From 00ab2ae68c3b866ebf5c92867f42a8527011c3f1 Mon Sep 17 00:00:00 2001
From: blake <me@blakedheld.xyz>
Date: Sun, 12 Oct 2025 11:58:20 -0500
Subject: [PATCH] 349 current  2025-10-12 11:50:40  25.05.20251006.20c4598 
 6.12.50                          *

---
 flake.nix                                        |  2 +-
 modules/homelab/services/arr/bazarr/default.nix  |  8 ++++++++
 .../services/arr/flaresolverr/default.nix        |  8 ++++++++
 .../homelab/services/arr/prowlarr/default.nix    |  8 ++++++++
 modules/homelab/services/arr/radarr/default.nix  |  8 ++++++++
 modules/homelab/services/arr/sonarr/default.nix  |  2 +-
 .../homelab/services/audiobookshelf/default.nix  | 16 ++++++++--------
 modules/homelab/services/gitea/default.nix       |  8 ++++++++
 modules/homelab/services/glance/default.nix      |  8 ++++++++
 .../services/home/homeassistant/default.nix      |  9 +++++++++
 .../services/home/zigbee2mqtt/default.nix        |  8 ++++++++
 modules/homelab/services/immich/default.nix      |  8 ++++++++
 modules/homelab/services/jellyfin/default.nix    |  8 ++++++++
 modules/homelab/services/qbittorrent/default.nix |  8 ++++++++
 modules/homelab/services/uptime-kuma/default.nix |  8 ++++++++
 modules/homelab/services/vaultwarden/default.nix |  9 +++++++++
 16 files changed, 116 insertions(+), 10 deletions(-)

diff --git a/flake.nix b/flake.nix
index ceaf6ba..34a19af 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,6 +1,6 @@
 # flake for blakes nixos config
 # define new devices in outputs
-# generation: 348 current  2025-10-12 11:49:03  25.05.20251006.20c4598  6.12.50                          *
+# generation: 349 current  2025-10-12 11:50:40  25.05.20251006.20c4598  6.12.50                          *
 {
   description = "blakes nix config";
   inputs = {
diff --git a/modules/homelab/services/arr/bazarr/default.nix b/modules/homelab/services/arr/bazarr/default.nix
index 79dd751..28dfb64 100644
--- a/modules/homelab/services/arr/bazarr/default.nix
+++ b/modules/homelab/services/arr/bazarr/default.nix
@@ -81,6 +81,14 @@ in
       };
     };
 
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
+
     # add to glance
     modules.services.glance.links.mediastack = [{ 
       title = service; 
diff --git a/modules/homelab/services/arr/flaresolverr/default.nix b/modules/homelab/services/arr/flaresolverr/default.nix
index 806cbfb..ca0c505 100644
--- a/modules/homelab/services/arr/flaresolverr/default.nix
+++ b/modules/homelab/services/arr/flaresolverr/default.nix
@@ -76,5 +76,13 @@ in
         proxyPass = "http://127.0.0.1:${toString cfg.port}";
       };
     };
+
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
   };
 }
diff --git a/modules/homelab/services/arr/prowlarr/default.nix b/modules/homelab/services/arr/prowlarr/default.nix
index 23248be..17b2d3e 100644
--- a/modules/homelab/services/arr/prowlarr/default.nix
+++ b/modules/homelab/services/arr/prowlarr/default.nix
@@ -83,6 +83,14 @@ in
       };
     };
 
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
+
     # add to glance
     modules.services.glance.links.mediastack = [{ 
       title = service; 
diff --git a/modules/homelab/services/arr/radarr/default.nix b/modules/homelab/services/arr/radarr/default.nix
index a87e625..c103b12 100644
--- a/modules/homelab/services/arr/radarr/default.nix
+++ b/modules/homelab/services/arr/radarr/default.nix
@@ -86,6 +86,14 @@ in
       };
     };
 
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
+
     # add to glance
     modules.services.glance.links.mediastack = [{ 
       title = service; 
diff --git a/modules/homelab/services/arr/sonarr/default.nix b/modules/homelab/services/arr/sonarr/default.nix
index 3269f98..4894db8 100644
--- a/modules/homelab/services/arr/sonarr/default.nix
+++ b/modules/homelab/services/arr/sonarr/default.nix
@@ -84,7 +84,7 @@ in
       };
     };
 
-    services.caddy.virtualHosts."sonarr.blakedheld.xyz" = {
+    services.caddy.virtualHosts."${cfg.url}" = {
       extraConfig = ''
         tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
         reverse_proxy http://127.0.0.1:${toString cfg.port}
diff --git a/modules/homelab/services/audiobookshelf/default.nix b/modules/homelab/services/audiobookshelf/default.nix
index 01c4999..43d5b96 100644
--- a/modules/homelab/services/audiobookshelf/default.nix
+++ b/modules/homelab/services/audiobookshelf/default.nix
@@ -104,6 +104,14 @@ in
       };
     };
 
