From 0e10df15180ef251cc85fed763447eec206f3fe5 Mon Sep 17 00:00:00 2001
From: Daniel Kempkens <daniel+git@kempkens.io>
Date: Mon, 6 Mar 2023 23:21:51 +0100
Subject: [PATCH] sail: Try setting STS headers for SSL only

---
 system/nixos/mastodon.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/system/nixos/mastodon.nix b/system/nixos/mastodon.nix
index b50a4ed..a343aa4 100644
--- a/system/nixos/mastodon.nix
+++ b/system/nixos/mastodon.nix
@@ -117,6 +117,10 @@ in
 
     extraConfig = ''
       add_header Access-Control-Allow-Origin https://mastodon.kempkens.io;
+
+      if ($ssl_protocol != "") {
+        add_header Strict-Transport-Security max-age=31536000; includeSubDomains; preload;
+      }
     '';
 
     locations."/system/".alias = "/var/lib/mastodon/public-system/";