From 49576420ff7ee6cb8f90dd6f638a88b340ba9d2b Mon Sep 17 00:00:00 2001
From: Ivan Reshetnikov <ordinarydev@protonmail.com>
Date: Fri, 18 Aug 2023 18:26:54 +0500
Subject: [PATCH] Add hsts config

---
 nixos/programs/nginx.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/nixos/programs/nginx.nix b/nixos/programs/nginx.nix
index bc5253b..3342278 100644
--- a/nixos/programs/nginx.nix
+++ b/nixos/programs/nginx.nix
@@ -7,6 +7,15 @@
     recommendedGzipSettings = true;
     recommendedProxySettings = true;
 
+    commonHttpConfig = ''
+      # Add HSTS header with preloading to HTTPS requests.
+      # Adding this header to HTTP requests is discouraged
+      map $scheme $hsts_header {
+          https   "max-age=31536000; includeSubdomains; preload";
+      }
+      add_header Strict-Transport-Security $hsts_header;
+    '';
+
     virtualHosts = {
       "nc.comfycamp.space" = {
         useACMEHost = "comfycamp.space";