From c1d0eb6c1fc65ae3a612f538eefbbc1de89d71eb Mon Sep 17 00:00:00 2001 From: cnst Date: Wed, 16 Jul 2025 12:43:34 +0200 Subject: [PATCH] homelab tinkering 8 --- modules/server/vaultwarden/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/server/vaultwarden/default.nix b/modules/server/vaultwarden/default.nix index ef0729d3..877ecc62 100644 --- a/modules/server/vaultwarden/default.nix +++ b/modules/server/vaultwarden/default.nix @@ -31,6 +31,13 @@ in { services.caddy.virtualHosts."vault.cnst.dev".extraConfig = '' reverse_proxy ${vcfg.ROCKET_ADDRESS}:${toString vcfg.ROCKET_PORT} + header { + Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" + X-Content-Type-Options "nosniff" + X-Frame-Options "SAMEORIGIN" + Referrer-Policy "strict-origin-when-cross-origin" + Permissions-Policy "geolocation=(), microphone=(), camera=()" + } ''; services.vaultwarden = {