nginx: remove caddy configs

system/podman/memos.nix

@@ -13,10 +13,6 @@ let
 in
 {
   config = mkIf (podman.enable && podman.${name}.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:5230
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;

system/podman/minecraft.nix

@@ -29,29 +29,6 @@ let
 in
 {
   config = mkIf (podman.enable && podman.${name}.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = # html
-      ''
-        header Content-Type text/html
-        respond <<EOF
-            <!DOCTYPE html>
-            <html>
-                <head>
-                  <title>Minecraft Server</title>
-                </head>
-                <body>
-                  <h1>Congrats! The minecraft server should be up!</h1>
-                  <h2>
-                    This server is invitation only.
-                    Please contact the server owner for more info.
-                  </h2>
-                  <p>Server Address: <b>${domain}</b></p>
-                  <p>Bedrock Server Port: <b>19132</b></p>
-                  <p>Java Server Port: <b>25565</b></p>
-                </body>
-            </html>
-            EOF 200 
-      '';
-
     # Minecraft only autoupdates at startup
     #
     # To keep up with the update, restart the server at 4am everyday.

system/podman/morphos.nix

@@ -12,10 +12,6 @@ let
 in
 {
   config = mkIf (podman.enable && podman.${name}.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:8080
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;

system/podman/openobserve.nix

@@ -13,9 +13,14 @@ let
 in
 {
   config = mkIf (podman.enable && podman.${name}.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:5080
-    '';
+    services.nginx.virtualHosts.${domain} = {
+      useACMEHost = "tigor.web.id";
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://${ip}:5080";
+        proxyWebsockets = true;
+      };
+    };
 
     system.activationScripts."podman-${name}" = ''
       mkdir -p ${rootVolume}/data

system/podman/pihole.nix

@@ -11,12 +11,6 @@ let
 in
 {
   config = mkIf (podman.enable && pihole.enable) {
-    services.caddy.virtualHosts."pihole.tigor.web.id".extraConfig = ''
-      @root path /
-      redir @root /admin
-      reverse_proxy ${ip}:80
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;
@@ -56,7 +50,7 @@ in
       # 192.168.100.5 {domain_name_1}
       # 192.168.100.5 {domain_name_2}
       #
-      # For each domain defined in services.caddy.virtualHosts
+      # For each domain defined in services.nginx.virtualHosts
       text =
         let
           inherit (lib) strings attrsets;

system/podman/qbittorrent.nix

@@ -20,10 +20,6 @@ let
 in
 lib.mkMerge [
   (mkIf (podman.enable && qbittorrent.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:8080
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;

system/podman/redmage-demo.nix

@@ -13,10 +13,6 @@ let
 in
 {
   config = mkIf (podman.enable && podman.${name}.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:8080
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;

system/podman/redmage.nix

@@ -13,17 +13,6 @@ let
 in
 {
   config = mkIf (podman.enable && podman.${name}.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      @botForbidden header_regexp User-Agent "(?i)AdsBot-Google|Amazonbot|anthropic-ai|Applebot|Applebot-Extended|AwarioRssBot|AwarioSmartBot|Bytespider|CCBot|ChatGPT|ChatGPT-User|Claude-Web|ClaudeBot|cohere-ai|DataForSeoBot|Diffbot|FacebookBot|Google-Extended|GPTBot|ImagesiftBot|magpie-crawler|omgili|Omgilibot|peer39_crawler|PerplexityBot|YouBot"
-
-      handle @botForbidden {
-        respond /* "Access Denied" 403 {
-            close
-        }
-      }
-      reverse_proxy ${ip}:8080
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;

system/podman/servarr/bazarr.nix

@@ -16,15 +16,12 @@ let
 in
 {
   config = mkIf (podman.enable && bazarr.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:6767
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;
       locations."/" = {
         proxyPass = "http://${ip}:6767";
+        proxyWebsockets = true;
       };
     };
 

system/podman/servarr/prowlarr.nix

@@ -18,15 +18,12 @@ let
 in
 {
   config = mkIf (podman.enable && prowlarr.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:9696
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;
       locations."/" = {
         proxyPass = "http://${ip}:9696";
+        proxyWebsockets = true;
       };
     };
 

