keep weekly and monthly backups (and rotate old ones)

etc/nginx/sites-available/mastodon.conf

@@ -36,6 +36,14 @@ server {
 	sendfile on;
 	client_max_body_size 100m;
 
+	# reused values
+	set $hsts      "max-age=63072000";
+	set $compress_mimes "application/atom+xml application/javascript application/json application/rss+xml
+			application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
+			application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
+			font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
+			image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml";
+
 	gzip on;
 	gzip_disable "msie6";
 	gzip_vary on;
@@ -44,11 +52,7 @@ server {
 	gzip_buffers 16 8k;
 	gzip_http_version 1.1;
 	gzip_min_length 256;
-	gzip_types	application/atom+xml application/javascript application/json application/rss+xml
-			application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
-			application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
-			font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
-			image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
+	gzip_types $compress_mimes;
 
 	# https://github.com/google/ngx_brotli#sample-configuration
 	# https://github.com/jakejarvis/mastodon-utils/wiki/nginx#brotli-compression
@@ -56,37 +60,33 @@ server {
 	# brotli_comp_level 4;
 	# brotli_static on;
 	# brotli_min_length 256;
-	# brotli_types	application/atom+xml application/javascript application/json application/rss+xml
-	# 		application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
-	# 		application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
-	# 		font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
-	# 		image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
+	# brotli_types $compress_mimes;
 
 	# sends most paths to the backend proxy and ignores the location blocks below, except if
 	# the file exists in /home/mastodon/live
 	location / {
-		add_header Strict-Transport-Security "max-age=63072000" always;
+		add_header Strict-Transport-Security $hsts always;
 		try_files $uri @proxy;
 	}
 
 	# condensed version of original Mastodon nginx.conf
 	location ~ ^/(?:assets|avatars|emoji|headers|packs|shortcuts|sounds)/ {
 		add_header Cache-Control "public, max-age=2419200, must-revalidate"; # 28 days
-		add_header Strict-Transport-Security "max-age=63072000" always;
+		add_header Strict-Transport-Security $hsts always;
 		try_files $uri =404;
 	}
 
 	# media uploads & cache (irrelevant if offloading to S3)
 	location ~ ^/system/ {
 		add_header Cache-Control "public, max-age=2419200, immutable"; # 28 days
-		add_header Strict-Transport-Security "max-age=63072000" always;
+		add_header Strict-Transport-Security $hsts always;
 		try_files $uri =404;
 	}
 
 	# static files *only in the root* of /public (/favicon.ico, /sw.js, /robots.txt, etc.)
 	location ~ ^/[^/]+\.(?:js|css|png|gif|jpg|txt|ico)$ {
 		add_header Cache-Control "public, max-age=604800, must-revalidate"; # 7 days
-		add_header Strict-Transport-Security "max-age=63072000" always;
+		add_header Strict-Transport-Security $hsts always;
 		try_files $uri =404;
 	}
 
@@ -107,7 +107,7 @@ server {
 		# security headers
 		proxy_hide_header Strict-Transport-Security;
 		proxy_hide_header X-Powered-By;
-		add_header Strict-Transport-Security "max-age=63072000" always;
+		add_header Strict-Transport-Security $hsts always;
 
 		# debugging headers
 		add_header Via "1.1 $proxy_host" always;
@@ -143,7 +143,7 @@ server {
 		proxy_hide_header X-Clacks-Overhead;
 		proxy_hide_header X-XSS-Protection;
 		add_header Referrer-Policy "strict-origin" always;
-		add_header Strict-Transport-Security "max-age=63072000" always;
+		add_header Strict-Transport-Security $hsts always;
 
 		# debugging headers
 		add_header Via "1.1 $proxy_host" always;