From 4ffdb4da4fd234754fa67f40a46c0b5677d2f9d3 Mon Sep 17 00:00:00 2001
From: Yuri Tatishchev <itatishch@gmail.com>
Date: Mon, 12 May 2025 00:11:03 -0700
Subject: [PATCH] router: caddy http3 and compression

---
 hosts/router/firewall.nix | 2 +-
 hosts/router/services.nix | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/hosts/router/firewall.nix b/hosts/router/firewall.nix
index 5c00f53..430c34b 100644
--- a/hosts/router/firewall.nix
+++ b/hosts/router/firewall.nix
@@ -86,7 +86,7 @@ in
     content = ''
       ${nftIdentifiers}
       define ALLOWED_TCP_PORTS = { ssh, https }
-      define ALLOWED_UDP_PORTS = { bootps, dhcpv6-server, domain }
+      define ALLOWED_UDP_PORTS = { bootps, dhcpv6-server, domain, https }
       set port_forward_v6 {
           type inet_proto . ipv6_addr . inet_service
           elements = {
diff --git a/hosts/router/services.nix b/hosts/router/services.nix
index a380f01..034ec07 100644
--- a/hosts/router/services.nix
+++ b/hosts/router/services.nix
@@ -56,6 +56,7 @@ in
       hash = "sha256-saKJatiBZ4775IV2C5JLOmZ4BwHKFtRZan94aS5pO90=";
     };
     virtualHosts."grouter.${domain}".extraConfig = ''
+      encode
       tls {
           dns cloudflare {env.CF_API_KEY}
           resolvers 1.1.1.1