From 515d93380866c83af474918a3243fdc716d4f15d Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Sat, 24 Feb 2024 01:41:31 +0700
Subject: feat(ops/modules/www): drop hsts for .dev

The .dev TLS is on the HSTS preload list, so there's no need to set this
header here at all.

Change-Id: I253fa2427e75bd0808945cd5d53159cac74e7f8b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/11018
Autosubmit: flokli <flokli@flokli.de>
Reviewed-by: tazjin <tazjin@tvl.su>
Tested-by: BuildkiteCI
---
 ops/modules/www/tvix.dev.nix | 10 ----------
 1 file changed, 10 deletions(-)

(limited to 'ops')

diff --git a/ops/modules/www/tvix.dev.nix b/ops/modules/www/tvix.dev.nix
index 33c0bb002c..f884bc30ed 100644
--- a/ops/modules/www/tvix.dev.nix
+++ b/ops/modules/www/tvix.dev.nix
@@ -11,20 +11,12 @@
       enableACME = true;
       forceSSL = true;
       root = depot.tvix.website;
-
-      extraConfig = ''
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-      '';
     };
 
     services.nginx.virtualHosts."bolt.tvix.dev" = {
       root = depot.web.tvixbolt;
       enableACME = true;
       forceSSL = true;
-
-      extraConfig = ''
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-      '';
     };
 
     # old domain, serve redirect
@@ -40,8 +32,6 @@
       forceSSL = true;
 
       extraConfig = ''
-        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-
         location = / {
           # until we have a better default page here
           return 301 https://docs.tvix.dev/rust/tvix_eval/index.html;
-- 
cgit 1.4.1