From dc29ed2d52b55791b980c4c3ffaedcad687d7549 Mon Sep 17 00:00:00 2001
From: catvayor <catvayor@katvayor.net>
Date: Wed, 19 Jun 2024 10:01:16 +0200
Subject: [PATCH] add recommanded proxy settings to acme fallback

---
 nixos/modules/services/web-servers/nginx/default.nix       | 1 +
 nixos/modules/services/web-servers/nginx/vhost-options.nix | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index f9720c362..5d68f4a7b 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -372,6 +372,7 @@ let
             location @acme-fallback {
               auth_basic off;
               auth_request off;
+              ${optionalString (vhost.acmeFallbackRecommendedProxySettings) "include ${recommendedProxyConfig};"}
               proxy_pass http://${vhost.acmeFallbackHost};
             }
           ''}
diff --git a/nixos/modules/services/web-servers/nginx/vhost-options.nix b/nixos/modules/services/web-servers/nginx/vhost-options.nix
index 24fcb101c..272d2e364 100644
--- a/nixos/modules/services/web-servers/nginx/vhost-options.nix
+++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix
@@ -132,6 +132,13 @@ with lib;
         specify here.
       '';
     };
+    acmeFallbackRecommendedProxySettings = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Enable recommended proxy settings for ACME fallback.
+      '';
+    };
 
     addSSL = mkOption {
       type = types.bool;
-- 
2.45.1