nginx: don't configure ssl in tcpFastOpen when default404Server is di…

…sabled
NuschtOS · Dec 16, 2024 · 8b243b0 · 8b243b0
1 parent c95f124
commit 8b243b0
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/modules/nginx.nix b/modules/nginx.nix
@@ -28,7 +28,8 @@ in
       };
 
       acmeHost = lib.mkOption {
-        type = lib.types.str;
+        type = lib.types.nullOr lib.types.str;
+        default = null;
         description = "The acme host to use for the default 404 server.";
       };
     };
@@ -188,14 +189,14 @@ in
 
               default = lib.mkIf cfg.default404Server.enable true;
               addSSL = lib.mkIf cfg.default404Server.enable true;
-              useACMEHost = lib.mkIf cfg.default404Server.enable cfg.default404Server.acmeHost;
+              useACMEHost = lib.mkIf (cfg.default404Server.enable && cfg.default404Server.acmeHost != null) cfg.default404Server.acmeHost;
               locations = lib.mkIf cfg.default404Server.enable {
                 "/".return = 404;
               };
 
               listen = lib.mkIf cfg.tcpFastOpen (lib.mkDefault (lib.flatten (map (addr: [
                 { inherit addr; port = 80; inherit extraParameters; }
-                { inherit addr; port = 443; ssl = true; inherit extraParameters; }
+                ({ inherit addr; port = 443; inherit extraParameters; } // lib.optionalAttrs (cfg.default404Server.acmeHost != null) { ssl = true; })
               ]) config.services.nginx.defaultListenAddresses)));
 
               quic = lib.mkIf cfg.configureQuic true;