Merge pull request 'move rss services to sid' (#49) from develop into master

Reviewed-on: #49

hosts/rx4/services/default.nix

@@ -18,8 +18,6 @@
     ./nginx.nix
     ./open-webui-oci.nix
     ./print-server.nix
-    ./rss-bridge.nix
-    ./rsshub-oci.nix
     ./vaultwarden.nix
 
     # ./alditalk-extender.nix # FIXME

hosts/sid/services/default.nix

@@ -17,6 +17,8 @@
     ./netdata.nix
     ./nginx.nix
     ./radicale.nix
+    ./rss-bridge.nix
+    ./rsshub-oci.nix
     ./step-ca.nix
   ];
 }

hosts/sid/services/nginx.nix

@@ -77,18 +77,6 @@ in
         error_log /var/log/nginx/open-webui-error.log debug;
       '';
     };
-    virtualHosts."${constants.services.rss-bridge.fqdn}" = {
-      enableACME = ssl;
-      forceSSL = ssl;
-      locations."/" = {
-        proxyPass = "http://${constants.hosts.rx4.ip}";
-      };
-    };
-    virtualHosts."${constants.services.rsshub-oci.fqdn}" = mkVirtualHost {
-      inherit ssl;
-      address = constants.hosts.rx4.ip;
-      port = constants.services.rsshub-oci.port;
-    };
     virtualHosts."${constants.services.vaultwarden.fqdn}" = {
       useACMEHost = "sid-internal";
       forceSSL = ssl;

hosts/sid/services/rss-bridge.nix

@@ -8,7 +8,7 @@
     reverseProxy = {
       enable = true;
       subdomain = constants.services.rss-bridge.subdomain;
-      forceSSL = false;
+      forceSSL = true;
     };
   };
 }

hosts/sid/services/rsshub-oci.nix

@@ -10,5 +10,10 @@
   services.rsshub-oci = {
     enable = true;
     inherit (constants.services.rsshub-oci) port;
+    reverseProxy = {
+      enable = true;
+      subdomain = constants.services.rss-bridge.subdomain;
+      forceSSL = true;
+    };
   };
 }

modules/nixos/rsshub-oci/default.nix

@@ -7,6 +7,9 @@
 
 let
   cfg = config.services.rsshub-oci;
+  domain = config.networking.domain;
+  subdomain = cfg.reverseProxy.subdomain;
+  fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
 
   images = {
     # https://github.com/DIYgod/RSSHub/pkgs/container/rsshub
@@ -58,6 +61,10 @@ let
     optional
     types
     ;
+  inherit (lib.utils)
+    mkReverseProxyOption
+    mkVirtualHost
+    ;
 in
 {
   options.services.rsshub-oci = {
@@ -77,6 +84,7 @@ in
       default = null;
       description = "Environment file for secrets.";
     };
+    reverseProxy = mkReverseProxyOption "RSSHub" "rsshub";
   };
 
   config = mkIf cfg.enable {
@@ -86,6 +94,13 @@ in
       dockerCompat = true;
     };
 
+    services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
+      "${fqdn}" = mkVirtualHost {
+        inherit (cfg) port;
+        ssl = cfg.reverseProxy.forceSSL;
+      };
+    };
+
     networking.firewall.interfaces =
       let
         matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";