header X-File-Maximum-Size 4M always; + '' + lib.optionalString cfg.enableWebHttps '' + add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; + '' + lib.optionalString config.services.nginx.virtualHosts.${cfg.localDomain}.http3 '' + add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }; @@ -560,6 +574,10 @@ in { priority = 1320; extraConfig = '' add_header Cache-Control 'public, max-age=604800, immutable'; + '' + lib.optionalString cfg.enableWebHttps '' + add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; + '' + lib.optionalString config.services.nginx.virtualHosts.${cfg.localDomain}.http3 '' + add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }; @@ -718,6 +736,10 @@ in { rewrite ^/static/webseed/(.*)$ /$1 break; ''; }; + + extraConfig = lib.optionalString cfg.enableWebHttps '' + add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains'; + ''; }; }; |