diff options
| author | tv <tv@krebsco.de> | 2016-03-16 00:13:58 +0100 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2016-03-16 00:13:58 +0100 |
| commit | 2452d211737e0544e9cc92ae44da69940632a750 (patch) | |
| tree | ecb0e2d9932805a6b40be7e09ab5206201e7aba7 /krebs/3modules/nginx.nix | |
| parent | 13df24f8f09469c32077ded463d99033042e25ee (diff) | |
| parent | 03a72ef958055c958992c4fbde618c1e68bfff6e (diff) | |
Merge remote-tracking branch 'gum/master'
Diffstat (limited to 'krebs/3modules/nginx.nix')
| -rw-r--r-- | krebs/3modules/nginx.nix | 29 |
1 files changed, 23 insertions, 6 deletions
diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 2aa023443..8d0704e8c 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -12,6 +12,20 @@ let api = { enable = mkEnableOption "krebs.nginx"; + default404 = mkOption { + type = types.bool; + default = true; + description = '' + By default all requests not directed to an explicit hostname are + replied with a 404 error to avoid accidental exposition of nginx + services. + + Set this value to `false` to disable this behavior - you will then be + able to configure a new `default_server` in the listen address entries + again. + ''; + }; + servers = mkOption { type = types.attrsOf (types.submodule { options = { @@ -20,6 +34,7 @@ let # TODO use identity default = [ "${config.networking.hostName}" + "${config.networking.hostName}.r" "${config.networking.hostName}.retiolum" ]; }; @@ -53,17 +68,19 @@ let sendfile on; keepalive_timeout 65; gzip on; - server { - listen 80 default_server; - server_name _; - return 404; - } + + ${optionalString cfg.default404 '' + server { + listen 80 default_server; + server_name _; + return 404; + }''} + ${concatStrings (mapAttrsToList (_: to-server) cfg.servers)} ''; }; }; - indent = replaceChars ["\n"] ["\n "]; to-location = { name, value }: '' |