From 94b97386380d67073e9b223d6c4f2937ca9b1c37 Mon Sep 17 00:00:00 2001
From: Hadi <112569860+anotherhadi@users.noreply.github.com>
Date: Tue, 22 Apr 2025 13:48:02 +0200
Subject: [PATCH] hardening nginx conf

---
 server-modules/nginx.nix | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/server-modules/nginx.nix b/server-modules/nginx.nix
index 679ca4a..ed740f6 100644
--- a/server-modules/nginx.nix
+++ b/server-modules/nginx.nix
@@ -16,12 +16,21 @@
     credentialsFile = config.sops.secrets.cloudflare-dns-token.path;
   };
 
-  services.nginx.virtualHosts."default" = {
-    default = true;
-    locations."/" = { return = 444; };
-    extraConfig = ''
-      server_name _;  
-    '';
+  services.nginx.virtualHosts = {
+    "default" = {
+      default = true;
+      locations."/" = { return = 444; };
+    };
+    "*.hadi.diy" = {
+      useACMEHost = "hadi.diy";
+      forceSSL = true;
+      locations."/" = { return = 444; };
+    };
+    "aaaaaa.hadi.diy" = {
+      useACMEHost = "hadi.diy";
+      forceSSL = true;
+      locations."/" = { return = 444; };
+    };
   };
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];