From 3e52c2b922da69a2a2fa8a8400f4efa01200cffc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Fri, 14 Feb 2025 00:21:21 +0100
Subject: [PATCH] fix(vpn): disable IPv6 for nginx

Tailscale Mullvad exit nodes currently don't support IPv6 and this is
causing issues with nginx (proxy pass) requests timing out and high CPU load.
Until Mullvad exit nodes support IPv6, we'll just disable IPv6 for nginx.
---
 system/vpn.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/system/vpn.nix b/system/vpn.nix
index c3d3afb..c8543b4 100644
--- a/system/vpn.nix
+++ b/system/vpn.nix
@@ -56,4 +56,9 @@ in
     sslCertificate = "/var/lib/tailscale/certs/${tailnetHost}.crt";
     sslCertificateKey = "/var/lib/tailscale/certs/${tailnetHost}.key";
   };
+
+  # TODO Tailscale Mullvad exit nodes currently don't support IPv6 and this is
+  # causing issues with nginx (proxy pass) requests timing out and high CPU load.
+  # Until Mullvad exit nodes support IPv6, we'll just disable IPv6 for nginx.
+  services.nginx.resolver.ipv6 = false;
 }