nginx: enable ktls support by default

author: Izorkin <izorkin@elven.pw> 2023-12-31 18:12:40 +0300
committer: Izorkin <izorkin@elven.pw> 2024-01-01 12:02:57 +0300
commit: 10c06cb0608bfad0ad3b1e83017f208fca859cdb (patch)
tree: 59ddd0e6e6adbb5c7300396e1a43f03d29dee5ed /nixos/modules/services/web-servers
parent: dc594fa5f64231c49f04550383f4d03402d89a97 (diff)
1 files changed, 2 insertions, 8 deletions
diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index f44400eb4159..1285c2bbb916 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -1133,14 +1133,6 @@ in
       }
 
       {
-        assertion = any (host: host.kTLS) (attrValues virtualHosts) -> versionAtLeast cfg.package.version "1.21.4";
-        message = ''
-          services.nginx.virtualHosts.<name>.kTLS requires nginx version
-          1.21.4 or above; see the documentation for services.nginx.package.
-        '';
-      }
-
-      {
         assertion = all (host: !(host.enableACME && host.useACMEHost != null)) (attrValues virtualHosts);
         message = ''
           Options services.nginx.service.virtualHosts.<name>.enableACME and
@@ -1348,6 +1340,8 @@ in
       nginx.gid = config.ids.gids.nginx;
     };
 
+    boot.kernelModules = optional (versionAtLeast config.boot.kernelPackages.kernel.version "4.17") "tls";
+
     # do not delete the default temp directories created upon nginx startup
     systemd.tmpfiles.rules = [
       "X /tmp/systemd-private-%b-nginx.service-*/tmp/nginx_*"
author	Izorkin <izorkin@elven.pw>	2023-12-31 18:12:40 +0300
committer	Izorkin <izorkin@elven.pw>	2024-01-01 12:02:57 +0300
commit	10c06cb0608bfad0ad3b1e83017f208fca859cdb (patch)
tree	59ddd0e6e6adbb5c7300396e1a43f03d29dee5ed /nixos/modules/services/web-servers
parent	dc594fa5f64231c49f04550383f4d03402d89a97 (diff)