feat: open firewall to allow QUIC

2025-02-16 19:50:55 +01:00 · 2025-02-16 19:50:55 +01:00 · c2dfcdd9f7
commit c2dfcdd9f7
parent 853c9e2a2d
1 changed files with 44 additions and 34 deletions
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@ -2,23 +2,26 @@
  config,
  lib,
  ...
-}: let
-  inherit
-    (lib)
+}:
+let
+  inherit (lib)
    mkBefore
    mkEnableOption
    mkIf
    mkOption
    types
    ;
-in {
+in
+{
  options.services.nginx = {
    recommendedSetup = mkEnableOption "recommended setup parameters.";
    recommendedSecurityHeaders = mkEnableOption "additional security headers by default in each location block. Can be overwritten in each location with `recommendedSecurityHeaders`.";
    virtualHosts = mkOption {
-      type = types.attrsOf (types.submodule {
+      type = types.attrsOf (
+        types.submodule {
          options.locations = mkOption {
-          type = types.attrsOf (types.submodule (submod: {
+            type = types.attrsOf (
+              types.submodule (submod: {
                options = {
                  recommendedSecurityHeaders = mkOption {
                    type = types.bool;
@ -45,9 +48,11 @@ in {
                    add_header X-Content-Type-Options "nosniff";
                  '';
                };
-          }));
+              })
+            );
          };
-      });
+        }
+      );
    };
  };

@ -58,7 +63,12 @@ in {
      group = "nginx";
    };

-    networking.firewall.allowedTCPPorts = [80 443];
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+    # QUIC
+    networking.firewall.allowedUDPPorts = [ 443 ];

    # Sensible defaults for nginx
    services.nginx = {