base/nginx: return 444 on fqdn virtualHost by default

2026-02-04 09:10:01 +01:00 · 2026-01-21 23:17:47 +09:00
parent 2ace7b649f
commit 09d72305e2
1 changed files with 33 additions and 24 deletions
--- a/base/services/nginx.nix
+++ b/base/services/nginx.nix
@@ -39,7 +39,8 @@
    SystemCallFilter = lib.mkForce null;
  };

-  services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable {
+  services.nginx.virtualHosts = lib.mkIf config.services.nginx.enable {
+    "_" = {
      listen = [
        {
          addr = "0.0.0.0";
@@ -64,4 +65,12 @@
      addSSL = true;
      extraConfig = "return 444;";
    };
+
+    ${config.networking.fqdn} = {
+      sslCertificate = "/etc/certs/nginx.crt";
+      sslCertificateKey = "/etc/certs/nginx.key";
+      addSSL = true;
+      extraConfig = "return 444;";
+    };
+  };
 }