From c3df4ff2b94ac50022654fdaebf92a57c4eeb1af Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Thu, 10 Oct 2024 17:07:37 +1000
Subject: [PATCH] modules/nixos/nginx: add quic

---
 modules/nixos/nginx.nix | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix
index 9662e8d..153a38d 100644
--- a/modules/nixos/nginx.nix
+++ b/modules/nixos/nginx.nix
@@ -13,8 +13,12 @@
           enableACME = lib.mkDefault true;
           forceSSL = lib.mkDefault true;
           kTLS = true;
+          quic = true;
 
           extraConfig = ''
+            quic_gso on;
+            quic_retry on;
+            add_header Alt-Svc 'h3=":$server_port"; ma=86400';
             add_header X-Robots-Tag "none, noarchive, nosnippet";
           '';
 
@@ -30,7 +34,12 @@
   imports = [ inputs.srvos.nixosModules.mixins-nginx ];
 
   config = {
+    networking.firewall.allowedUDPPorts = [ 443 ];
+
     services.nginx = {
+      package = pkgs.nginxQuic;
+      enableQuicBPF = true;
+
       appendConfig = ''
         pcre_jit on;
         worker_processes auto;
@@ -40,7 +49,8 @@
       virtualHosts."${config.networking.hostName}.nix-community.org" = {
         default = true;
         locations."/".return = "404";
-        reuseport = true; # should only be set for one virtualHost
+        # required for (quic && `worker_processes auto`), should only be set for one virtualHost
+        reuseport = true;
       };
 
       # localhost is used by the nginx status page