From 2c819776f8cb09528548c0a32c64432d863429e8 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Wed, 27 May 2026 23:36:18 +0900
Subject: [PATCH] treewide/nginx: enable kTLS for a bunch more virtualHosts

---
 hosts/bekkalokk/services/website/default.nix        | 4 ++++
 hosts/bicep/services/git-mirrors/default.nix        | 1 +
 hosts/bicep/services/matrix/hookshot/default.nix    | 1 +
 hosts/bicep/services/matrix/out-of-your-element.nix | 1 +
 4 files changed, 7 insertions(+)

diff --git a/hosts/bekkalokk/services/website/default.nix b/hosts/bekkalokk/services/website/default.nix
index 56abdf5..15562e2 100644
--- a/hosts/bekkalokk/services/website/default.nix
+++ b/hosts/bekkalokk/services/website/default.nix
@@ -119,6 +119,7 @@ in {
   services.nginx.virtualHosts."pvv.ntnu.no" = {
     globalRedirect = cfg.domainName;
     redirectCode = 307;
+    kTLS = true;
     forceSSL = true;
     useACMEHost = "www.pvv.ntnu.no";
   };
@@ -126,6 +127,7 @@ in {
   services.nginx.virtualHosts."www.pvv.org" = {
     globalRedirect = cfg.domainName;
     redirectCode = 307;
+    kTLS = true;
     forceSSL = true;
     useACMEHost = "www.pvv.ntnu.no";
   };
@@ -133,11 +135,13 @@ in {
   services.nginx.virtualHosts."pvv.org" = {
     globalRedirect = cfg.domainName;
     redirectCode = 307;
+    kTLS = true;
     forceSSL = true;
     useACMEHost = "www.pvv.ntnu.no";
   };
 
   services.nginx.virtualHosts.${cfg.domainName} = {
+    kTLS = true;
     locations = {
       # Proxy home directories
       "^~ /~" = {
diff --git a/hosts/bicep/services/git-mirrors/default.nix b/hosts/bicep/services/git-mirrors/default.nix
index 4f2f730..e691c13 100644
--- a/hosts/bicep/services/git-mirrors/default.nix
+++ b/hosts/bicep/services/git-mirrors/default.nix
@@ -83,6 +83,7 @@ in
   };
 
   services.nginx.virtualHosts."mirrors.pvv.ntnu.no" = {
+    kTLS = true;
     forceSSL = true;
     enableACME = true;
 
diff --git a/hosts/bicep/services/matrix/hookshot/default.nix b/hosts/bicep/services/matrix/hookshot/default.nix
index 8b89eec..32083e3 100644
--- a/hosts/bicep/services/matrix/hookshot/default.nix
+++ b/hosts/bicep/services/matrix/hookshot/default.nix
@@ -146,6 +146,7 @@ in
   };
 
   services.nginx.virtualHosts."hookshot.pvv.ntnu.no" = {
+    kTLS = true;
     enableACME = true;
     addSSL = true;
     locations."/" = {
diff --git a/hosts/bicep/services/matrix/out-of-your-element.nix b/hosts/bicep/services/matrix/out-of-your-element.nix
index 16ec794..482d6f0 100644
--- a/hosts/bicep/services/matrix/out-of-your-element.nix
+++ b/hosts/bicep/services/matrix/out-of-your-element.nix
@@ -80,6 +80,7 @@ in
   };
 
   services.nginx.virtualHosts."ooye.pvv.ntnu.no" = {
+    kTLS = true;
     forceSSL = true;
     enableACME = true;
     locations."/".proxyPass = "http://localhost:${cfg.socket}";