99 lines
2.9 KiB
Nix
99 lines
2.9 KiB
Nix
|
{
|
||
|
description = ''
|
||
|
'';
|
||
|
|
||
|
inputs = {
|
||
|
nixpkgs.url = "nixpkgs";
|
||
|
};
|
||
|
|
||
|
outputs = { self, nixpkgs }:
|
||
|
let
|
||
|
system = "x86_64-linux";
|
||
|
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||
|
lib = pkgs.lib;
|
||
|
stdenv = pkgs.stdenv;
|
||
|
pname = "idimitrov-dev";
|
||
|
version = "1.0.0";
|
||
|
src = ./.;
|
||
|
buildInputs = with pkgs; [
|
||
|
coreutils-full
|
||
|
nodejs_20
|
||
|
bun
|
||
|
];
|
||
|
tmuxConfig = ''
|
||
|
tmux new-session -s my_session -d
|
||
|
tmux new-window -t my_session:1
|
||
|
tmux new-window -t my_session:2
|
||
|
tmux send-keys -t my_session:1.0 'vi' C-m
|
||
|
tmux attach-session -t my_session
|
||
|
'';
|
||
|
in
|
||
|
{
|
||
|
devShell.${system} = pkgs.mkShell {
|
||
|
inherit buildInputs;
|
||
|
shellHook = ''
|
||
|
${tmuxConfig}
|
||
|
'';
|
||
|
};
|
||
|
packages.${system}.default = pkgs.stdenv.mkDerivation rec {
|
||
|
inherit buildInputs pname version src;
|
||
|
buildPhase = ''
|
||
|
mkdir -p $out
|
||
|
'';
|
||
|
};
|
||
|
nixosModules.default = { config, pkgs, ... }:
|
||
|
let cfg = config.website; in
|
||
|
{
|
||
|
options = {
|
||
|
website = {
|
||
|
enable = lib.mkEnableOption "website";
|
||
|
};
|
||
|
};
|
||
|
|
||
|
config = lib.mkIf cfg.enable {
|
||
|
services = {
|
||
|
nginx = {
|
||
|
recommendedGzipSettings = true;
|
||
|
recommendedOptimisation = true;
|
||
|
recommendedProxySettings = true;
|
||
|
recommendedTlsSettings = true;
|
||
|
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
||
|
appendHttpConfig = ''
|
||
|
# Add HSTS header with preloading to HTTPS requests.
|
||
|
# Adding this header to HTTP requests is discouraged
|
||
|
map $scheme $hsts_header {
|
||
|
https "max-age=31536000; includeSubdomains; preload";
|
||
|
}
|
||
|
add_header Strict-Transport-Security $hsts_header;
|
||
|
|
||
|
# Enable CSP for your services.
|
||
|
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
||
|
|
||
|
# Minimize information leaked to other domains
|
||
|
add_header 'Referrer-Policy' 'origin-when-cross-origin';
|
||
|
|
||
|
# Disable embedding as a frame
|
||
|
add_header X-Frame-Options DENY;
|
||
|
|
||
|
# Prevent injection of code in other mime types (XSS Attacks)
|
||
|
add_header X-Content-Type-Options nosniff;
|
||
|
'';
|
||
|
virtualHosts = {
|
||
|
"idimitrov.dev" = {
|
||
|
forceSSL = true;
|
||
|
enableACME = true;
|
||
|
root = self.packages.${system}.default;
|
||
|
default = true;
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
networking.firewall = {
|
||
|
allowedTCPPorts = [ 80 443 ];
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
}
|
||
|
|