diff options
| author | lassulus <lass@aidsballs.de> | 2016-03-16 09:16:41 +0100 |
|---|---|---|
| committer | lassulus <lass@aidsballs.de> | 2016-03-16 09:16:41 +0100 |
| commit | 9e9bc01fc974781091dcb06085952acd0b9a191c (patch) | |
| tree | 3b16aa7fe69bf79d967ca11a4fc3efa336000cf7 /krebs/3modules/nginx.nix | |
| parent | 6eedc423e3df2c1357fa23cb3fb5e67dc895a4fa (diff) | |
| parent | 04ba4784ae0918fe9e79af5c95bace3cf8605792 (diff) | |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'krebs/3modules/nginx.nix')
| -rw-r--r-- | krebs/3modules/nginx.nix | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 196a6eae7..816c2ff69 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -12,6 +12,20 @@ let api = { enable = mkEnableOption "krebs.nginx"; + default404 = mkOption { + type = types.bool; + default = true; + description = '' + By default all requests not directed to an explicit hostname are + replied with a 404 error to avoid accidental exposition of nginx + services. + + Set this value to `false` to disable this behavior - you will then be + able to configure a new `default_server` in the listen address entries + again. + ''; + }; + servers = mkOption { type = types.attrsOf (types.submodule { options = { @@ -20,6 +34,7 @@ let # TODO use identity default = [ "${config.networking.hostName}" + "${config.networking.hostName}.r" "${config.networking.hostName}.retiolum" ]; }; @@ -81,17 +96,19 @@ let sendfile on; keepalive_timeout 65; gzip on; - server { - listen 80 default_server; - server_name _; - return 404; - } + + ${optionalString cfg.default404 '' + server { + listen 80 default_server; + server_name _; + return 404; + }''} + ${concatStrings (mapAttrsToList (_: to-server) cfg.servers)} ''; }; }; - indent = replaceChars ["\n"] ["\n "]; to-location = { name, value }: '' |