From fa67e6ff08237a067975275046aa6dae808859f6 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Tue, 15 Mar 2016 23:54:53 +0100
Subject: [PATCH] k 3 nginx: add default404 option

the default behavior is not changed but if the default does not apply
to your use-case you now can change it
---
 krebs/3modules/nginx.nix | 28 ++++++++++++++++++++++------
 1 file changed, 22 insertions(+), 6 deletions(-)

diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix
index 2aa023443..57774cfc0 100644
--- a/krebs/3modules/nginx.nix
+++ b/krebs/3modules/nginx.nix
@@ -12,6 +12,20 @@ let
   api = {
     enable = mkEnableOption "krebs.nginx";
 
+    default404 = mkOption {
+      type = types.bool;
+      default = true;
+      description = ''
+        By default all requests not directed to an explicit hostname are
+        replied with a 404 error to avoid accidental exposition of nginx
+        services.
+
+        Set this value to `false` to disable this behavior - you will then be
+        able to configure a new `default_server` in the listen address entries
+        again.
+      '';
+    };
+
     servers = mkOption {
       type = types.attrsOf (types.submodule {
         options = {
@@ -53,17 +67,19 @@ let
         sendfile          on;
         keepalive_timeout 65;
         gzip              on;
-        server {
-          listen 80 default_server;
-          server_name _;
-          return 404;
-        }
+
+        ${optionalString cfg.default404 ''
+          server {
+            listen 80 default_server;
+            server_name _;
+            return 404;
+          }''}
+
         ${concatStrings (mapAttrsToList (_: to-server) cfg.servers)}
       '';
     };
   };
 
-  
   indent = replaceChars ["\n"] ["\n  "];
 
   to-location = { name, value }: ''