update proxy config

2025-10-12 22:24:09 -05:00
parent cae85ef2e6
commit 61e8436dd9
17 changed files with 27 additions and 23 deletions
--- a/modules/homelab/services/arr/bazarr/default.nix
+++ b/modules/homelab/services/arr/bazarr/default.nix
@@ -75,7 +75,7 @@ in
    services.caddy.virtualHosts."${cfg.url}" = {
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        reverse_proxy 127.0.0.1:${toString cfg.port}
      '';
    };

--- a/modules/homelab/services/arr/flaresolverr/default.nix
+++ b/modules/homelab/services/arr/flaresolverr/default.nix
@@ -71,7 +71,7 @@ in
    services.caddy.virtualHosts."${cfg.url}" = {
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        reverse_proxy 127.0.0.1:${toString cfg.port}
      '';
    };
  };
--- a/modules/homelab/services/arr/prowlarr/default.nix
+++ b/modules/homelab/services/arr/prowlarr/default.nix
@@ -77,7 +77,7 @@ in
    services.caddy.virtualHosts."${cfg.url}" = {
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        reverse_proxy 127.0.0.1:${toString cfg.port}
      '';
    };

--- a/modules/homelab/services/arr/radarr/default.nix
+++ b/modules/homelab/services/arr/radarr/default.nix
@@ -80,7 +80,7 @@ in
    services.caddy.virtualHosts."${cfg.url}" = {
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        reverse_proxy 127.0.0.1:${toString cfg.port}
      '';
    };

--- a/modules/homelab/services/arr/sonarr/default.nix
+++ b/modules/homelab/services/arr/sonarr/default.nix
@@ -78,7 +78,7 @@ in
    services.caddy.virtualHosts."${cfg.url}" = {
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        reverse_proxy 127.0.0.1:${toString cfg.port}
      '';
    };

--- a/modules/homelab/services/audiobookshelf/default.nix
+++ b/modules/homelab/services/audiobookshelf/default.nix
@@ -81,12 +81,6 @@ in
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
        reverse_proxy 127.0.0.1:${toString cfg.port} {
-          stream_timeout 24h
-          stream_close_delay 5m
-          transport http {
-            tls
-            tls_insecure_skip_verify
-          }
        }
      '';
    };
--- a/modules/homelab/services/caddy/default.nix
+++ b/modules/homelab/services/caddy/default.nix
@@ -46,7 +46,7 @@ in
      dataDir = cfg.data_dir;
      email = "me@blakedheld.xyz";
      globalConfig = ''
-#        auto_https ignore_loaded_certs
+        auto_https ignore_loaded_certs
      '';
      
      virtualHosts."key.${homelab.public_domain}" = {
--- a/modules/homelab/services/gitea/default.nix
+++ b/modules/homelab/services/gitea/default.nix
@@ -95,8 +95,9 @@ in
    services.caddy.virtualHosts."${cfg.url}" = {
      serverAliases = [ "git.${homelab.public_domain}" ];
      extraConfig = ''
-#        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy localhost:${toString cfg.port} {
+        }
      '';
    };

--- a/modules/homelab/services/glance/default.nix
+++ b/modules/homelab/services/glance/default.nix
@@ -236,7 +236,7 @@ in
 #      serverAliases = [ "${homelab.public_domain}" ];
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        reverse_proxy 127.0.0.1:${toString cfg.port}
      '';
    };

--- a/modules/homelab/services/home/homeassistant/default.nix
+++ b/modules/homelab/services/home/homeassistant/default.nix
@@ -92,7 +92,7 @@ in
      serverAliases = [ "${service}.${homelab.public_domain}" ];
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        reverse_proxy 127.0.0.1:${toString cfg.port}
      '';
    };

--- a/modules/homelab/services/home/zigbee2mqtt/default.nix
+++ b/modules/homelab/services/home/zigbee2mqtt/default.nix
@@ -99,7 +99,7 @@ in
      serverAliases = [ "z2m.${homelab.public_domain}" ];
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        reverse_proxy 127.0.0.1:${toString cfg.port}
      '';
    };

--- a/modules/homelab/services/immich/default.nix
+++ b/modules/homelab/services/immich/default.nix
@@ -80,7 +80,7 @@ in
      serverAliases = [ "photos.${homelab.public_domain}" ];
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        reverse_proxy 127.0.0.1:${toString cfg.port}
      '';
    };

--- a/modules/homelab/services/jellyfin/default.nix
+++ b/modules/homelab/services/jellyfin/default.nix
@@ -76,7 +76,7 @@ in
      serverAliases = [ "media.${homelab.public_domain}" ];
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        reverse_proxy 127.0.0.1:${toString cfg.port}
      '';
    };

--- a/modules/homelab/services/qbittorrent/default.nix
+++ b/modules/homelab/services/qbittorrent/default.nix
@@ -113,7 +113,7 @@ in
    services.caddy.virtualHosts."${cfg.url}" = {
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        reverse_proxy 127.0.0.1:${toString cfg.port}
      '';
    };

--- a/modules/homelab/services/uptime-kuma/default.nix
+++ b/modules/homelab/services/uptime-kuma/default.nix
@@ -76,7 +76,7 @@ in
    services.caddy.virtualHosts."${cfg.url}" = {
      extraConfig = ''
        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        reverse_proxy 127.0.0.1:${toString cfg.port}
      '';
    };

--- a/modules/homelab/services/vaultwarden/default.nix
+++ b/modules/homelab/services/vaultwarden/default.nix
@@ -89,7 +89,7 @@ in
      serverAliases = [ "pass.${homelab.public_domain}" ];
      extraConfig = ''
        tls /etc/ssl/blakedheld.xyz.crt /etc/ssl/blakedheld.xyz.key
-        reverse_proxy http://127.0.0.1:${toString cfg.port}
+        reverse_proxy 127.0.0.1:${toString cfg.port}
      '';
    };

--- a/modules/homelab/services/yacreader/default.nix
+++ b/modules/homelab/services/yacreader/default.nix
@@ -79,13 +79,22 @@ in
    # open firewall
    networking.firewall.allowedTCPPorts = [ cfg.port ];

+    # add to caddy for reverse proxy
+    services.caddy.virtualHosts."${cfg.url}" = {
+      extraConfig = ''
+        tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
+        reverse_proxy 127.0.0.1:${toString cfg.port} {
+        }
+      '';
+    };
+
   # add to glance local service
    modules.services.glance.links.mediastack = [{
      title = service;
      url = "https://${cfg.url}";
      error-url = "http://${homelab.host_ip}:${toString cfg.port}";
      check-url = "http://${homelab.host_ip}:${toString cfg.port}";
-      icon = "di:${service}"; }];
+      icon = "di:yac-reader"; }];

 #    sops.secrets = {
 #      "${service}_" = {