system-configuration

system-configuration/modules/config/web.scm

web.scm

;;; Tyreunom's system administration and configuration tools.
;;;
;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
;;;
;;; This program is free software: you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
;;; the Free Software Foundation, either version 3 of the License, or
;;; (at your option) any later version.
;;;
;;; This program is distributed in the hope that it will be useful,
;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.

(define-module (config web)
  #:export (web-base-policy
            web-html-policy
	    default-web-policy))

(define web-base-policy
  '("add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains\" always;"
    "add_header X-Frame-Options DENY;"
    "add_header X-Content-Type-Options nosniff;"
    "add_header Content-Security-Policy 'default-src \\'none\\'; img-src \\'self\\'; style-src \\'self\\' \\'unsafe-inline\\'; frame-ancestors \\'none\\'';"
    "add_header Referrer-Policy no-referrer;"))

(define (web-html-policy additional-data)
  (append
    '("location ~ \\.html$ {"
      "    add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';"
      "    add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains\" always;"
      "    add_header X-Frame-Options DENY;"
      "    add_header X-Content-Type-Options nosniff;"
      "    add_header Content-Security-Policy 'default-src \\'none\\'; img-src \\'self\\'; style-src \\'self\\' \\'unsafe-inline\\'; frame-ancestors \\'none\\'';"
      "    add_header Referrer-Policy no-referrer;")
    additional-data
    '("    expires off;"
      "}")))

(define default-web-policy
  (append
    web-base-policy
    (web-html-policy '())))


1	;;; Tyreunom's system administration and configuration tools.
2	;;;
3	;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
4	;;;
5	;;; This program is free software: you can redistribute it and/or modify
6	;;; it under the terms of the GNU General Public License as published by
7	;;; the Free Software Foundation, either version 3 of the License, or
8	;;; (at your option) any later version.
9	;;;
10	;;; This program is distributed in the hope that it will be useful,
11	;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
12	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13	;;; GNU General Public License for more details.
14	;;;
15	;;; You should have received a copy of the GNU General Public License
16	;;; along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18	(define-module (config web)
19	#:export (web-base-policy
20	web-html-policy
21	default-web-policy))
22
23	(define web-base-policy
24	'("add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains\" always;"
25	"add_header X-Frame-Options DENY;"
26	"add_header X-Content-Type-Options nosniff;"
27	"add_header Content-Security-Policy 'default-src \\'none\\'; img-src \\'self\\'; style-src \\'self\\' \\'unsafe-inline\\'; frame-ancestors \\'none\\'';"
28	"add_header Referrer-Policy no-referrer;"))
29
30	(define (web-html-policy additional-data)
31	(append
32	'("location ~ \\.html$ {"
33	" add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';"
34	" add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains\" always;"
35	" add_header X-Frame-Options DENY;"
36	" add_header X-Content-Type-Options nosniff;"
37	" add_header Content-Security-Policy 'default-src \\'none\\'; img-src \\'self\\'; style-src \\'self\\' \\'unsafe-inline\\'; frame-ancestors \\'none\\'';"
38	" add_header Referrer-Policy no-referrer;")
39	additional-data
40	'(" expires off;"
41	"}")))
42
43	(define default-web-policy
44	(append
45	web-base-policy
46	(web-html-policy '())))
47