system/podman/servarr/qbittorrent.nix

@@ -16,10 +16,6 @@ let
 in
 {
   config = mkIf (podman.enable && qbittorrent.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:8080
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;

system/podman/servarr/radarr.nix

@@ -16,10 +16,6 @@ let
 in
 {
   config = mkIf (podman.enable && radarr.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:7878
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;

system/podman/servarr/rdtclient.nix

@@ -16,10 +16,6 @@ let
 in
 {
   config = mkIf (podman.enable && cfg.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:6500
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;

system/podman/servarr/real-debrid-manager.nix

@@ -17,10 +17,6 @@ let
 in
 {
   config = mkIf (podman.enable && real-debrid-manager.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:5000
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;

system/podman/servarr/sonarr.nix

@@ -20,10 +20,6 @@ let
 in
 {
   config = mkIf (podman.enable && sonarr.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:8989
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;
@@ -38,10 +34,6 @@ in
       domain-anime
     ];
 
-    services.caddy.virtualHosts.${domain-anime}.extraConfig = ''
-      reverse_proxy ${ip-anime}:8989
-    '';
-
     services.nginx.virtualHosts.${domain-anime} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;

system/podman/suwayomi.nix

@@ -17,15 +17,12 @@ let
 in
 {
   config = mkIf (podman.enable && suwayomi.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:4567
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;
       locations."/" = {
         proxyPass = "http://${ip}:4567";
+        proxyWebsockets = true;
       };
     };
 

system/podman/valheim.nix

@@ -15,10 +15,6 @@ let
 in
 lib.mkMerge [
   (mkIf (podman.${name}.enable) {
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy ${ip}:80
-    '';
-
     sops =
       let
         opts = {
@@ -117,6 +113,6 @@ lib.mkMerge [
     #   };
     # };
   })
-  { profile.services.ntfy-sh.client.settings.subscribe = [{ topic = "valheim"; }]; }
+  { profile.services.ntfy-sh.client.settings.subscribe = [ { topic = "valheim"; } ]; }
   # { profile.services.ntfy-sh.client.settings.subscribe = [{ topic = "valheim-hutasuhut"; }]; }
 ]

system/podman/ytptube.nix

@@ -76,15 +76,6 @@ lib.mkMerge [
       domain
     ];
 
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      @require_auth not remote_ip private_ranges 
-
-      basic_auth @require_auth {
-        {$AUTH_USERNAME} {$AUTH_PASSWORD}
-      }
-
-      reverse_proxy ${ip}:8081
-    '';
     system.activationScripts."podman-${name}" = ''
       mkdir -p ${volume}
       chown -R ${uid}:${gid} ${volume} /etc/podman/${name}

system/services/cockpit.nix

@@ -20,19 +20,16 @@ in
       locations."/" = {
         proxyPass = "http://0.0.0.0:9090";
         proxyWebsockets = true;
+        extraConfig = ''
+          if ($auth_ip != off) {
+              return 403;
+          }
+        '';
       };
     };
 
     security.acme.certs."tigor.web.id".extraDomainNames = [ "cockpit.tigor.web.id" ];
 
-    services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = # caddyfile
-      ''
-        @denied not remote_ip private_ranges
-
-        respond @denied "Access denied" 403
-
-        reverse_proxy 0.0.0.0:9090
-      '';
     services.udisks2.enable = true;
     services.cockpit = {
       enable = true;

system/services/couchdb.nix

@@ -52,20 +52,7 @@ in
       };
     };
 
