diff --git a/flake.lock b/flake.lock index 40e31a1..3c4b843 100644 --- a/flake.lock +++ b/flake.lock @@ -12,11 +12,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1707830867, - "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", + "lastModified": 1712079060, + "narHash": "sha256-/JdiT9t+zzjChc5qQiF+jhrVhRt8figYH29rZO7pFe4=", "owner": "ryantm", "repo": "agenix", - "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", + "rev": "1381a759b205dff7a6818733118d02253340fd5e", "type": "github" }, "original": { @@ -180,11 +180,11 @@ ] }, "locked": { - "lastModified": 1711915616, - "narHash": "sha256-co6LoFA+j6BZEeJNSR8nZ4oOort5qYPskjrDHBaJgmo=", + "lastModified": 1712016346, + "narHash": "sha256-O2nO7pD+krq+4HgkLB4VThRtAucIPfXDs/jJqCGlK1w=", "owner": "nix-community", "repo": "home-manager", - "rev": "820be197ccf3adaad9a8856ef255c13b6cc561a6", + "rev": "4be0464472675212654dedf3e021bd5f1d58b92f", "type": "github" }, "original": { @@ -414,11 +414,11 @@ "river": { "flake": false, "locked": { - "lastModified": 1711462609, - "narHash": "sha256-9+bBWOFQYJSvKkEIItRjiWkauId0NqD8wf3Gs1OFjtw=", + "lastModified": 1712003303, + "narHash": "sha256-RP8PxNti9MF4dIgfGCogiyyRW2+FfJu551jEGf2sbl0=", "ref": "refs/heads/master", - "rev": "1946f284d590df1ba1261ca9303555e0197abfd8", - "revCount": 1224, + "rev": "8b8ac27c4534f3989aa8c789bd282fa7f31597a8", + "revCount": 1226, "submodules": true, "type": "git", "url": "https://github.com/riverwm/river" diff --git a/hosts/falkenstein/modules/nginx/default.nix b/hosts/falkenstein/modules/nginx/default.nix index 25c6c8d..a763ed5 100644 --- a/hosts/falkenstein/modules/nginx/default.nix +++ b/hosts/falkenstein/modules/nginx/default.nix @@ -14,6 +14,7 @@ extraConfig = '' access_log /var/log/nginx/${name}_access.log; error_log /var/log/nginx/${name}_error.log; + add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }) ); diff --git a/hosts/nuc/modules/nginx/default.nix b/hosts/nuc/modules/nginx/default.nix index fda795c..6719eb6 100644 --- a/hosts/nuc/modules/nginx/default.nix +++ b/hosts/nuc/modules/nginx/default.nix @@ -1,4 +1,4 @@ -{ lib, config, ... }: +{ pkgs, lib, config, ... }: { # set default options for virtualHosts options = with lib; { @@ -8,9 +8,13 @@ # split up nginx access logs per vhost enableACME = true; forceSSL = true; + # enable http3 for all hosts + quic = true; + http3 = true; extraConfig = '' access_log /var/log/nginx/${name}_access.log; error_log /var/log/nginx/${name}_error.log; + add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }) ); @@ -18,13 +22,14 @@ }; config = { networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedUDPPorts = [ 443 ]; services.nginx = { enable = true; + package = pkgs.nginxQuic; recommendedTlsSettings = true; recommendedProxySettings = true; recommendedGzipSettings = true; recommendedOptimisation = true; - # virtualHosts = lib.genAttrs v (name: { extraConfig = " lohustuff goes ith ${name}"; }); }; security.acme = { acceptTerms = true; diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index cbfb1f4..e1630e5 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -163,7 +163,7 @@ networkConfig = { Address = "192.168.43.3/32"; DNS = "192.168.43.1"; - Domains = "~vpn.rfive.de"; + Domains = "~vpn.rfive.de ~43.168.192.in-addr.arpa"; DNSSEC = false; BindCarrier = [ "wlp9s0" ]; }; diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index c42bf48..9ee8804 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -31,6 +31,7 @@ # games prismlauncher superTuxKart + space-cadet-pinball # cryptography yubikey-manager