nginx: re-enable quic/http3

2023-04-03 15:03:52 +02:00 · 2023-04-03 15:03:52 +02:00 · 760be91370
parent 0a0feed535
commit 760be91370
13 changed files with 14 additions and 0 deletions
--- a/container/proxitok/default.nix
+++ b/container/proxitok/default.nix
@ -39,6 +39,7 @@
  services.nginx.virtualHosts."tictac.daniel.sx" = {
    listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ];
    quic = true;
    http3 = true;
    onlySSL = true;
--- a/container/weewx/default.nix
+++ b/container/weewx/default.nix
@ -76,6 +76,7 @@ in
    };
  services.nginx.virtualHosts."${secret.container.weewx.hostname}" = {
    quic = true;
    http3 = true;
    kTLS = true;
--- a/system/nixos/anonymous-overflow.nix
+++ b/system/nixos/anonymous-overflow.nix
@ -40,6 +40,7 @@ in
  services.nginx.virtualHosts."overflow.daniel.sx" = {
    listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ];
    quic = true;
    http3 = true;
    root = "${anonymous-overflow-pkg}/share/anonymous-overflow/public/";
--- a/system/nixos/atuin-sync.nix
+++ b/system/nixos/atuin-sync.nix
@ -20,6 +20,7 @@
  services.nginx.virtualHosts."atuin-sync.kempkens.io" = {
    listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ];
    quic = true;
    http3 = true;
    onlySSL = true;
--- a/system/nixos/freshrss.nix
+++ b/system/nixos/freshrss.nix
@ -21,6 +21,7 @@
  # Based on: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/freshrss.nix
  services.nginx.virtualHosts."${secret.freshrss.virtualHost}" = {
    quic = true;
    http3 = true;
    root = "${config.services.freshrss.package}/p";
--- a/system/nixos/invidious.nix
+++ b/system/nixos/invidious.nix
@ -44,6 +44,7 @@ in
  services.nginx.virtualHosts."${fqdn}" = {
    listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ];
    quic = true;
    http3 = true;
    onlySSL = true;
--- a/system/nixos/libreddit.nix
+++ b/system/nixos/libreddit.nix
@ -10,6 +10,7 @@
  services.nginx.virtualHosts."${secret.nginx.hostnames.libreddit}" = {
    listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ];
    quic = true;
    http3 = true;
    onlySSL = true;
--- a/system/nixos/mastodon.nix
+++ b/system/nixos/mastodon.nix
@ -71,6 +71,7 @@ in
  };
  services.nginx.virtualHosts."${web-domain}" = {
    quic = true;
    http3 = true;
    root = "${config.services.mastodon.package}/public/";
@ -115,6 +116,7 @@ in
  };
  services.nginx.virtualHosts."mastodon-cdn.kempkens.io" = {
    quic = true;
    http3 = true;
    kTLS = true;
--- a/system/nixos/nitter.nix
+++ b/system/nixos/nitter.nix
@ -49,6 +49,7 @@ in
  services.nginx.virtualHosts."${secret.nginx.hostnames.nitter}" = {
    listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ];
    quic = true;
    http3 = true;
    root = "${nitter-pkg}/share/nitter/public/";
--- a/system/nixos/ntfy-sh.nix
+++ b/system/nixos/ntfy-sh.nix
@ -21,6 +21,7 @@
  };
  services.nginx.virtualHosts."ntfy.kempkens.io" = {
    quic = true;
    http3 = true;
    forceSSL = true;
--- a/system/nixos/rimgo.nix
+++ b/system/nixos/rimgo.nix
@ -42,6 +42,7 @@ in
  services.nginx.virtualHosts."ringo.daniel.sx" = {
    listenAddresses = [ "100.113.242.85" "[fd7a:115c:a1e0:ab12:4843:cd96:6271:f255]" ];
    quic = true;
    http3 = true;
    onlySSL = true;
--- a/system/nixos/synapse.nix
+++ b/system/nixos/synapse.nix
@ -90,6 +90,7 @@
  networking.firewall.allowedTCPPorts = [ 8008 ];
  services.nginx.virtualHosts."matrix.kempkens.io" = {
    quic = true;
    http3 = true;
    forceSSL = true;
--- a/system/nixos/websites-sail.nix
+++ b/system/nixos/websites-sail.nix
@ -7,6 +7,7 @@
      (domain: {
        name = domain;
        value = {
          quic = true;
          http3 = true;
          kTLS = true;