-    services.caddy.virtualHosts."couchdb.tigor.web.id".extraConfig = ''
-      @obsidian header Origin "app://obsidian.md"
-      header @obsidian {
-        Access-Control-Allow-Origin "app://obsidian.md"
-        Access-Control-Allow-Methods "OPTIONS,HEAD,GET,POST,PUT,PATCH,DELETE"
-        Access-Control-Allow-Credentials "true"
-        Access-Control-Allow-Headers "Authorization,Content-Type"
-        defer
-      }
-      @options method OPTIONS
-      respond @options 204
-
-      reverse_proxy localhost:5984
-    '';
+    # Have to NGINX module if this gets re-enabled
 
     services.couchdb = {
       enable = true;

system/services/jellyfin.nix

@@ -21,7 +21,14 @@ in
       forceSSL = true;
       locations = {
         "= /metrics" = {
-          return = "403";
+          proxyPass = "http://0.0.0.0:8096";
+          extraConfig =
+            #nginx
+            ''
+              if ($auth_ip != off) {
+                  return 403;
+              }
+            '';
         };
         "/" = {
           proxyPass = "http://0.0.0.0:8096";
@@ -35,35 +42,6 @@ in
       domain-jellyseerr
     ];
 
-    services.caddy.virtualHosts."${domain}".extraConfig = ''
-      @public not remote_ip private_ranges
-
-      handle_path /metrics {
-        header @public Content-Type text/html
-        respond @public <<HTML
-            <!DOCTYPE html>
-            <html>
-                <head>
-                    <title>Access Denied</title>
-                </head>
-                <body>
-                    <h1>Access Denied</h1>
-                </body>
-            </html>
-            HTML 403
-        reverse_proxy 0.0.0.0:8096
-      }
-
-      handle {
-        reverse_proxy 0.0.0.0:8096
-      }
-    '';
-    services.caddy.virtualHosts."${domain-jellyseerr}" = mkIf cfg.jellyseerr.enable {
-      extraConfig = ''
-        reverse_proxy 0.0.0.0:5055
-      '';
-    };
-
     services.nginx.virtualHosts."${domain-jellyseerr}" = mkIf cfg.jellyseerr.enable {
       useACMEHost = "tigor.web.id";
       forceSSL = true;

system/services/kavita.nix

@@ -20,9 +20,6 @@ in
       owner = "kavita";
       sopsFile = ../../secrets/kavita.yaml;
     };
-    services.caddy.virtualHosts."kavita.tigor.web.id".extraConfig = ''
-      reverse_proxy 0.0.0.0:${toString config.services.kavita.settings.Port}
-    '';
 
     services.nginx.virtualHosts."kavita.tigor.web.id" = {
       useACMEHost = "tigor.web.id";

system/services/navidrome.nix

@@ -6,10 +6,6 @@ let
 in
 {
   config = mkIf cfg.enable {
-    services.caddy.virtualHosts."navidrome.tigor.web.id".extraConfig = ''
-      reverse_proxy 0.0.0.0:${toString config.services.navidrome.settings.Port}
-    '';
-
     services.nginx.virtualHosts."navidrome.tigor.web.id" = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;

system/services/photoprism.nix

@@ -17,10 +17,6 @@ in
 
     users.groups.${user.name}.members = [ "photoprism" ];
 
-    services.caddy.virtualHosts.${domain}.extraConfig = ''
-      reverse_proxy 0.0.0.0:${toString config.services.photoprism.port}
-    '';
-
     services.nginx.virtualHosts.${domain} = {
       useACMEHost = "tigor.web.id";
       forceSSL = true;
@@ -44,10 +40,9 @@ in
       passwordFile = config.sops.secrets."photoprism/admin_password".path;
       settings = {
         PHOTOPRISM_ADMIN_USER = "hutasuhut";
-        PHOTOPRISM_INDEX_SCHEDULE = "0 */6 * * *";
+        PHOTOPRISM_INDEX_SCHEDULE = "0 3 * * *";
         PHOTOPRISM_DEFAULT_TIMEZONE = "Asia/Jakarta";
         PHOTOPRISM_SITE_AUTHOR = "Tigor Hutasuhut";
-
         PHOTOPRISM_FACE_CLUSTER_CORE = "3";
       };
     };

system/services/syncthing.nix

@@ -13,9 +13,6 @@ in
       mkdir -p ${dataDir}
       chown ${uid}:${gid} ${dataDir}
     '';
-    services.caddy.virtualHosts."syncthing.tigor.web.id".extraConfig = ''
-      reverse_proxy 0.0.0.0:8384
-    '';
 
     services.nginx.virtualHosts."syncthing.tigor.web.id" = {
       useACMEHost = "tigor.web.id";