From db75f901032d7cea58f43cef27d12d9754cc099a Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Thu, 3 Jul 2025 17:36:32 +0200
Subject: [PATCH] nixos/nginx: remove recommendedZstdSettings, add experimental
 option

The zstd nginx module has known bugs and upstream is currently not
maintained. We should not recommend a buggy module and configuration
to our users since we are not maintaining the module either.
---
 .../services/web-servers/nginx/default.nix    | 20 ++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix
index cd4f404a58ee..3eaed22f3d35 100644
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@@ -171,6 +171,14 @@ let
           quic_bpf on;
         ''}
 
+        ${optionalString cfg.experimentalZstdSettings ''
+          zstd on;
+          zstd_comp_level 9;
+          zstd_min_length 256;
+          zstd_static on;
+          zstd_types ${lib.concatStringsSep " " compressMimeTypes};
+        ''}
+
         ${cfg.config}
 
         ${optionalString (cfg.eventsConfig != "" || cfg.config == "") ''
@@ -630,11 +638,11 @@ in
         '';
       };
 
-      recommendedZstdSettings = mkOption {
+      experimentalZstdSettings = mkOption {
         default = false;
         type = types.bool;
         description = ''
-          Enable recommended zstd settings.
+          Enable alpha quality zstd module with recommended settings.
           Learn more about compression in Zstd format [here](https://github.com/tokers/zstd-nginx-module).
 
           This adds `pkgs.nginxModules.zstd` to `services.nginx.additionalModules`.
@@ -1305,6 +1313,12 @@ in
       [ "services" "nginx" "proxyCache" "enable" ]
       [ "services" "nginx" "proxyCachePath" "" "enable" ]
     )
+    (mkRemovedOptionModule [ "services" "nginx" "recommendedZstdSettings" ] ''
+      The zstd module for Nginx has known bugs and is not maintained well. It is thus not
+      generally recommend to use it. You may enable anyway by setting
+      `services.nginx.experimentalZstdSettings` which adds the same configuration as the
+      removed option.
+    '')
   ];
 
   config = mkIf cfg.enable {
@@ -1453,7 +1467,7 @@ in
 
     services.nginx.additionalModules =
       optional cfg.recommendedBrotliSettings pkgs.nginxModules.brotli
-      ++ lib.optional cfg.recommendedZstdSettings pkgs.nginxModules.zstd;
+      ++ lib.optional cfg.experimentalZstdSettings pkgs.nginxModules.zstd;
 
     services.nginx.virtualHosts.localhost = mkIf cfg.statusPage {
       serverAliases = [ "127.0.0.1" ] ++ lib.optional config.networking.enableIPv6 "[::1]";