Update element-web and clean up configuration

config/hosts/web-public-2/virtualHosts/element.nekover.se.nix

@@ -1,9 +1,20 @@
 { pkgs, ... }:
 let
+  elementWebVersion = "1.11.46";
   element-web = pkgs.fetchzip {
-    url = "https://github.com/vector-im/element-web/releases/download/v1.11.43/element-v1.11.43.tar.gz";
+    url = "https://github.com/vector-im/element-web/releases/download/v${elementWebVersion}/element-v${elementWebVersion}.tar.gz";
-    sha256 = "sha256-MxUu5dFf4RL0crQol4hG6gNE+9Qu5/vBWdpf0ENaFV0=";
+    sha256 = "sha256-EQ6a8WK8ILYidbS+0FGzI4XQbZFh+M6Y7eZ28YcsIrg=";
   };
+  elementWebSecurityHeaders = ''
+  	# Configuration best practices
+		# See: https://github.com/vector-im/element-web/tree/develop#configuration-best-practices
+    add_header X-Frame-Options SAMEORIGIN;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-XSS-Protection "1; mode=block";
+    add_header Content-Security-Policy "frame-ancestors 'self'";
+
+    add_header Strict-Transport-Security "max-age=63072000" always;
+  '';
 in
 {
   services.nginx.virtualHosts."element.nekover.se" = {
@@ -16,66 +27,36 @@ in
         ./element-web-config
       ];
     };
-    listen = [
+    listen = [{
-      { 
+      addr = "localhost";
-        addr = "localhost";
+      port = 8443;
-        port = 1234;
+      ssl = true;
-      } # workaround for enableACME check
+      extraParameters = ["proxy_protocol"];
-      {
+    }];
-        addr = "localhost";
-        port = 8443;
-        ssl = true;
-        proxyProtocol = true;
-      }
-    ];
 
     # Set no-cache for the version, config and index.html
     # so that browsers always check for a new copy of Element Web.
     # NB http://your-domain/ and http://your-domain/? are also covered by this
 
     locations."= /index.html" = {
-      extraConfig = ''
+      extraConfig = elementWebSecurityHeaders + ''
         add_header Cache-Control "no-cache";
-        add_header X-Frame-Options SAMEORIGIN;
-        add_header X-Content-Type-Options nosniff;
-        add_header X-XSS-Protection "1; mode=block";
-        add_header Content-Security-Policy "frame-ancestors 'none'";
-        add_header Strict-Transport-Security "max-age=63072000" always;
       '';
     };
     locations."= /version" = {
-      extraConfig = ''
+      extraConfig = elementWebSecurityHeaders + ''
         add_header Cache-Control "no-cache";
-        add_header X-Frame-Options SAMEORIGIN;
-        add_header X-Content-Type-Options nosniff;
-        add_header X-XSS-Protection "1; mode=block";
-        add_header Content-Security-Policy "frame-ancestors 'none'";
-        add_header Strict-Transport-Security "max-age=63072000" always;
       '';
     };
     # covers config.json and config.hostname.json requests as it is prefix.
     locations."/config" = {
-      extraConfig = ''
+      extraConfig = elementWebSecurityHeaders + ''
         add_header Cache-Control "no-cache";
-        add_header X-Frame-Options SAMEORIGIN;
-        add_header X-Content-Type-Options nosniff;
-        add_header X-XSS-Protection "1; mode=block";
-        add_header Content-Security-Policy "frame-ancestors 'none'";
-        add_header Strict-Transport-Security "max-age=63072000" always;
       '';
     };
-    extraConfig = ''
+    extraConfig = elementWebSecurityHeaders + ''
       index  index.html;
 
-		  # Configuration best practices
-		  # See: https://github.com/vector-im/element-web/tree/develop#configuration-best-practices
-      add_header X-Frame-Options SAMEORIGIN;
-      add_header X-Content-Type-Options nosniff;
-      add_header X-XSS-Protection "1; mode=block";
-      add_header Content-Security-Policy "frame-ancestors 'self'";
-
-      add_header Strict-Transport-Security "max-age=63072000" always;
-
       # redirect server error pages to the static page /50x.html
       error_page   500 502 503 504  /50x.html;