From af2a0e8e3ea6863bd0a4c1623bb5ee1ea5b88432 Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Sat, 7 May 2022 12:00:18 +0300
Subject: [PATCH] Set the Vim file type.
Prettier editing.
---
conf.d/default.conf | 1 +
conf.d/global.conf | 1 +
conf.d/status.conf | 1 +
snippets/ads-txt.conf | 1 +
snippets/allow-ns1.conf | 1 +
snippets/allow-ns4.conf | 1 +
snippets/allow-private-ips.conf | 1 +
snippets/allow-shore-ips.conf | 1 +
snippets/common-headers.conf | 1 +
snippets/ldap-auth.conf | 1 +
snippets/matrix-well-known.conf | 1 +
snippets/proxy-headers.conf | 1 +
snippets/proxy-ssl.conf | 1 +
snippets/redirect-https.conf | 1 +
snippets/redirect-www.conf | 1 +
snippets/robots-allow-all.conf | 1 +
snippets/robots-disallow-all.conf | 1 +
snippets/security-txt.conf | 1 +
snippets/ssl-common.conf | 1 +
snippets/ssl-legacy.conf | 1 +
snippets/ssl-modern.conf | 1 +
snippets/upgrade-secure.conf | 1 +
snippets/vouch.conf | 1 +
snippets/websockets.conf | 1 +
snippets/www-acme-challenge.conf | 1 +
25 files changed, 25 insertions(+)
diff --git a/conf.d/default.conf b/conf.d/default.conf
index 8d37f41..3fed2c0 100644
--- a/conf.d/default.conf
+++ b/conf.d/default.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
server {
listen 80 default_server;
listen [::]:80 default_server;
diff --git a/conf.d/global.conf b/conf.d/global.conf
index 608fe8d..b3623a9 100644
--- a/conf.d/global.conf
+++ b/conf.d/global.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
# The resolver for the Docker network.
resolver 127.0.0.11 valid=30s;
gzip on;
diff --git a/conf.d/status.conf b/conf.d/status.conf
index 6ecb7d8..22dab12 100644
--- a/conf.d/status.conf
+++ b/conf.d/status.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
server {
listen 80;
listen [::]:80;
diff --git a/snippets/ads-txt.conf b/snippets/ads-txt.conf
index b074c08..acd9b93 100644
--- a/snippets/ads-txt.conf
+++ b/snippets/ads-txt.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
location = /ads.txt {
if ($scheme = http) {
return 301 https://$host$request_uri;
diff --git a/snippets/allow-ns1.conf b/snippets/allow-ns1.conf
index bdadb24..6cdf88b 100644
--- a/snippets/allow-ns1.conf
+++ b/snippets/allow-ns1.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
allow 62.219.131.121; # ns1.shore.co.il
diff --git a/snippets/allow-ns4.conf b/snippets/allow-ns4.conf
index 5e39f40..395de01 100644
--- a/snippets/allow-ns4.conf
+++ b/snippets/allow-ns4.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
allow 163.172.74.36; # ns4.shore.co.il
diff --git a/snippets/allow-private-ips.conf b/snippets/allow-private-ips.conf
index 154262a..5e798a0 100644
--- a/snippets/allow-private-ips.conf
+++ b/snippets/allow-private-ips.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
allow 127.0.0.0/8;
allow 10.0.0.0/8;
allow 192.168.0.0/16;
diff --git a/snippets/allow-shore-ips.conf b/snippets/allow-shore-ips.conf
index 709b549..8fed410 100644
--- a/snippets/allow-shore-ips.conf
+++ b/snippets/allow-shore-ips.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
include snippets/allow-ns1.conf;
include snippets/allow-ns4.conf;
include snippets/allow-private-ips.conf;
diff --git a/snippets/common-headers.conf b/snippets/common-headers.conf
index e97cb68..22a7e89 100644
--- a/snippets/common-headers.conf
+++ b/snippets/common-headers.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
# add_headers are inherited from previous level if and only if there are no
# add_header directives defined on the current level. So any time there's an
# add_header directive there should be an `include snippets/common-headers.conf`
diff --git a/snippets/ldap-auth.conf b/snippets/ldap-auth.conf
index cba7d38..e5c51c8 100644
--- a/snippets/ldap-auth.conf
+++ b/snippets/ldap-auth.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
auth_request /validate;
location = /validate {
diff --git a/snippets/matrix-well-known.conf b/snippets/matrix-well-known.conf
index 1962eec..e499bb8 100644
--- a/snippets/matrix-well-known.conf
+++ b/snippets/matrix-well-known.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
location = /.well-known/matrix/server {
return 200 "{\"m.server\": \"matrix.shore.co.il:443\"}";
}
diff --git a/snippets/proxy-headers.conf b/snippets/proxy-headers.conf
