modules/nixos/nginx: add quic

modules/nixos/nginx.nix

@@ -13,8 +13,12 @@
           enableACME = lib.mkDefault true;
           forceSSL = lib.mkDefault true;
           kTLS = true;
+          quic = true;
 
           extraConfig = ''
+            quic_gso on;
+            quic_retry on;
+            add_header Alt-Svc 'h3=":$server_port"; ma=86400';
             add_header X-Robots-Tag "none, noarchive, nosnippet";
           '';
 
@@ -30,7 +34,12 @@
   imports = [ inputs.srvos.nixosModules.mixins-nginx ];
 
   config = {
+    networking.firewall.allowedUDPPorts = [ 443 ];
+
     services.nginx = {
+      package = pkgs.nginxQuic;
+      enableQuicBPF = true;
+
       appendConfig = ''
         pcre_jit on;
         worker_processes auto;
@@ -40,7 +49,8 @@
       virtualHosts."${config.networking.hostName}.nix-community.org" = {
         default = true;
         locations."/".return = "404";
-        reuseport = true; # should only be set for one virtualHost
+        # required for (quic && `worker_processes auto`), should only be set for one virtualHost
+        reuseport = true;
       };
 
       # localhost is used by the nginx status page