From bc2f78d2e7623b3c26d1e2412dec525afb4c693c Mon Sep 17 00:00:00 2001
From: chn <chn@chn.moe>
Date: Sat, 12 Aug 2023 19:13:24 +0800
Subject: [PATCH] enable patched nginx

---
 modules/services/default.nix | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/modules/services/default.nix b/modules/services/default.nix
index 7d3fe93f..a0dcadb7 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -826,6 +826,27 @@ inputs:
 						recommendedOptimisation = true;
 						recommendedGzipSettings = true;
 						recommendedBrotliSettings = true;
+						package =
+							let
+								patches = inputs.pkgs.fetchFromGitHub
+								{
+									owner = "fooinha";
+									repo = "nginx-ssl-ja3";
+									rev = "35b00242c4aced2e623e392fa58c8d31c99cfaed";
+									sha256 = "BysKzxXveQayaGvFAgtczcIsgWGlOWNd/rCyKf+yjTI=";
+								};
+							in
+								(inputs.pkgs.nginxMainline.override (prev:
+								{
+									openssl = (prev.openssl or inputs.pkgs.openssl).overrideAttrs
+										(prev: { patches = prev.patches ++ [ "${patches}/patches/openssl.extensions.patch" ]; });
+									modules = prev.modules
+										++ [{ name = "ssl-ja3"; src = patches; meta.license = [ inputs.lib.licenses.bsd2 ]; }];
+								})).overrideAttrs (prev:
+								{
+									patches = prev.patches ++ [ "${patches}/patches/nginx.1.23.1.ssl.extensions.patch" ];
+									configureFlags = prev.configureFlags ++ [ "--with-cc-opt='-DJA3_SORT_EXT'" ];
+								});
 					};
 					systemd.services =
 					{