From c1fed32b662c4697fa1e1e9ce85a42d88d4e3db5 Mon Sep 17 00:00:00 2001
From: Alejandro Soto <alejandro@34project.org>
Date: Sat, 3 Aug 2024 12:05:48 -0600
Subject: sys/web: add default virtual host

---
 sys/web/nginx.nix | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'sys/web/nginx.nix')

diff --git a/sys/web/nginx.nix b/sys/web/nginx.nix
index ba1f430..ab5ccde 100644
--- a/sys/web/nginx.nix
+++ b/sys/web/nginx.nix
@@ -7,6 +7,10 @@ in
   options.local.web = {
     enable = mkEnableOption "web server";
 
+    defaultACMEHost = mkOption {
+      type = types.str;
+    };
+
     ownedCerts = mkOption {
       type = with lib.types; listOf str;
       default = [ ];
@@ -46,7 +50,16 @@ in
         sslDhparam = config.security.dhparams.params.nginx.path;
         clientMaxBodySize = "42M";
 
-        virtualHosts = { };
+        virtualHosts.default = {
+          default = true;
+
+          addSSL = true;
+          useACMEHost = cfg.defaultACMEHost;
+
+          extraConfig = ''
+            return 403;
+          '';
+        };
       };
     };
 
-- 
cgit v1.2.3