base/nginx: 444 requests to nonexistent virtualhosts

2024-03-30 00:02:22 +01:00
parent 9495682f57
commit c612975b60
2 changed files with 100 additions and 0 deletions
--- a/base.nix
+++ b/base.nix
@@ -3,6 +3,7 @@
 {
  imports = [
    ./users
+    ./modules/snakeoil-certs.nix
  ];

  networking.domain = "pvv.ntnu.no";
@@ -82,5 +83,21 @@
    settings.PermitRootLogin = "yes";
  };

+  # nginx return 444 for all nonexistent virtualhosts

+  systemd.services.nginx.after = [ "generate-snakeoil-certs.service" ];
+
+  environment.snakeoil-certs = lib.mkIf (config.services.nginx.enable) {
+    "/etc/certs/nginx" = {
+      owner = "nginx";
+      group = "nginx";
+    };
+  };
+
+  services.nginx.virtualHosts."_" = lib.mkIf (config.services.nginx.enable) {
+    sslCertificate = "/etc/certs/nginx.crt";
+    sslCertificateKey = "/etc/certs/nginx.key";
+    addSSL = true;
+    extraConfig = "return 444;";
+  };
 }