hosts/rx4/services/default.nix

@@ -18,6 +18,8 @@
     ./nginx.nix
     ./open-webui-oci.nix
     ./print-server.nix
+    ./rss-bridge.nix
+    ./rsshub-oci.nix
     ./vaultwarden.nix
 
     # ./alditalk-extender.nix # FIXME

hosts/rx4/services/rss-bridge.nix

@@ -8,7 +8,7 @@
     reverseProxy = {
       enable = true;
       subdomain = constants.services.rss-bridge.subdomain;
-      forceSSL = true;
+      forceSSL = false;
     };
   };
 }

hosts/rx4/services/rsshub-oci.nix

@@ -10,10 +10,5 @@
   services.rsshub-oci = {
     enable = true;
     inherit (constants.services.rsshub-oci) port;
-    reverseProxy = {
-      enable = true;
-      subdomain = constants.services.rss-bridge.subdomain;
-      forceSSL = true;
-    };
   };
 }

hosts/sid/services/default.nix

@@ -17,8 +17,6 @@
     ./netdata.nix
     ./nginx.nix
     ./radicale.nix
-    ./rss-bridge.nix
-    ./rsshub-oci.nix
     ./step-ca.nix
   ];
 }

hosts/sid/services/nginx.nix

@@ -77,6 +77,18 @@ in
         error_log /var/log/nginx/open-webui-error.log debug;
       '';
     };
+    virtualHosts."${constants.services.rss-bridge.fqdn}" = {
+      enableACME = ssl;
+      forceSSL = ssl;
+      locations."/" = {
+        proxyPass = "http://${constants.hosts.rx4.ip}";
+      };
+    };
+    virtualHosts."${constants.services.rsshub-oci.fqdn}" = mkVirtualHost {
+      inherit ssl;
+      address = constants.hosts.rx4.ip;
+      port = constants.services.rsshub-oci.port;
+    };
     virtualHosts."${constants.services.vaultwarden.fqdn}" = {
       useACMEHost = "sid-internal";
       forceSSL = ssl;

modules/nixos/rsshub-oci/default.nix

@@ -7,9 +7,6 @@
 
 let
   cfg = config.services.rsshub-oci;
-  domain = config.networking.domain;
-  subdomain = cfg.reverseProxy.subdomain;
-  fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
 
   images = {
     # https://github.com/DIYgod/RSSHub/pkgs/container/rsshub
@@ -61,10 +58,6 @@ let
     optional
     types
     ;
-  inherit (lib.utils)
-    mkReverseProxyOption
-    mkVirtualHost
-    ;
 in
 {
   options.services.rsshub-oci = {
@@ -84,7 +77,6 @@ in
       default = null;
       description = "Environment file for secrets.";
     };
-    reverseProxy = mkReverseProxyOption "RSSHub" "rsshub";
   };
 
   config = mkIf cfg.enable {
@@ -94,13 +86,6 @@ in
       dockerCompat = true;
     };
 
-    services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
-      "${fqdn}" = mkVirtualHost {
-        inherit (cfg) port;
-        ssl = cfg.reverseProxy.forceSSL;
-      };
-    };
-
     networking.firewall.interfaces =
       let
         matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";