From 760be9137090623704aed6e37d29c6b013a39211 Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Mon, 3 Apr 2023 15:03:52 +0200 Subject: [PATCH] nginx: re-enable quic/http3 --- container/proxitok/default.nix | 1 + container/weewx/default.nix | 1 + system/nixos/anonymous-overflow.nix | 1 + system/nixos/atuin-sync.nix | 1 + system/nixos/freshrss.nix | 1 + system/nixos/invidious.nix | 1 + system/nixos/libreddit.nix | 1 + system/nixos/mastodon.nix | 2 ++ system/nixos/nitter.nix | 1 + system/nixos/ntfy-sh.nix | 1 + system/nixos/rimgo.nix | 1 + system/nixos/synapse.nix | 1 + system/nixos/websites-sail.nix | 1 + 13 files changed, 14 insertions(+) diff --git a/container/proxitok/default.nix b/container/proxitok/default.nix index 26e4e4a..ce08e45 100644 --- a/container/proxitok/default.nix +++ b/container/proxitok/default.nix @@ -39,6 +39,7 @@ services.nginx.virtualHosts."tictac.daniel.sx" = { listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + quic = true; http3 = true; onlySSL = true; diff --git a/container/weewx/default.nix b/container/weewx/default.nix index 556bc40..b5d798b 100644 --- a/container/weewx/default.nix +++ b/container/weewx/default.nix @@ -76,6 +76,7 @@ in }; services.nginx.virtualHosts."${secret.container.weewx.hostname}" = { + quic = true; http3 = true; kTLS = true; diff --git a/system/nixos/anonymous-overflow.nix b/system/nixos/anonymous-overflow.nix index 1673653..6e39779 100644 --- a/system/nixos/anonymous-overflow.nix +++ b/system/nixos/anonymous-overflow.nix @@ -40,6 +40,7 @@ in services.nginx.virtualHosts."overflow.daniel.sx" = { listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + quic = true; http3 = true; root = "${anonymous-overflow-pkg}/share/anonymous-overflow/public/"; diff --git a/system/nixos/atuin-sync.nix b/system/nixos/atuin-sync.nix index afb4409..a1f2008 100644 --- a/system/nixos/atuin-sync.nix +++ b/system/nixos/atuin-sync.nix @@ -20,6 +20,7 @@ services.nginx.virtualHosts."atuin-sync.kempkens.io" = { listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + quic = true; http3 = true; onlySSL = true; diff --git a/system/nixos/freshrss.nix b/system/nixos/freshrss.nix index 4062b20..30eb4d6 100644 --- a/system/nixos/freshrss.nix +++ b/system/nixos/freshrss.nix @@ -21,6 +21,7 @@ # Based on: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/freshrss.nix services.nginx.virtualHosts."${secret.freshrss.virtualHost}" = { + quic = true; http3 = true; root = "${config.services.freshrss.package}/p"; diff --git a/system/nixos/invidious.nix b/system/nixos/invidious.nix index 3e8e988..6e03535 100644 --- a/system/nixos/invidious.nix +++ b/system/nixos/invidious.nix @@ -44,6 +44,7 @@ in services.nginx.virtualHosts."${fqdn}" = { listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + quic = true; http3 = true; onlySSL = true; diff --git a/system/nixos/libreddit.nix b/system/nixos/libreddit.nix index f164749..d3f9b1c 100644 --- a/system/nixos/libreddit.nix +++ b/system/nixos/libreddit.nix @@ -10,6 +10,7 @@ services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = { listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + quic = true; http3 = true; onlySSL = true; diff --git a/system/nixos/mastodon.nix b/system/nixos/mastodon.nix index e450a32..d8d4eb9 100644 --- a/system/nixos/mastodon.nix +++ b/system/nixos/mastodon.nix @@ -71,6 +71,7 @@ in }; services.nginx.virtualHosts."${web-domain}" = { + quic = true; http3 = true; root = "${config.services.mastodon.package}/public/"; @@ -115,6 +116,7 @@ in }; services.nginx.virtualHosts."mastodon-cdn.kempkens.io" = { + quic = true; http3 = true; kTLS = true; diff --git a/system/nixos/nitter.nix b/system/nixos/nitter.nix index 40f9724..979e9fd 100644 --- a/system/nixos/nitter.nix +++ b/system/nixos/nitter.nix @@ -49,6 +49,7 @@ in services.nginx.virtualHosts."${secret.nginx.hostnames.nitter}" = { listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + quic = true; http3 = true; root = "${nitter-pkg}/share/nitter/public/"; diff --git a/system/nixos/ntfy-sh.nix b/system/nixos/ntfy-sh.nix index 920baf8..e8c38c4 100644 --- a/system/nixos/ntfy-sh.nix +++ b/system/nixos/ntfy-sh.nix @@ -21,6 +21,7 @@ }; services.nginx.virtualHosts."ntfy.kempkens.io" = { + quic = true; http3 = true; forceSSL = true; diff --git a/system/nixos/rimgo.nix b/system/nixos/rimgo.nix index fc3b6ca..841fe29 100644 --- a/system/nixos/rimgo.nix +++ b/system/nixos/rimgo.nix @@ -42,6 +42,7 @@ in services.nginx.virtualHosts."ringo.daniel.sx" = { listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ]; + quic = true; http3 = true; onlySSL = true; diff --git a/system/nixos/synapse.nix b/system/nixos/synapse.nix index a27214a..d778ec2 100644 --- a/system/nixos/synapse.nix +++ b/system/nixos/synapse.nix @@ -90,6 +90,7 @@ networking.firewall.allowedTCPPorts = [ 8008 ]; services.nginx.virtualHosts."matrix.kempkens.io" = { + quic = true; http3 = true; forceSSL = true; diff --git a/system/nixos/websites-sail.nix b/system/nixos/websites-sail.nix index cce5381..acf3f5d 100644 --- a/system/nixos/websites-sail.nix +++ b/system/nixos/websites-sail.nix @@ -7,6 +7,7 @@ (domain: { name = domain; value = { + quic = true; http3 = true; kTLS = true;