From 11a7f90a1c5a9e8abc5ee67d60da292c6a438a79 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Tue, 30 Jan 2024 00:59:24 +0100
Subject: [PATCH] nginx: respect defaultListenAddresses when overwriting listen
 for tcp fastopen

---
 modules/nginx.nix | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/modules/nginx.nix b/modules/nginx.nix
index 595a9ab..a146e4c 100644
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@@ -25,6 +25,7 @@ in
           Wether to add a default server which always responds with 404.
           This is useful when using a wildcard cname with a wildcard certitificate to not return the first server entry in the config on unknown subdomains
           or to do the same for an old and not fully removed domain.
+          The addresses to listen on are derived from services.nginx.defaultListenAddresses.
         '';
       };
 
@@ -180,12 +181,10 @@ in
                 "/".return = 404;
               };
 
-              listen = lib.mkIf cfg.tcpFastOpen (lib.mkDefault [
-                { addr = "0.0.0.0"; port = 80; inherit extraParameters; }
-                { addr = "0.0.0.0"; port = 443; ssl = true; inherit extraParameters; }
-                { addr = "[::]"; port = 80; inherit extraParameters; }
-                { addr = "[::]"; port = 443; ssl = true; inherit extraParameters; }
-              ]);
+              listen = lib.mkIf cfg.tcpFastOpen (lib.mkDefault (lib.flatten (map (addr: [
+                { inherit addr; port = 80; inherit extraParameters; }
+                { inherit addr; port = 443; ssl = true; inherit extraParameters; }
+              ]) config.services.nginx.defaultListenAddresses)));
 
               quic = lib.mkIf cfg.configureQuic true;
             };