Move nginx config to virtual host

nixos/programs/nginx.nix

@@ -7,27 +7,6 @@
     recommendedGzipSettings = true;
     recommendedProxySettings = true;
 
-    commonHttpConfig = ''
-      # Add HSTS header with preloading to HTTPS requests.
-      # Adding this header to HTTP requests is discouraged
-      map $scheme $hsts_header {
-          https   "max-age=31536000; includeSubdomains; preload";
-      }
-      add_header Strict-Transport-Security $hsts_header;
-
-      # Minimize information leaked to other domains
-      add_header 'Referrer-Policy' 'origin-when-cross-origin';
-
-      # Disable embedding as a frame
-      add_header Content-Security-Policy "frame-ancestors 'self' https://*.comfycamp.space;";
-
-      # Prevent injection of code in other mime types (XSS Attacks)
-      add_header X-Content-Type-Options nosniff;
-
-      # Enable XSS protection of the browser.
-      add_header X-XSS-Protection "1; mode=block";
-    '';
-
     virtualHosts = {
       "m.comfycamp.space" = {
         useACMEHost = "comfycamp.space";
@@ -54,6 +33,26 @@
             proxyWebsockets = true;
           };
         };
+        extraConfig = ''
+          # Add HSTS header with preloading to HTTPS requests.
+          # Adding this header to HTTP requests is discouraged
+          map $scheme $hsts_header {
+              https   "max-age=31536000; includeSubdomains; preload";
+          }
+          add_header Strict-Transport-Security $hsts_header;
+
+          # Minimize information leaked to other domains
+          add_header 'Referrer-Policy' 'origin-when-cross-origin';
+
+          # Disable embedding as a frame
+          add_header Content-Security-Policy "frame-ancestors 'self' https://*.comfycamp.space;";
+
+          # Prevent injection of code in other mime types (XSS Attacks)
+          add_header X-Content-Type-Options nosniff;
+
+          # Enable XSS protection of the browser.
+          add_header X-XSS-Protection "1; mode=block";
+        '';
       };
     };
   };