NixOS · Izorkin · Jun 29, 2022
diff --git a/nixos/doc/manual/release-notes/rl-2511.section.md b/nixos/doc/manual/release-notes/rl-2511.section.md
@@ -8,6 +8,8 @@
 
 - Secure boot support can now be enabled for the Limine bootloader through {option}`boot.loader.limine.secureBoot.enable`. Bootloader install script signs the bootloader, then kernels are hashed during system rebuild and written to a config. This allows Limine to boot only the kernels installed through NixOS system.
 
+- Curl is now built with the HTTP/3 protocol enabled by default.
+
 - The default PostgreSQL version for new NixOS installations (i.e. with `system.stateVersion >= 25.11`) is v17.
 
 - The NetworkManager module does not ship with a default set of VPN plugins anymore. All required VPN plugins must now be explicitly configured in [`networking.networkmanager.plugins`](#opt-networking.networkmanager.plugins).

diff --git a/nixos/tests/haproxy.nix b/nixos/tests/haproxy.nix
@@ -67,9 +67,6 @@
       };
     client =
       { pkgs, ... }:
-      {
-        environment.systemPackages = [ pkgs.curlHTTP3 ];
-      };
   };
   testScript = ''
     # Helpers

diff --git a/nixos/tests/nginx-http3.nix b/nixos/tests/nginx-http3.nix
@@ -66,7 +66,6 @@ builtins.listToAttrs (
           client =
             { pkgs, ... }:
             {
-              environment.systemPackages = [ pkgs.curlHTTP3 ];
               networking = {
                 interfaces.eth1 = {
                   ipv4.addresses = [

diff --git a/nixos/tests/rustls-libssl.nix b/nixos/tests/rustls-libssl.nix
@@ -64,7 +64,6 @@ in
     client =
       { pkgs, ... }:
       {
-        environment.systemPackages = [ pkgs.curlHTTP3 ];
         networking = {
           interfaces.eth1 = {
             ipv4.addresses = [

diff --git a/nixos/tests/sing-box.nix b/nixos/tests/sing-box.nix
@@ -249,7 +249,6 @@ in
         ];
 
         environment.systemPackages = [
-          pkgs.curlHTTP3
           pkgs.iproute2
         ];
 
@@ -308,7 +307,6 @@ in
         ];
 
         environment.systemPackages = [
-          pkgs.curlHTTP3
           pkgs.iproute2
         ];
 
@@ -369,8 +367,6 @@ in
           (builtins.readFile ./common/acme/server/ca.cert.pem)
         ];
 
-        environment.systemPackages = [ pkgs.curlHTTP3 ];
-
         systemd.services.sing-box.serviceConfig.ExecStartPost = [
           "+${tproxyPost}/bin/exe"
         ];

diff --git a/nixos/tests/web-servers/h2o/basic.nix b/nixos/tests/web-servers/h2o/basic.nix
@@ -43,10 +43,6 @@ in
     server =
       { pkgs, ... }:
       {
-        environment.systemPackages = [
-          pkgs.curlHTTP3
-        ];
-
         services.h2o = {
           enable = true;
           defaultHTTPListenPort = port.HTTP;

diff --git a/pkgs/by-name/ht/https-dns-proxy/package.nix b/pkgs/by-name/ht/https-dns-proxy/package.nix
@@ -5,13 +5,10 @@
   cmake,
   gtest,
   c-ares,
-  curlHTTP3,
+  curl,
   libev,
 }:
 
-let
-  curl' = curlHTTP3;
-in
 stdenv.mkDerivation rec {
   pname = "https-dns-proxy";
   # there are no stable releases (yet?)
@@ -38,7 +35,7 @@ stdenv.mkDerivation rec {
 
   buildInputs = [
     c-ares
-    curl'
+    curl
     libev
   ];
 

diff --git a/pkgs/by-name/ng/nghttp3/package.nix b/pkgs/by-name/ng/nghttp3/package.nix
@@ -1,21 +1,17 @@
 {
   lib,
   stdenv,
-  fetchFromGitHub,
+  fetchurl,
   cmake,
-  curlHTTP3,
 }:
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "nghttp3";
   version = "1.11.0";
 
-  src = fetchFromGitHub {
-    owner = "ngtcp2";
-    repo = "nghttp3";
-    tag = "v${finalAttrs.version}";
-    hash = "sha256-8WQfXzzF3K0IJNectrE1amQ6Njq4pZslrcVun6Uhi6E=";
-    fetchSubmodules = true;
+  src = fetchurl {
+    url = "https://github.com/ngtcp2/nghttp3/releases/download/v${finalAttrs.version}/nghttp3-${finalAttrs.version}.tar.bz2";
+    hash = "sha256-AAKlyoVtsFmqbcac9zL7sA2aHnPteISPXUjyYh8gyoo=";
   };
 
   outputs = [
@@ -32,13 +28,9 @@ stdenv.mkDerivation (finalAttrs: {
 
   doCheck = true;
 
-  passthru.tests = {
-    inherit curlHTTP3;
-  };
-
   meta = {
     homepage = "https://github.com/ngtcp2/nghttp3";
-    changelog = "https://github.com/ngtcp2/nghttp3/releases/tag/${finalAttrs.src.tag}";
+    changelog = "https://github.com/ngtcp2/nghttp3/releases/tag/${finalAttrs.version}";
     description = "Implementation of HTTP/3 mapping over QUIC and QPACK in C";
     license = lib.licenses.mit;
     platforms = lib.platforms.unix;

diff --git a/pkgs/development/libraries/ngtcp2/default.nix b/pkgs/development/libraries/ngtcp2/default.nix
@@ -1,28 +1,23 @@
 {
   lib,
   stdenv,
-  fetchFromGitHub,
+  fetchurl,
   cmake,
   brotli,
   libev,
   nghttp3,
   quictls,
   withJemalloc ? false,
   jemalloc,
-  curlHTTP3,
 }:
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "ngtcp2";
   version = "1.14.0";
 
-  src = fetchFromGitHub {
-    owner = "ngtcp2";
-    repo = "ngtcp2";
-    # must match version usage in meta.changelog
-    tag = "v${finalAttrs.version}";
-    hash = "sha256-5Pmk752i/lgO/os2SegevGN+MKaVuQii2HrVWaR15Gg=";
-    fetchSubmodules = true;
+  src = fetchurl {
+    url = "https://github.com/ngtcp2/ngtcp2/releases/download/v${finalAttrs.version}/ngtcp2-${finalAttrs.version}.tar.bz2";
+    hash = "sha256-I+Q2UvVwKzGm53S5ON2XtqAyW8UiyUM4R+bG/BYBvrU=";
   };
 
   outputs = [
@@ -46,10 +41,6 @@ stdenv.mkDerivation (finalAttrs: {
 
   doCheck = true;
 
-  passthru.tests = {
-    inherit curlHTTP3;
-  };
-
   meta = {
     homepage = "https://github.com/ngtcp2/ngtcp2";
     changelog = "https://github.com/ngtcp2/ngtcp2/releases/tag/v${finalAttrs.version}";

diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
@@ -2661,15 +2661,12 @@ with pkgs;
     websocketSupport = true;
   };
 
-  curlHTTP3 = curl.override {
-    http3Support = true;
-  };
-
   curl = curlMinimal.override (
     {
       idnSupport = true;
       pslSupport = true;
       zstdSupport = true;
+      http3Support = true;
     }
     // lib.optionalAttrs (!stdenv.hostPlatform.isStatic) {
       brotliSupport = true;