From fa67e6ff08237a067975275046aa6dae808859f6 Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Mar 2016 23:54:53 +0100 Subject: [PATCH 1/2] k 3 nginx: add default404 option the default behavior is not changed but if the default does not apply to your use-case you now can change it --- krebs/3modules/nginx.nix | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 2aa023443..57774cfc0 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -12,6 +12,20 @@ let api = { enable = mkEnableOption "krebs.nginx"; + default404 = mkOption { + type = types.bool; + default = true; + description = '' + By default all requests not directed to an explicit hostname are + replied with a 404 error to avoid accidental exposition of nginx + services. + + Set this value to `false` to disable this behavior - you will then be + able to configure a new `default_server` in the listen address entries + again. + ''; + }; + servers = mkOption { type = types.attrsOf (types.submodule { options = { @@ -53,17 +67,19 @@ let sendfile on; keepalive_timeout 65; gzip on; - server { - listen 80 default_server; - server_name _; - return 404; - } + + ${optionalString cfg.default404 '' + server { + listen 80 default_server; + server_name _; + return 404; + }''} + ${concatStrings (mapAttrsToList (_: to-server) cfg.servers)} ''; }; }; - indent = replaceChars ["\n"] ["\n "]; to-location = { name, value }: '' From 03a72ef958055c958992c4fbde618c1e68bfff6e Mon Sep 17 00:00:00 2001 From: makefu Date: Tue, 15 Mar 2016 23:56:05 +0100 Subject: [PATCH 2/2] add new retiolum short form to default hostnames --- krebs/3modules/nginx.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index 57774cfc0..8d0704e8c 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -34,6 +34,7 @@ let # TODO use identity default = [ "${config.networking.hostName}" + "${config.networking.hostName}.r" "${config.networking.hostName}.retiolum" ]; };