From b07404b152974e1d16b2d19e77b3e6bf8596a3da Mon Sep 17 00:00:00 2001
From: Asmir A <asmir.abdulahovic@gmail.com>
Date: Sat, 30 Mar 2024 19:49:13 +0100
Subject: [PATCH] disable 3proxy, set http3 on virtual hosts

---
 magpie/configuration.nix | 32 +++++++-------------------------
 1 file changed, 7 insertions(+), 25 deletions(-)

diff --git a/magpie/configuration.nix b/magpie/configuration.nix
index 437d09e..00c1770 100644
--- a/magpie/configuration.nix
+++ b/magpie/configuration.nix
@@ -145,6 +145,7 @@
 
     virtualHosts."project-cloud.net" = {
       quic = true;
+      http3 = true;
       forceSSL = true;
       enableACME = true;
       root = "${project-cloud.packages.${system}.default}/public";
@@ -152,12 +153,14 @@
 
     virtualHosts.${config.services.nextcloud.hostName} = {
       quic = true;
+      http3 = true;
       forceSSL = true;
       enableACME = true;
     };
 
     virtualHosts."miniflux.project-cloud.net" = {
       quic = true;
+      http3 = true;
       forceSSL = true;
       enableACME = true;
       locations."/" = {
@@ -167,6 +170,7 @@
 
     virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
       quic = true;
+      http3 = true;
       forceSSL = true;
       enableACME = true;
       locations."/" = {
@@ -176,6 +180,7 @@
 
     virtualHosts."stats.project-cloud.net" = {
       quic = true;
+      http3 = true;
       forceSSL = true;
       enableACME = true;
       locations."/" = {
@@ -230,24 +235,6 @@
     ProtectSystem = lib.mkForce false;
   };
 
-  services._3proxy = {
-    enable = true;
-    services = [
-      {
-        type = "socks";
-        auth = ["strong"];
-        acl = [
-          {
-            rule = "allow";
-            users = ["3proxy_user"];
-          }
-        ];
-	bindPort = 13128;
-      }
-    ];
-    usersFile = config.sops.secrets."3proxy".path;
-  };
-
   security.acme = {
     acceptTerms = true;
     defaults.email = "asmir.abdulahovic@gmail.com";
@@ -277,14 +264,9 @@
     owner = config.users.users.nextcloud.name;
   };
 
-  sops.secrets."3proxy" = {
-    sopsFile = ./secrets/3proxy.yaml;
-  };
-
-
   networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [80 443 587 13128];
-  networking.firewall.allowedUDPPorts = [];
+  networking.firewall.allowedTCPPorts = [80 443 587];
+  networking.firewall.allowedUDPPorts = [443];
   networking.firewall.allowPing = true;
   networking.firewall.logRefusedConnections = lib.mkDefault false;
   networking.hostName = "magpie";