bunch of updates to use more effecient DNS split paths

hosts/linode/l001/nginx.nix

@@ -4,6 +4,7 @@
 {
   security.acme.acceptTerms = true;
   security.acme.email = "admin@joshuabell.xyz";
+  # security.acme.default.email = "admin@joshuabell.xyz";
   services.nginx = {
     enable = true;
     recommendedGzipSettings = true;
@@ -11,29 +12,16 @@
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
     virtualHosts = {
-      # default that is put first for fallbacks
-      # Note that order here doesn't matter it orders alphabetically so `0` puts it first
-      # I had an issue tha the first SSL port 443 site would catch any https traffic instead
-      # of hitting my default fallback and this fixes that issue and ensure this is hit instead
-      "001.linodes.joshuabell.xyz" = {
-        default = true;
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          return = "444"; # 404 for not found or 444 for drop
-        };
-      };
-      "172.236.111.33" = {
-        locations."/" = {
-          return = "444";
-        };
-      };
-      "2600:3c06::f03c:95ff:fe1c:84d3" = {
-        locations."/" = {
-          return = "444";
-        };
-      };
-
+      # "172.236.111.33" = {
+      #   locations."/" = {
+      #     return = "444";
+      #   };
+      # };
+      # "2600:3c06::f03c:95ff:fe1c:84d3" = {
+      #   locations."/" = {
+      #     return = "444";
+      #   };
+      # };
       "headscale.joshuabell.xyz" = {
         enableACME = true;
         forceSSL = true;
@@ -42,6 +30,13 @@
           proxyPass = "http://localhost:8080"; # headscale
         };
       };
+      "_" = {
+        rejectSSL = true;
+        default = true;
+        locations."/" = {
+          return = "444"; # 404 for not found or 444 for drop
+        };
+      };
     };
   };