From 89c283ee9915b21e8c60a400f78e3ec675241d95 Mon Sep 17 00:00:00 2001
From: Ivan Bushchik <ivabus@ivabus.dev>
Date: Sun, 10 Dec 2023 09:36:24 +0300
Subject: [PATCH] Enable http/3 on all websites

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
---
 machines/rubusidaeus/default.nix | 6 ++++++
 roles/server/ivabus-dev.nix      | 1 +
 roles/server/nginx.nix           | 2 ++
 3 files changed, 9 insertions(+)

diff --git a/machines/rubusidaeus/default.nix b/machines/rubusidaeus/default.nix
index 57ee49d..ead730d 100644
--- a/machines/rubusidaeus/default.nix
+++ b/machines/rubusidaeus/default.nix
@@ -61,33 +61,39 @@ in {
       locations."/".proxyPass = "http://${secrets.maas-address}:8081";
       enableACME = true;
       addSSL = true;
+      http3 = true;
       serverAliases = [ "www.iva.bz" ];
     };
     virtualHosts."xn--80acbx2cl.xn--p1ai" = {
       locations."/".proxyPass = "http://${secrets.maas-address}:8083";
       enableACME = true;
       addSSL = true;
+      http3 = true;
       serverAliases = [ "ивабус.рф" ];
     };
     virtualHosts."music.ivabus.dev" = {
       locations."/".proxyPass = "http://${secrets.maas-address}:4533";
       enableACME = true;
       forceSSL = true;
+      http3 = true;
     };
     virtualHosts."storage.ivabus.dev" = {
       locations."/".proxyPass = "http://${secrets.maas-address}:80";
       enableACME = true;
       forceSSL = true;
+      http3 = true;
     };
     virtualHosts."slides.ivabus.dev" = {
       locations."/".proxyPass = "http://${secrets.maas-address}:80";
       enableACME = true;
       forceSSL = true;
+      http3 = true;
     };
     virtualHosts."git.ivabus.dev" = {
       locations."/".proxyPass = "http://${secrets.maas-address}:3000";
       enableACME = true;
       forceSSL = true;
+      http3 = true;
     };
   };
 
diff --git a/roles/server/ivabus-dev.nix b/roles/server/ivabus-dev.nix
index c3b21a6..3101424 100644
--- a/roles/server/ivabus-dev.nix
+++ b/roles/server/ivabus-dev.nix
@@ -9,6 +9,7 @@ in {
       virtualHosts."ivabus.dev" = {
         forceSSL = true;
         enableACME = true;
+        http3 = true;
 
         root = pkgs.callPackage ../../pkgs/ivabus-dev.nix { };
 
diff --git a/roles/server/nginx.nix b/roles/server/nginx.nix
index 848f01c..f9044b5 100644
--- a/roles/server/nginx.nix
+++ b/roles/server/nginx.nix
@@ -7,6 +7,7 @@ in {
   config = lib.mkIf (cfg.enable) {
     services.nginx = {
       enable = true;
+      package = pkgs.nginxQuic;
       recommendedGzipSettings = true;
       recommendedOptimisation = true;
       recommendedProxySettings = true;
@@ -18,5 +19,6 @@ in {
       defaults.email = "ivabus@ivabus.dev";
     };
     networking.firewall.allowedTCPPorts = [ 80 443 ];
+    networking.firewall.allowedUDPPorts = [ 80 443 ];
   };
 }