From 002b65250c7dce0663a73ed1254d3f1aec5ee14e Mon Sep 17 00:00:00 2001
From: Gabriel Arazas <foodogsquared@foodogsquared.one>
Date: Tue, 17 Jan 2023 12:48:57 +0800
Subject: [PATCH] hosts/plover: add default server to reverse proxy

---
 hosts/plover/modules/services/nginx.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/hosts/plover/modules/services/nginx.nix b/hosts/plover/modules/services/nginx.nix
index 223fb18f..7f14aa5f 100644
--- a/hosts/plover/modules/services/nginx.nix
+++ b/hosts/plover/modules/services/nginx.nix
@@ -15,6 +15,18 @@
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
+
+    # We're avoiding any service to be the default server especially that it
+    # could be used for enter a service with unencrypted HTTP. So we're setting
+    # up one with an unresponsive server response.
+    appendHttpConfig = ''
+      server {
+        listen 0.0.0.0:80 default_server;
+        listen [::]:80 default_server;
+        server_name "";
+        return 418;
+      }
+    '';
   };
 
   # Some fail2ban policies to apply for nginx.