anotherhadi/nixy
1
Fork 0
mirror of https://github.com/anotherhadi/nixy.git synced 2026-05-20 05:12:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

hardening

Browse Source 
Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
This commit is contained in:
Hadi
2026-04-11 11:27:39 +02:00
parent 28b7923e47
commit 2326857f65
6 changed files with 59 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server-modules/mk-container.nix
+8 -1
View File
@@ -7,6 +7,13 @@
# externalInterface - WAN interface for NAT, required when internet = true
# bindMounts - host paths to mount into the container (see containers.<name>.bindMounts)
# config - NixOS module for the container
let
nginxHardening = { config, ... }: lib.mkIf config.services.nginx.enable {
services.nginx.serverTokens = false;
};
in
{
mkContainer =
{
@@ -29,7 +36,7 @@
localAddress = containerIp;
inherit bindMounts;
config = { ... }: {
imports = [ nixosConfig ];
imports = [ nixosConfig nginxHardening ];
networking.nameservers = lib.mkIf internet [ "1.1.1.1" "1.0.0.1" ];
};
};