~sircmpwn/sr.ht-nginx

6bca57a2dae50af4f4a77fb4def3e068f4eb35b4 — Drew DeVault a month ago cdd5504
all: opt out of FLoC

Eat shit, Google
M builds.sr.ht.conf => builds.sr.ht.conf +3 -0
@@ 20,8 20,11 @@ server {
	ssl_certificate /etc/ssl/uacme/builds.sr.ht/cert.pem;
	ssl_certificate_key /etc/ssl/uacme/private/builds.sr.ht/key.pem;

	add_header X-Clacks-Overhead "GNU Terry Pratchett";
	add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self'" always;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
	# Fuck you, Google, I don't spy on my users
	add_header Permissions-Policy interest-cohort=();

	gzip on;
	gzip_types text/css text/html;

M dispatch.sr.ht.conf => dispatch.sr.ht.conf +3 -0
@@ 19,8 19,11 @@ server {
	ssl_certificate /etc/ssl/uacme/dispatch.sr.ht/cert.pem;
	ssl_certificate_key /etc/ssl/uacme/private/dispatch.sr.ht/key.pem;

	add_header X-Clacks-Overhead "GNU Terry Pratchett";
	add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self'" always;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
	# Fuck you, Google, I don't spy on my users
	add_header Permissions-Policy interest-cohort=();

	gzip on;
	gzip_types text/html text/css;

M git.sr.ht.conf => git.sr.ht.conf +3 -0
@@ 20,8 20,11 @@ server {
	ssl_certificate /etc/ssl/uacme/git.sr.ht/cert.pem;
	ssl_certificate_key /etc/ssl/uacme/private/git.sr.ht/key.pem;

	add_header X-Clacks-Overhead "GNU Terry Pratchett";
	add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline'" always;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
	# Fuck you, Google, I don't spy on my users
	add_header Permissions-Policy interest-cohort=();

	gzip on;
	gzip_types text/css text/html;

M hg.sr.ht.conf => hg.sr.ht.conf +3 -0
@@ 20,8 20,11 @@ server {
	ssl_certificate /etc/ssl/uacme/hg.sr.ht/cert.pem;
	ssl_certificate_key /etc/ssl/uacme/private/hg.sr.ht/key.pem;

	add_header X-Clacks-Overhead "GNU Terry Pratchett";
	add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'" always;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
	# Fuck you, Google, I don't spy on my users
	add_header Permissions-Policy interest-cohort=();

	gzip on;
	gzip_types text/css;

M hub.sr.ht.conf => hub.sr.ht.conf +3 -0
@@ 23,8 23,11 @@ server {
	ssl_certificate /etc/ssl/uacme/sr.ht/cert.pem;
	ssl_certificate_key /etc/ssl/uacme/private/sr.ht/key.pem;

	add_header X-Clacks-Overhead "GNU Terry Pratchett";
	add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'" always;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
	# Fuck you, Google, I don't spy on my users
	add_header Permissions-Policy interest-cohort=();

	gzip on;
	gzip_types text/css text/html;

M lists.sr.ht.conf => lists.sr.ht.conf +3 -0
@@ 19,8 19,11 @@ server {
	ssl_certificate /etc/ssl/uacme/lists.sr.ht/cert.pem;
	ssl_certificate_key /etc/ssl/uacme/private/lists.sr.ht/key.pem;

	add_header X-Clacks-Overhead "GNU Terry Pratchett";
	add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self'" always;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
	# Fuck you, Google, I don't spy on my users
	add_header Permissions-Policy interest-cohort=();

	gzip on;
	gzip_types text/html text/css;

M man.sr.ht.conf => man.sr.ht.conf +3 -0
@@ 20,8 20,11 @@ server {
	ssl_certificate /etc/ssl/uacme/man.sr.ht/cert.pem;
	ssl_certificate_key /etc/ssl/uacme/private/man.sr.ht/key.pem;

	add_header X-Clacks-Overhead "GNU Terry Pratchett";
	add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'" always;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
	# Fuck you, Google, I don't spy on my users
	add_header Permissions-Policy interest-cohort=();

	gzip on;
	gzip_types text/css text/html;

M meta.sr.ht.conf => meta.sr.ht.conf +3 -0
@@ 23,8 23,11 @@ server {
	ssl_certificate /etc/ssl/uacme/meta.sr.ht/cert.pem;
	ssl_certificate_key /etc/ssl/uacme/private/meta.sr.ht/key.pem;

	add_header X-Clacks-Overhead "GNU Terry Pratchett";
	add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self' 'unsafe-inline' *.stripe.com *.stripe.network; frame-src *.stripe.com *.stripe.network" always;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
	# Fuck you, Google, I don't spy on my users
	add_header Permissions-Policy interest-cohort=();

	gzip on;
	gzip_types text/css text/html;

M paste.sr.ht.conf => paste.sr.ht.conf +3 -0
@@ 20,8 20,11 @@ server {
	ssl_certificate /etc/ssl/uacme/paste.sr.ht/cert.pem;
	ssl_certificate_key /etc/ssl/uacme/private/paste.sr.ht/key.pem;

	add_header X-Clacks-Overhead "GNU Terry Pratchett";
	add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self' 'unsafe-inline'" always;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
	# Fuck you, Google, I don't spy on my users
	add_header Permissions-Policy interest-cohort=();

	gzip on;
	gzip_types text/css text/html;

M todo.sr.ht.conf => todo.sr.ht.conf +3 -0
@@ 20,8 20,11 @@ server {
	ssl_certificate /etc/ssl/uacme/todo.sr.ht/cert.pem;
	ssl_certificate_key /etc/ssl/uacme/private/todo.sr.ht/key.pem;

	add_header X-Clacks-Overhead "GNU Terry Pratchett";
	add_header Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src * data:; script-src 'self'" always;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
	# Fuck you, Google, I don't spy on my users
	add_header Permissions-Policy interest-cohort=();

	gzip on;
	gzip_types text/css text/html;