From 1aec25fdaad55c79f50149e2c4cd4f7fe52b2065 Mon Sep 17 00:00:00 2001
From: muon <admin@muon.host>
Date: Thu, 1 Jan 2026 16:39:28 +0000
Subject: [PATCH] Update nginx

---
 modules/nixos/server/nginx.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/server/nginx.nix b/modules/nixos/server/nginx.nix
index fafb4df..c307231 100644
--- a/modules/nixos/server/nginx.nix
+++ b/modules/nixos/server/nginx.nix
@@ -82,7 +82,7 @@ in
             add_header X-XSS-Protection          "1; mode=block" always;
             add_header X-Content-Type-Options    "nosniff" always;
             add_header Referrer-Policy           "no-referrer-when-downgrade" always;
-            add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
+            add_header Content-Security-Policy   "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self'; script-src 'self'; object-src 'none'; base-uri 'none';"; always;
             add_header Permissions-Policy        "interest-cohort=()" always;
             # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
           '';
@@ -99,6 +99,14 @@ in
               "/" = {
                 proxyPass = "http://${cfg.ip}:${toString port}/";
                 proxyWebsockets = true;
+                extraConfig =
+                  # sh
+                  ''
+                    client_max_body_size 50000M;
+                    proxy_read_timeout   600s;
+                    proxy_send_timeout   600s;
+                    send_timeout         600s;
+                  '';
               };
             };
         in