sys/web: add default virtual host

author: Alejandro Soto <alejandro@34project.org> 2024-08-03 12:05:48 -0600
committer: Alejandro Soto <alejandro@34project.org> 2024-08-03 12:13:27 -0600
commit: c1fed32b662c4697fa1e1e9ce85a42d88d4e3db5 (patch)
tree: 983650065887762629f3b8cf2ea21f6229ee7a42
parent: bd29827fba8aefa978798ad105d8793976f082b4 (diff)
2 files changed, 15 insertions, 1 deletions
diff --git a/sys/web/nginx.nix b/sys/web/nginx.nix
index ba1f430..ab5ccde 100644
--- a/sys/web/nginx.nix
+++ b/sys/web/nginx.nix
@@ -7,6 +7,10 @@ in
   options.local.web = {
     enable = mkEnableOption "web server";
 
+    defaultACMEHost = mkOption {
+      type = types.str;
+    };
+
     ownedCerts = mkOption {
       type = with lib.types; listOf str;
       default = [ ];
@@ -46,7 +50,16 @@ in
         sslDhparam = config.security.dhparams.params.nginx.path;
         clientMaxBodySize = "42M";
 
-        virtualHosts = { };
+        virtualHosts.default = {
+          default = true;
+
+          addSSL = true;
+          useACMEHost = cfg.defaultACMEHost;
+
+          extraConfig = ''
+            return 403;
+          '';
+        };
       };
     };
 
diff --git a/sys/web/sites/portal.nix b/sys/web/sites/portal.nix
index e46a9b1..c95e2ea 100644
--- a/sys/web/sites/portal.nix
+++ b/sys/web/sites/portal.nix
@@ -12,6 +12,7 @@ in
     local.web = {
       enable = mkDefault true;
       ownedCerts = [ "host" ];
+      defaultACMEHost = domains.host.main;
     };
 
     services.nginx.virtualHosts.${domains.host.www} = {
author	Alejandro Soto <alejandro@34project.org>	2024-08-03 12:05:48 -0600
committer	Alejandro Soto <alejandro@34project.org>	2024-08-03 12:13:27 -0600
commit	c1fed32b662c4697fa1e1e9ce85a42d88d4e3db5 (patch)
tree	983650065887762629f3b8cf2ea21f6229ee7a42
parent	bd29827fba8aefa978798ad105d8793976f082b4 (diff)