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
+
     # add to glance public service
     modules.services.glance.links.mediastack = [{
       title = service;
@@ -112,14 +120,6 @@ in
       check-url = "http://${homelab.host_ip}:${toString cfg.port}";
       icon = "di:${service}"; }];
 
-#
-#    sops.secrets = {
-#      "${service}_" = {
-#        owner = "${service}";
-#        group = "${service}";
-#      };
-#    };
-
     # add to backups
     modules.system.backups.baks = {
       ${service} = { paths = [ cfg.data_dir ]; };
diff --git a/modules/homelab/services/gitea/default.nix b/modules/homelab/services/gitea/default.nix
index 5e20c31..4d0236a 100644
--- a/modules/homelab/services/gitea/default.nix
+++ b/modules/homelab/services/gitea/default.nix
@@ -127,6 +127,14 @@ in
       };
     };
 
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
+
     # add to glance
     modules.services.glance.links.services = [{
       title = service;
diff --git a/modules/homelab/services/glance/default.nix b/modules/homelab/services/glance/default.nix
index dc5f6d0..538238e 100644
--- a/modules/homelab/services/glance/default.nix
+++ b/modules/homelab/services/glance/default.nix
@@ -249,6 +249,14 @@ in
 #      };
 #    };
 
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
+
     # add to backups
     modules.system.backups.baks = {
       ${service} = { paths = [ cfg.data_dir ]; };
diff --git a/modules/homelab/services/home/homeassistant/default.nix b/modules/homelab/services/home/homeassistant/default.nix
index c4b5680..1d3a0d6 100644
--- a/modules/homelab/services/home/homeassistant/default.nix
+++ b/modules/homelab/services/home/homeassistant/default.nix
@@ -120,6 +120,15 @@ in
       };
     };
 
+
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
+
     # add to glance
     modules.services.glance.links.services = [{
       title = "home assistant";
diff --git a/modules/homelab/services/home/zigbee2mqtt/default.nix b/modules/homelab/services/home/zigbee2mqtt/default.nix
index f036004..d7101a3 100644
--- a/modules/homelab/services/home/zigbee2mqtt/default.nix
+++ b/modules/homelab/services/home/zigbee2mqtt/default.nix
@@ -121,6 +121,14 @@ in
       };
     };
 
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
+
     # add to glance
     modules.services.glance.links.services = [{
       title = service;
diff --git a/modules/homelab/services/immich/default.nix b/modules/homelab/services/immich/default.nix
index 13182cc..b0e53ee 100644
--- a/modules/homelab/services/immich/default.nix
+++ b/modules/homelab/services/immich/default.nix
@@ -96,6 +96,14 @@ in
       };
     };
 
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
+
     # add to glance
     modules.services.glance.links.services = [{
       title = service;
diff --git a/modules/homelab/services/jellyfin/default.nix b/modules/homelab/services/jellyfin/default.nix
index ce35d49..168f0bd 100644
--- a/modules/homelab/services/jellyfin/default.nix
+++ b/modules/homelab/services/jellyfin/default.nix
@@ -90,6 +90,14 @@ in
       };
     };
 
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
+
     # add to glance
     modules.services.glance.links.mediastack = [{
       title = service;
diff --git a/modules/homelab/services/qbittorrent/default.nix b/modules/homelab/services/qbittorrent/default.nix
index c0e7552..922828d 100644
--- a/modules/homelab/services/qbittorrent/default.nix
+++ b/modules/homelab/services/qbittorrent/default.nix
@@ -119,6 +119,14 @@ in
       };
     };
 
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
+
     # add to glance
     modules.services.glance.links.mediastack = [{
       title = service;
diff --git a/modules/homelab/services/uptime-kuma/default.nix b/modules/homelab/services/uptime-kuma/default.nix
index c96363d..e1dfe5c 100644
--- a/modules/homelab/services/uptime-kuma/default.nix
+++ b/modules/homelab/services/uptime-kuma/default.nix
@@ -93,6 +93,14 @@ in
 #      };
 #    };
 
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
+
     # add to glance
     modules.services.glance.links.system = [{
       title = service;
diff --git a/modules/homelab/services/vaultwarden/default.nix b/modules/homelab/services/vaultwarden/default.nix
index e34c6de..6733136 100644
--- a/modules/homelab/services/vaultwarden/default.nix
+++ b/modules/homelab/services/vaultwarden/default.nix
@@ -103,6 +103,15 @@ in
       };
     };
 
+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      serverAliases = [ "pass.blakedheld.xyz" ];
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy http://127.0.0.1:${toString cfg.port}
+      '';
+    };
+
     # add to glance
     modules.services.glance.links.services = [{
       title = service;