NixOS-Configs/hosts/w1/caddy/Caddyfile

w1.duckland.org {
	tls duck@duckland.org
	root * /srv/duckland
	encode gzip
	file_server
	header / {
		Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';"
		Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
		X-Xss-Protection = "1; mode=block"
		X-Frame-Options = "DENY"
		X-Content-Type-Options = "nosniff"
		Referrer-Policy = "strict-origin-when-cross-origin"
		Permissions-Policy = "fullscreen=(self)"
		cache-control = "max-age=0,no-cache,no-store,must-revalidate"
	}
}

w1.donharper.org {
	tls duck@duckland.org
	root * /srv/donharper
	encode gzip
	file_server
	header / {
		Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';"
		Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
		X-Xss-Protection = "1; mode=block"
		X-Frame-Options = "DENY"
		X-Content-Type-Options = "nosniff"
		Referrer-Policy = "strict-origin-when-cross-origin"
		Permissions-Policy = "fullscreen=(self)"
		cache-control = "max-age=0,no-cache,no-store,must-revalidate"
	}
}

w1.donaldharper.com {
	tls duck@duckland.org
	root * /srv/donaldharper
	encode gzip
	file_server
	header / {
		Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';"
		Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
		X-Xss-Protection = "1; mode=block"
		X-Frame-Options = "DENY"
		X-Content-Type-Options = "nosniff"
		Referrer-Policy = "strict-origin-when-cross-origin"
		Permissions-Policy = "fullscreen=(self)"
		cache-control = "max-age=0,no-cache,no-store,must-revalidate"
	}
}

travel.donaldharper.com {
	tls duck@duckland.org
	root * /srv/travel
	encode gzip
	file_server
	header / {
		Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';"
		Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
		X-Xss-Protection = "1; mode=block"
		X-Frame-Options = "DENY"
		X-Content-Type-Options = "nosniff"
		Referrer-Policy = "strict-origin-when-cross-origin"
		Permissions-Policy = "fullscreen=(self)"
		cache-control = "max-age=0,no-cache,no-store,must-revalidate"
	}
}

p365.donaldharper.com {
	tls duck@duckland.org
	root * /srv/p365
	encode gzip
	file_server
	header / {
		Content-Security-Policy = "upgrade-insecure-requests; default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; object-src 'self'; worker-src 'self'; manifest-src 'self';"
		Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
		X-Xss-Protection = "1; mode=block"
		X-Frame-Options = "DENY"
		X-Content-Type-Options = "nosniff"
		Referrer-Policy = "strict-origin-when-cross-origin"
		Permissions-Policy = "fullscreen=(self)"
		cache-control = "max-age=0,no-cache,no-store,must-revalidate"
	}
}