From 53b6bcce4f906f4c8440a9d8ec843e99b847bb7b Mon Sep 17 00:00:00 2001
From: Preston Pan <ret2pop@nullring.xyz>
Date: Wed, 11 Mar 2026 15:32:21 -0700
Subject: add quic to nix config

---
 config/nix.org | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/config/nix.org b/config/nix.org
index c355ba5..29d558a 100644
--- a/config/nix.org
+++ b/config/nix.org
@@ -1719,9 +1719,13 @@ to the outside world under a domain.
           root = "${monorepoSelf.packages.${pkgs.system}.website}";
           addSSL = true;
           enableACME = true;
+          quic = true;
+
           locations."/" = {
             extraConfig = ''
   add_header Cache-Control "no-cache, must-revalidate";
+  add_header Alt-Svc 'h3=":443"; ma=86400';
+  include ${monorepoSelf.packages.${pkgs.system}.website}/csp_header.conf;
   expires off;
       '';
           };
@@ -1729,11 +1733,12 @@ to the outside world under a domain.
           locations."~* \\.(?:woff2|ttf|otf|eot|woff|ico|css|js|gif|jpe?g|png|svg|mp3|mp4|iso|webmanifest)$" = {
             extraConfig = ''
   add_header Cache-Control "public, max-age=31536000, immutable";
+  add_header Alt-Svc 'h3=":443"; ma=86400';
+  include ${monorepoSelf.packages.${pkgs.system}.website}/csp_header.conf;
   access_log off;
       '';
           };
           extraConfig = ''
-  include ${monorepoSelf.packages.${pkgs.system}.website}/csp_header.conf;
   rewrite ^/graph_view/?(.*)$ https://graph.${config.monorepo.vars.remoteHost}/$1 permanent;
   '';
         };
@@ -1769,8 +1774,12 @@ to the outside world under a domain.
           root = "${monorepoSelf.packages.${pkgs.system}.website}";
           addSSL = true;
           enableACME = true;
+          quic = true;
           locations."/" = {
-            extraConfig = "rewrite ^/$ /graph_view/index.html break;";
+            extraConfig = ''
+  add_header Alt-Svc 'h3=":443"; ma=86400';
+  rewrite ^/$ /graph_view/index.html break;
+  '';
           };
 
           extraConfig = ''
@@ -1781,6 +1790,7 @@ to the outside world under a domain.
     };
 
     networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ];
+    networking.firewall.allowedUDPPorts = lib.mkIf config.services.nginx.enable [ 443 ];
 
     networking.domains.subDomains = lib.mkIf config.services.nginx.enable {
       "${config.monorepo.vars.remoteHost}" = {};
-- 
cgit v1.3