index e142036..19fe814 100644
--- a/snippets/proxy-headers.conf
+++ b/snippets/proxy-headers.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/snippets/proxy-ssl.conf b/snippets/proxy-ssl.conf
index 547d081..4c17a50 100644
--- a/snippets/proxy-ssl.conf
+++ b/snippets/proxy-ssl.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
proxy_ssl_verify on;
proxy_ssl_verify_depth 3;
proxy_ssl_server_name on;
diff --git a/snippets/redirect-https.conf b/snippets/redirect-https.conf
index 991d593..28f510e 100644
--- a/snippets/redirect-https.conf
+++ b/snippets/redirect-https.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
location / { return 301 https://$host$request_uri; }
diff --git a/snippets/redirect-www.conf b/snippets/redirect-www.conf
index 2d89d75..5394062 100644
--- a/snippets/redirect-www.conf
+++ b/snippets/redirect-www.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
location / { return 301 https://www.$host$request_uri; }
diff --git a/snippets/robots-allow-all.conf b/snippets/robots-allow-all.conf
index 627aee5..81fdd7c 100644
--- a/snippets/robots-allow-all.conf
+++ b/snippets/robots-allow-all.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
location = /robots.txt {
add_header Content-Type "text/plain; charset=utf-8";
return 200 "User-agent: *\nDisallow:\n";
diff --git a/snippets/robots-disallow-all.conf b/snippets/robots-disallow-all.conf
index 03d5031..c5001aa 100644
--- a/snippets/robots-disallow-all.conf
+++ b/snippets/robots-disallow-all.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
location = /robots.txt {
add_header Content-Type "text/plain; charset=utf-8";
return 200 "User-agent: *\nDisallow: *\n";
diff --git a/snippets/security-txt.conf b/snippets/security-txt.conf
index c1f0d21..5ce6a55 100644
--- a/snippets/security-txt.conf
+++ b/snippets/security-txt.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
location = /.well-known/security.txt {
if ($scheme = http) {
return 301 https://$host$request_uri;
diff --git a/snippets/ssl-common.conf b/snippets/ssl-common.conf
index b8ed307..3f0c270 100644
--- a/snippets/ssl-common.conf
+++ b/snippets/ssl-common.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
add_header Expect-CT "max-age=86400, enforce, report-uri=\"https://www.shore.co.il/about\"";
include snippets/common-headers.conf;
diff --git a/snippets/ssl-legacy.conf b/snippets/ssl-legacy.conf
index 4e569dd..f03f493 100644
--- a/snippets/ssl-legacy.conf
+++ b/snippets/ssl-legacy.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
include snippets/ssl-common.conf;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers !AESCCM:!kRSA:!3DES:!RC4:!DES:!MD5:!aNULL:!NULL:AESGCM+ECDH:ECDH+CHACHA20:AES256+ECDH:AES128:CHACHA20:+SHA1;
diff --git a/snippets/ssl-modern.conf b/snippets/ssl-modern.conf
index f555122..ea0b317 100644
--- a/snippets/ssl-modern.conf
+++ b/snippets/ssl-modern.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
include snippets/ssl-common.conf;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!NULL:!AES128:!ARIA128:!CAMELLIA128:!SHA1;
diff --git a/snippets/upgrade-secure.conf b/snippets/upgrade-secure.conf
index 2abc805..3d1b4e6 100644
--- a/snippets/upgrade-secure.conf
+++ b/snippets/upgrade-secure.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
if ($http_Upgrade-Insecure-Requests = 1) { return 301 https://$host$request_uri; }
diff --git a/snippets/vouch.conf b/snippets/vouch.conf
index 9571b80..c731657 100644
--- a/snippets/vouch.conf
+++ b/snippets/vouch.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
# send all requests to the `/validate` endpoint for authorization
auth_request /validate;
diff --git a/snippets/websockets.conf b/snippets/websockets.conf
index 64b7e37..0f494e9 100644
--- a/snippets/websockets.conf
+++ b/snippets/websockets.conf
@@ -1,3 +1,4 @@
+# vim: ft=nginx
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_read_timeout 36000s;
diff --git a/snippets/www-acme-challenge.conf b/snippets/www-acme-challenge.conf
index ba3c0b7..db17b30 100644
--- a/snippets/www-acme-challenge.conf
+++ b/snippets/www-acme-challenge.conf
@@ -1 +1,2 @@
+# vim: ft=nginx
location /.well-known/acme-challenge/ { root /var/www/www.shore.co.il; }
--
GitLab