From b091a51ec0d82dd92164a614b60a278b2f936892 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Samuel=20=C5=A0tancl?= <samuel@archte.ch>
Date: Thu, 28 Aug 2025 17:59:49 +0200
Subject: [PATCH] Add catchall.nix

---
 README.md    | 7 +++++++
 catchall.nix | 7 +++++++
 2 files changed, 14 insertions(+)
 create mode 100644 catchall.nix

diff --git a/README.md b/README.md
index 2275f4e..8084cfb 100644
--- a/README.md
+++ b/README.md
@@ -190,6 +190,13 @@ matching the site's `ssl` config.
 Out of the box, if nginx cannot match an incoming request's host to a specific virtual host it will
 just use _some_ vhost. You can prevent behavior that by adding a module like this:
 
+> [!NOTE]
+> You can also use the `catchall.nix` module here (which includes the code below):
+>
+> `scp catchall.nix root@<server ip>:/etc/nixos/`
+>
+> Then just add `./catchall.nix` to your modules array.
+
 ```nix
 {
   services.nginx.virtualHosts."catchall" = {
diff --git a/catchall.nix b/catchall.nix
new file mode 100644
index 0000000..fec1160
--- /dev/null
+++ b/catchall.nix
@@ -0,0 +1,7 @@
+{
+  services.nginx.virtualHosts."catchall" = {
+    default = true;
+    locations."/".return = "444";
+    rejectSSL = true;
+  };
+}