From e4f8faf9d0460a9d2d955a1a4d9a692762ef3aec Mon Sep 17 00:00:00 2001
From: buffet <dev@buffet.sh>
Date: Fri, 19 Apr 2024 22:44:42 +0200
Subject: [PATCH] feat: get proper 404

This is admittedly super hacky, because it uses an unused subdomain, invalid
certs, and actually just directs somewhere that doesn't exist, but it kinda
works, and going on a weird subdomain at least doesn't redirect to bitwarden.
---
 hosts/ami/404.nix     | 17 +++++++++++++++++
 hosts/ami/acme.nix    |  3 ---
 hosts/ami/default.nix |  3 ++-
 hosts/ami/forgejo.nix |  2 +-
 hosts/ami/system.nix  |  8 ++++----
 hosts/ami/website.nix |  6 ------
 6 files changed, 24 insertions(+), 15 deletions(-)
 create mode 100644 hosts/ami/404.nix

diff --git a/hosts/ami/404.nix b/hosts/ami/404.nix
new file mode 100644
index 0000000..5a3ca3f
--- /dev/null
+++ b/hosts/ami/404.nix
@@ -0,0 +1,17 @@
+{website, ...}: {
+  services.nginx = {
+    enable = true;
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts."404.buffet.sh" = {
+      default = true;
+      enableACME = true;
+      forceSSL = true;
+      root = "${website}/404.html";
+    };
+  };
+}
diff --git a/hosts/ami/acme.nix b/hosts/ami/acme.nix
index c500f0f..734ef9e 100644
--- a/hosts/ami/acme.nix
+++ b/hosts/ami/acme.nix
@@ -3,9 +3,6 @@ _: {
     acceptTerms = true;
     defaults.email = "acme@buffet.sh";
     certs."buffet.sh" = {
-      extraDomainNames = [
-        "bitwarden.buffet.sh"
-      ];
     };
   };
 }
diff --git a/hosts/ami/default.nix b/hosts/ami/default.nix
index 87ccfef..ae9f9a0 100644
--- a/hosts/ami/default.nix
+++ b/hosts/ami/default.nix
@@ -9,6 +9,7 @@
     agenix.nixosModules.default
     disko.nixosModules.disko
 
+    ./404.nix
     ./acme.nix
     ./bitwarden.nix
     ./borg.nix
@@ -19,7 +20,7 @@
     ../../users/maintainer
   ];
 
-  age.identityPaths = [ "/root/.ssh/id_agenix" ];
+  age.identityPaths = ["/root/.ssh/id_agenix"];
 
   users = {
     mutableUsers = false;
diff --git a/hosts/ami/forgejo.nix b/hosts/ami/forgejo.nix
index 5531ce5..d3a7932 100644
--- a/hosts/ami/forgejo.nix
+++ b/hosts/ami/forgejo.nix
@@ -1,4 +1,4 @@
-{ pkgs, ...}: let
+{pkgs, ...}: let
   port = 3000;
 in {
   services = {
diff --git a/hosts/ami/system.nix b/hosts/ami/system.nix
index b95f8a3..7dedf5a 100644
--- a/hosts/ami/system.nix
+++ b/hosts/ami/system.nix
@@ -8,10 +8,10 @@
   time.timeZone = "UTC";
   i18n.defaultLocale = "en_US.UTF-8";
 
-      boot.loader.grub = {
-        efiSupport = true;
-        efiInstallAsRemovable = true;
-      };
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
 
   security.sudo.wheelNeedsPassword = false;
   services.openssh.enable = true;
diff --git a/hosts/ami/website.nix b/hosts/ami/website.nix
index 510158d..ebc18a7 100644
--- a/hosts/ami/website.nix
+++ b/hosts/ami/website.nix
@@ -14,11 +14,5 @@
       forceSSL = true;
       root = "${website}";
     };
-
-    virtualHosts."unix.pics" = {
-      enableACME = true;
-      forceSSL = true;
-      root = "/var/lib/stuff/unix.pics";
-    };
   };
 }