From 73563649838646ed9845a5c32ceb3b7a52e30df1 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Wed, 24 Dec 2025 12:34:57 +0900
Subject: [PATCH] bekkalokk/bluemap: enable kTLS, HTTP3 and QUIC for nginx

---
 hosts/bekkalokk/services/bluemap.nix | 24 +++++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

diff --git a/hosts/bekkalokk/services/bluemap.nix b/hosts/bekkalokk/services/bluemap.nix
index ca79acc..822429a 100644
--- a/hosts/bekkalokk/services/bluemap.nix
+++ b/hosts/bekkalokk/services/bluemap.nix
@@ -86,11 +86,6 @@ in {
     };
   };
 
-  services.nginx.virtualHosts."minecraft.pvv.ntnu.no" = {
-    enableACME = true;
-    forceSSL = true;
-  };
-
   systemd.services."render-bluemap-maps" = {
     serviceConfig = {
       StateDirectory = [ "bluemap/world" ];
@@ -110,4 +105,23 @@ in {
       ];
     };
   };
+
+  services.nginx.virtualHosts."minecraft.pvv.ntnu.no" = {
+    enableACME = true;
+    forceSSL = true;
+    kTLS = true;
+    http3 = true;
+    quic = true;
+    http3_hq = true;
+    extraConfig = ''
+      # Enabling QUIC 0-RTT
+      ssl_early_data on;
+
+      quic_gso on;
+      quic_retry on;
+      add_header Alt-Svc 'h3=":$server_port"; ma=86400';
+    '';
+  };
+
+  networking.firewall.allowedUDPPorts = [ 443 ];
 }