From 17dc383a97b9dd628f9732df35c5c303d4c44ae7 Mon Sep 17 00:00:00 2001
From: Mohammad Rafiq <rafiq@rrv.sh>
Date: Fri, 13 Jun 2025 01:26:52 +0800
Subject: [PATCH] feat(networking): disable ipv6 and add ssl check to proxy
 passes

---
 modules/nixos/hardware/networking.nix              | 9 ++++++---
 modules/nixos/server/web-servers/nginx/default.nix | 5 +++--
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/modules/nixos/hardware/networking.nix b/modules/nixos/hardware/networking.nix
index cc00ccd..89ea093 100644
--- a/modules/nixos/hardware/networking.nix
+++ b/modules/nixos/hardware/networking.nix
@@ -2,9 +2,12 @@
 {
   config = lib.mkMerge [
     {
-      networking.useDHCP = lib.mkDefault true;
-      networking.hostName = config.system.hostname;
-      networking.networkmanager.enable = true;
+      networking = {
+        enableIPv6 = false;
+        useDHCP = lib.mkDefault true;
+        hostName = config.system.hostname;
+        networkmanager.enable = true;
+      };
 
       services.openssh = {
         enable = true;
diff --git a/modules/nixos/server/web-servers/nginx/default.nix b/modules/nixos/server/web-servers/nginx/default.nix
index 6fc74ef..d193753 100644
--- a/modules/nixos/server/web-servers/nginx/default.nix
+++ b/modules/nixos/server/web-servers/nginx/default.nix
@@ -9,20 +9,21 @@ let
   inherit (lib.pantheon) mkStrOption;
   inherit (builtins) listToAttrs map;
   cfg = config.server.web-servers.nginx;
+  sslCheck = if config.server.web-servers.enableSSL then true else false;
   defaultSink = mkIf cfg.enableDefaultSink {
     "_" = {
       default = true;
-      rejectSSL = true;
+      rejectSSL = sslCheck;
       locations."/" = {
         return = "444";
       };
     };
   };
-  sslCheck = if config.server.web-servers.enableSSL then true else false;
   proxyPasses = listToAttrs (
     map (proxy: {
       name = proxy.source;
       value = {
+        addSSL = sslCheck;
         enableACME = sslCheck;
         acmeRoot = null;
         locations."/" = {