homelab tinkering 9

2025-07-16 13:07:16 +02:00
parent c1d0eb6c1f
commit 9822b71af3
1 changed files with 12 additions and 7 deletions
--- a/modules/server/vaultwarden/default.nix
+++ b/modules/server/vaultwarden/default.nix
@@ -30,13 +30,18 @@ in {
    };

    services.caddy.virtualHosts."vault.cnst.dev".extraConfig = ''
-      reverse_proxy ${vcfg.ROCKET_ADDRESS}:${toString vcfg.ROCKET_PORT}
-      header {
-        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-        X-Content-Type-Options "nosniff"
-        X-Frame-Options "SAMEORIGIN"
-        Referrer-Policy "strict-origin-when-cross-origin"
-        Permissions-Policy "geolocation=(), microphone=(), camera=()"
+      log {
+        level INFO
+        output file {$LOG_FILE} {
+          roll_size 10MB
+          roll_keep 10
+        }
+      }
+
+      encode zstd gzip
+
+      reverse_proxy ${vcfg.ROCKET_ADDRESS}:${toString vcfg.ROCKET_PORT} {
+        header_up X-Real-IP {remote_host}
      }
    '';