From 43244fd37060ff7f0db15a8af752dfab4b719581 Mon Sep 17 00:00:00 2001
From: sid <sid@sid.ovh>
Date: Tue, 5 May 2026 19:05:06 +0200
Subject: [PATCH 1/3] move rss services to sid

---
 hosts/rx4/services/default.nix             |  2 --
 hosts/sid/services/default.nix             |  2 ++
 hosts/{rx4 => sid}/services/rss-bridge.nix |  2 +-
 hosts/{rx4 => sid}/services/rsshub-oci.nix |  5 +++++
 modules/nixos/rsshub-oci/default.nix       | 15 +++++++++++++++
 5 files changed, 23 insertions(+), 3 deletions(-)
 rename hosts/{rx4 => sid}/services/rss-bridge.nix (91%)
 rename hosts/{rx4 => sid}/services/rsshub-oci.nix (59%)

diff --git a/hosts/rx4/services/default.nix b/hosts/rx4/services/default.nix
index 385a957..71ead6d 100644
--- a/hosts/rx4/services/default.nix
+++ b/hosts/rx4/services/default.nix
@@ -18,8 +18,6 @@
     ./nginx.nix
     ./open-webui-oci.nix
     ./print-server.nix
-    ./rss-bridge.nix
-    ./rsshub-oci.nix
     ./vaultwarden.nix
 
     # ./alditalk-extender.nix # FIXME
diff --git a/hosts/sid/services/default.nix b/hosts/sid/services/default.nix
index c753168..caf4d05 100644
--- a/hosts/sid/services/default.nix
+++ b/hosts/sid/services/default.nix
@@ -17,6 +17,8 @@
     ./netdata.nix
     ./nginx.nix
     ./radicale.nix
+    ./rss-bridge.nix
+    ./rsshub-oci.nix
     ./step-ca.nix
   ];
 }
diff --git a/hosts/rx4/services/rss-bridge.nix b/hosts/sid/services/rss-bridge.nix
similarity index 91%
rename from hosts/rx4/services/rss-bridge.nix
rename to hosts/sid/services/rss-bridge.nix
index d3bd6a3..addd2fe 100644
--- a/hosts/rx4/services/rss-bridge.nix
+++ b/hosts/sid/services/rss-bridge.nix
@@ -8,7 +8,7 @@
     reverseProxy = {
       enable = true;
       subdomain = constants.services.rss-bridge.subdomain;
-      forceSSL = false;
+      forceSSL = true;
     };
   };
 }
diff --git a/hosts/rx4/services/rsshub-oci.nix b/hosts/sid/services/rsshub-oci.nix
similarity index 59%
rename from hosts/rx4/services/rsshub-oci.nix
rename to hosts/sid/services/rsshub-oci.nix
index 1a1e0dd..5229a31 100644
--- a/hosts/rx4/services/rsshub-oci.nix
+++ b/hosts/sid/services/rsshub-oci.nix
@@ -10,5 +10,10 @@
   services.rsshub-oci = {
     enable = true;
     inherit (constants.services.rsshub-oci) port;
+    reverseProxy = {
+      enable = true;
+      subdomain = constants.services.rss-bridge.subdomain;
+      forceSSL = true;
+    };
   };
 }
diff --git a/modules/nixos/rsshub-oci/default.nix b/modules/nixos/rsshub-oci/default.nix
index 2f3eb4b..730020a 100644
--- a/modules/nixos/rsshub-oci/default.nix
+++ b/modules/nixos/rsshub-oci/default.nix
@@ -7,6 +7,9 @@
 
 let
   cfg = config.services.rsshub-oci;
+  domain = config.networking.domain;
+  subdomain = cfg.reverseProxy.subdomain;
+  fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
 
   images = {
     # https://github.com/DIYgod/RSSHub/pkgs/container/rsshub
@@ -58,6 +61,10 @@ let
     optional
     types
     ;
+  inherit (lib.utils)
+    mkReverseProxyOption
+    mkVirtualHost
+    ;
 in
 {
   options.services.rsshub-oci = {
@@ -77,6 +84,7 @@ in
       default = null;
       description = "Environment file for secrets.";
     };
+    reverseProxy = mkReverseProxyOption "RSSHub" "rsshub";
   };
 
   config = mkIf cfg.enable {
@@ -86,6 +94,13 @@ in
       dockerCompat = true;
     };
 
+    services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
+      "${fqdn}" = mkVirtualHost {
+        port = cfg.config.PORT;
+        ssl = cfg.reverseProxy.forceSSL;
+      };
+    };
+
     networking.firewall.interfaces =
       let
         matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";
-- 
2.51.2


From da1e8d80ecf458fed8ff309bbea4df851f38eebb Mon Sep 17 00:00:00 2001
From: sid <sid@sid.ovh>
Date: Tue, 5 May 2026 19:31:56 +0200
Subject: [PATCH 2/3] removed double vhost on sid

---
 hosts/sid/services/nginx.nix | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/hosts/sid/services/nginx.nix b/hosts/sid/services/nginx.nix
index d1cd949..7a9cff7 100644
--- a/hosts/sid/services/nginx.nix
+++ b/hosts/sid/services/nginx.nix
@@ -77,18 +77,6 @@ in
         error_log /var/log/nginx/open-webui-error.log debug;
       '';
     };
-    virtualHosts."${constants.services.rss-bridge.fqdn}" = {
-      enableACME = ssl;
-      forceSSL = ssl;
-      locations."/" = {
-        proxyPass = "http://${constants.hosts.rx4.ip}";
-      };
-    };
-    virtualHosts."${constants.services.rsshub-oci.fqdn}" = mkVirtualHost {
-      inherit ssl;
-      address = constants.hosts.rx4.ip;
-      port = constants.services.rsshub-oci.port;
-    };
     virtualHosts."${constants.services.vaultwarden.fqdn}" = {
       useACMEHost = "sid-internal";
       forceSSL = ssl;
-- 
2.51.2


From f1d652f370c9a5bcaf98972a9ce3b0d104e5ba66 Mon Sep 17 00:00:00 2001
From: sid <sid@sid.ovh>
Date: Tue, 5 May 2026 20:13:49 +0200
Subject: [PATCH 3/3] corrected port

---
 modules/nixos/rsshub-oci/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos/rsshub-oci/default.nix b/modules/nixos/rsshub-oci/default.nix
index 730020a..5f5bf98 100644
--- a/modules/nixos/rsshub-oci/default.nix
+++ b/modules/nixos/rsshub-oci/default.nix
@@ -96,7 +96,7 @@ in
 
     services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
       "${fqdn}" = mkVirtualHost {
-        port = cfg.config.PORT;
+        inherit (cfg) port;
         ssl = cfg.reverseProxy.forceSSL;
       };
     };
-- 
2.51.2