nixos-config/machines/renge/services/element-web.nix

54 lines
1.7 KiB
Nix
Raw Permalink Normal View History

2021-02-28 16:16:06 +01:00
{ lib, pkgs, ... }:
let
# This uses
# https://github.com/vector-im/element-web#configuration-best-practices
# but allows to disable the frame-ancestors rule for /usercontent/.
mkSecurityHeaders = withFrameOptions: ''
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
'' + lib.optionalString withFrameOptions ''
add_header Content-Security-Policy "frame-ancestors 'none'";
'' + lib.optionalString (!withFrameOptions) ''
add_header Content-Security-Policy "frame-ancestors 'self'";
'';
in
2021-02-28 16:16:06 +01:00
{
services.nginx.virtualHosts."chat.sbruder.de" = {
enableACME = true;
forceSSL = true;
root = pkgs.element-web;
extraConfig = mkSecurityHeaders true;
locations."/usercontent/".extraConfig = mkSecurityHeaders false;
2021-02-28 16:16:06 +01:00
# nixpkgss override mechanism doesnt allow overriding of all options
locations."=/config.chat.sbruder.de.json".alias = pkgs.writeText "config.chat.sbruder.de.json" (lib.generators.toJSON { } {
default_server_config = {
"m.homeserver" = {
base_url = "https://matrix.sbruder.de";
server_name = "matrix.sbruder.de";
};
};
showLabsSettings = true;
branding = {
authFooterLinks = [ ];
};
piwik = false;
defaultCountryCode = "DE";
settingDefaults = {
"UIFeature.feedback" = false;
"UIFeature.shareSocial" = false;
"UIFeature.identityServer" = false;
"UIFeature.thirdPartyId" = false;
};
disable_custom_urls = true;
jitsi.preferredDomain = "meet.jalr.de";
disable_guests = true;
disable_3pid_login = true;
desktopBuilds.available = false;
});
};
}