HSTS Preload on tatooine.club

mastodon/main.tf

@@ -6,6 +6,12 @@ module "mastodon-web" {
 
   networks = ["mastodon", "traefik", "external", "postgres"]
 
+  labels = {
+    "traefik.frontend.headers.STSPreload"           = "true"
+    "traefik.frontend.headers.STSIncludeSubdomains" = "true"
+    "traefik.frontend.headers.STSSeconds"           = "31536000"
+  }
+
   env = concat(local.env,[
     "MAX_THREADS=4",
     "WEB_CONCURRENCY=5"

modules/container/locals.tf

@@ -41,6 +41,8 @@ locals {
     var.web.expose ? local.web : null,
     # And finally a label for Basic Authentication if the service wants it
     var.web.auth != null ? (var.web.auth ? local.traefik_auth_labels : null) : null,
+
+    var.labels,
   )
 
   networks = concat(var.networks, var.web.expose ? ["traefik"] : [])

modules/container/vars.tf

@@ -55,9 +55,10 @@ variable "env" {
   default     = []
 }
 
-# variable "labels" {
-#   description = "labels"
-# }
+variable "labels" {
+  description = "labels"
+  default = {}
+}
 
 variable "xpoweredby" {
   default = "X-Powered-By:Allomancy||X-Server:Blackbox"