From aa6f7e3038eb1a66c10bc9b0d4ad4333cd674e42 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Wed, 24 Dec 2025 12:44:43 +0900
Subject: [PATCH] base/nginx: enable extra listen paramenters by default

---
 base/services/nginx.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/base/services/nginx.nix b/base/services/nginx.nix
index ee7b602..d628cb5 100644
--- a/base/services/nginx.nix
+++ b/base/services/nginx.nix
@@ -40,6 +40,25 @@
   };
 
   services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable {
+    listen = [
+      {
+        addr = "0.0.0.0";
+        extraParameters = [
+          "default_server"
+          # Seemingly the default value of net.core.somaxconn
+          "backlog=4096"
+          "deferred"
+        ];
+      }
+      {
+        addr = "[::0]";
+        extraParameters = [
+          "default_server"
+          "backlog=4096"
+          "deferred"
+        ];
+      }
+    ];
     sslCertificate = "/etc/certs/nginx.crt";
     sslCertificateKey = "/etc/certs/nginx.key";
     addSSL = true;