From bce3c7ca65e86dc985f445ae0ead83e46d1970a6 Mon Sep 17 00:00:00 2001
From: Noratrieb <48135649+Noratrieb@users.noreply.github.com>
Date: Mon, 5 Aug 2024 20:39:59 +0200
Subject: [PATCH] reject HTTP nicely

---
 newinfra/nix/modules/ingress/Caddyfile   | 2 --
 newinfra/nix/modules/ingress/default.nix | 6 ++++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/newinfra/nix/modules/ingress/Caddyfile b/newinfra/nix/modules/ingress/Caddyfile
index 1db7186..af05a9a 100644
--- a/newinfra/nix/modules/ingress/Caddyfile
+++ b/newinfra/nix/modules/ingress/Caddyfile
@@ -24,8 +24,6 @@
 	}
 }
 
-# TODO: compression?
-
 www.noratrieb.dev {
 	redir https://noratrieb.dev{uri} permanent
 }
diff --git a/newinfra/nix/modules/ingress/default.nix b/newinfra/nix/modules/ingress/default.nix
index ba48ff0..ddc0608 100644
--- a/newinfra/nix/modules/ingress/default.nix
+++ b/newinfra/nix/modules/ingress/default.nix
@@ -1,5 +1,6 @@
 { pkgs, config, lib, name, website, slides, blog, ... }: {
   networking.firewall.allowedTCPPorts = [
+    80
     443
   ];
 
@@ -11,6 +12,11 @@
         ''
           {
               email nilstrieb@proton.me
+              auto_https disable_redirects
+          }
+
+          http:// {
+            respond "This is an HTTP-only server, silly you. Go to https:// instead." 400
           }
 
           ${config.networking.hostName}.infra.noratrieb.dev {