From 06383391c2f9b4f54dfdd701d5156dccaf2ec100 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= <cyplo@cyplo.dev>
Date: Sat, 26 Aug 2023 23:00:18 +0100
Subject: [PATCH] faster and more secure nginx settings for blog

---
 nixos/boxes/mb1/blog.nix | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/nixos/boxes/mb1/blog.nix b/nixos/boxes/mb1/blog.nix
index a75a41d5..e42e0e6c 100644
--- a/nixos/boxes/mb1/blog.nix
+++ b/nixos/boxes/mb1/blog.nix
@@ -1,16 +1,21 @@
-{
-  config,
-  pkgs,
-  ...
-}: let
+{pkgs, ...}: let
   path = "/var/www/blog/";
 in {
   imports = [../nginx.nix];
+
   services.nginx = {
+    recommendedBrotliSettings = true;
+    recommendedGzipSettings = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    package = pkgs.nginxQuic;
     virtualHosts = {
       "blog.cyplo.dev" = {
         forceSSL = true;
         enableACME = true;
+        quic = true;
+        extraConfig = ''
+        '';
         locations."/" = {
           root = path;
         };