hosts/rx4/services/default.nix

@@ -18,8 +18,6 @@
     ./nginx.nix
     ./open-webui-oci.nix
     ./print-server.nix
-    ./rss-bridge.nix
-    ./rsshub-oci.nix
     ./vaultwarden.nix
 
     # ./alditalk-extender.nix # FIXME

hosts/sid/services/default.nix

@@ -17,6 +17,8 @@
     ./netdata.nix
     ./nginx.nix
     ./radicale.nix
+    ./rss-bridge.nix
+    ./rsshub-oci.nix
     ./step-ca.nix
   ];
 }

hosts/sid/services/rss-bridge.nix

@@ -8,7 +8,7 @@
     reverseProxy = {
       enable = true;
       subdomain = constants.services.rss-bridge.subdomain;
-      forceSSL = false;
+      forceSSL = true;
     };
   };
 }

hosts/sid/services/rsshub-oci.nix

@@ -10,5 +10,10 @@
   services.rsshub-oci = {
     enable = true;
     inherit (constants.services.rsshub-oci) port;
+    reverseProxy = {
+      enable = true;
+      subdomain = constants.services.rss-bridge.subdomain;
+      forceSSL = true;
+    };
   };
 }

modules/nixos/rsshub-oci/default.nix

@@ -7,6 +7,9 @@
 
 let
   cfg = config.services.rsshub-oci;
+  domain = config.networking.domain;
+  subdomain = cfg.reverseProxy.subdomain;
+  fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain;
 
   images = {
     # https://github.com/DIYgod/RSSHub/pkgs/container/rsshub
@@ -58,6 +61,10 @@ let
     optional
     types
     ;
+  inherit (lib.utils)
+    mkReverseProxyOption
+    mkVirtualHost
+    ;
 in
 {
   options.services.rsshub-oci = {
@@ -77,6 +84,7 @@ in
       default = null;
       description = "Environment file for secrets.";
     };
+    reverseProxy = mkReverseProxyOption "RSSHub" "rsshub";
   };
 
   config = mkIf cfg.enable {
@@ -86,6 +94,13 @@ in
       dockerCompat = true;
     };
 
+    services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable {
+      "${fqdn}" = mkVirtualHost {
+        port = cfg.config.PORT;
+        ssl = cfg.reverseProxy.forceSSL;
+      };
+    };
+
     networking.firewall.interfaces =
       let
         matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";