From 498ed902a2d790c2f04d43b0e7a9b96f80df6162 Mon Sep 17 00:00:00 2001
From: Hadi <112569860+anotherhadi@users.noreply.github.com>
Date: Wed, 29 Apr 2026 19:43:59 +0200
Subject: [PATCH 1/3] Add error pages

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
---
 server-modules/blog.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/server-modules/blog.nix b/server-modules/blog.nix
index d876789..2339358 100644
--- a/server-modules/blog.nix
+++ b/server-modules/blog.nix
@@ -25,11 +25,15 @@ in {
                 }
               ];
               locations."/" = {
-                tryFiles = "$uri $uri/ /index.html";
+                tryFiles = "$uri $uri/ =404";
               };
               extraConfig = ''
                 port_in_redirect off;
                 absolute_redirect off;
+                error_page 403 /403.html;
+                error_page 404 /404.html;
+                error_page 500 /500.html;
+                error_page 503 /503.html;
                 add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' data: https://umami.${domain}; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://git.${domain}; connect-src 'self' https://umami.${domain};" always;
               '';
             };

From 7862c970fdc9287cd4c1fcab023db130aa3e01e5 Mon Sep 17 00:00:00 2001
From: Hadi <112569860+anotherhadi@users.noreply.github.com>
Date: Wed, 29 Apr 2026 22:18:16 +0200
Subject: [PATCH 2/3] Add Security Headers

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
---
 server-modules/blog.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/server-modules/blog.nix b/server-modules/blog.nix
index 2339358..6a88bd0 100644
--- a/server-modules/blog.nix
+++ b/server-modules/blog.nix
@@ -35,6 +35,9 @@ in {
                 error_page 500 /500.html;
                 error_page 503 /503.html;
                 add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' data: https://umami.${domain}; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://git.${domain}; connect-src 'self' https://umami.${domain};" always;
+                add_header X-Frame-Options "SAMEORIGIN" always;
+                add_header X-Content-Type-Options "nosniff" always;
+                add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;
               '';
             };
             "www-redirect" = {

From 325cacc86f741e6177fb442f24f2570ab49c9d5a Mon Sep 17 00:00:00 2001
From: Hadi <112569860+anotherhadi@users.noreply.github.com>
Date: Wed, 29 Apr 2026 22:44:05 +0200
Subject: [PATCH 3/3] update blog

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
---
 flake.lock | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/flake.lock b/flake.lock
index 5d572e3..1ca406e 100644
--- a/flake.lock
+++ b/flake.lock
@@ -125,11 +125,11 @@
         "nixpkgs": "nixpkgs_2"
       },
       "locked": {
-        "lastModified": 1777068438,
-        "narHash": "sha256-87KZIkdVRICi7BkPs50gM949qRrRBsznchVvmAAWxsY=",
+        "lastModified": 1777484430,
+        "narHash": "sha256-dnUDj6zLNhFeXkUzzKdecF7jqHhayZ4Q9+WbXJW+dnY=",
         "owner": "anotherhadi",
         "repo": "blog",
-        "rev": "e3f0fc5735b272ee518cdc579cf4fd638ee2adb5",
+        "rev": "35ac328d5ed6f701c102ab6729aa842705208e6c",
         "type": "github"
       },
       "original": {