From d59512c6257c874f9a64d0cabf03b273e6f62d1f Mon Sep 17 00:00:00 2001
From: Nemo <commits@captnemo.in>
Date: Thu, 22 Jun 2023 14:24:26 +0530
Subject: [PATCH] HSTS Preload on tatooine.club

---
 mastodon/main.tf            | 6 ++++++
 modules/container/locals.tf | 2 ++
 modules/container/vars.tf   | 7 +++++--
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/mastodon/main.tf b/mastodon/main.tf
index b1a811e..cf9af0a 100644
--- a/mastodon/main.tf
+++ a/mastodon/main.tf
@@ -6,6 +6,12 @@
 
   networks = ["mastodon", "traefik", "external", "postgres"]
 
+  labels = {
+    "traefik.frontend.headers.STSPreload"           = "true"
+    "traefik.frontend.headers.STSIncludeSubdomains" = "true"
+    "traefik.frontend.headers.STSSeconds"           = "31536000"
+  }
+
   env = concat(local.env,[
     "MAX_THREADS=4",
     "WEB_CONCURRENCY=5"
diff --git a/modules/container/locals.tf b/modules/container/locals.tf
index 4a107b4..b6387cf 100644
--- a/modules/container/locals.tf
+++ a/modules/container/locals.tf
@@ -41,6 +41,8 @@
     var.web.expose ? local.web : null,
     # And finally a label for Basic Authentication if the service wants it
     var.web.auth != null ? (var.web.auth ? local.traefik_auth_labels : null) : null,
+
+    var.labels,
   )
 
   networks = concat(var.networks, var.web.expose ? ["traefik"] : [])
diff --git a/modules/container/vars.tf b/modules/container/vars.tf
index 978ad29..86acd87 100644
--- a/modules/container/vars.tf
+++ a/modules/container/vars.tf
@@ -55,9 +55,10 @@
   default     = []
 }
 
-# variable "labels" {
-#   description = "labels"
-# }
+variable "labels" {
+  description = "labels"
+  default = {}
+}
 
 variable "xpoweredby" {
   default = "X-Powered-By:Allomancy||X-Server:Blackbox"
--
rgit 0.1.5