From 4cfde30c7458e7bfa907092ba4e963bb779129c5 Mon Sep 17 00:00:00 2001
From: NullBite <me@nullbite.com>
Date: Sat, 29 Jun 2024 16:56:18 -0400
Subject: [PATCH] rpi4: reverse proxy basic auth services

---
 hosts/rpi4/services.nix | 52 ++++++++++++++++++++++++++++++++++-------
 1 file changed, 43 insertions(+), 9 deletions(-)

diff --git a/hosts/rpi4/services.nix b/hosts/rpi4/services.nix
index b3d941f..849729d 100644
--- a/hosts/rpi4/services.nix
+++ b/hosts/rpi4/services.nix
@@ -66,14 +66,35 @@
       '';
 
       virtualHosts = let
-        mkReverseProxy = port: {
-          useACMEHost = "protogen.io";
-          forceSSL = true;
-          locations."/" = {
-            proxyPass = "http://127.0.0.1:${builtins.toString port}";
-            proxyWebsockets = true;
-          };
-        };
+        useACMEHost = "protogen.io";
+        mkProxy = args@{ upstream ? "http://127.0.0.1:${builtins.toString args.port}", auth ? false, extraConfig ? {}, ... }:
+        lib.mkMerge [
+          {
+            inherit useACMEHost;
+            forceSSL = true;
+            locations."/" = {
+              proxyPass = upstream;
+              proxyWebsockets = true;
+            };
+          }
+          (lib.mkIf auth {
+            basicAuthFile = config.age.secrets.htpasswd.path;
+          })
+          extraConfig
+        ];
+
+        # mkReverseProxy = port: {
+        #   inherit useACMEHost;
+        #   forceSSL = true;
+        #   locations."/" = {
+        #     proxyPass = "http://127.0.0.1:${builtins.toString port}";
+        #     proxyWebsockets = true;
+        #   };
+        # };
+
+        mkAuthProxy = port: mkProxy { inherit port; auth = true; };
+
+        mkReverseProxy = port: mkProxy { inherit port; };
       in {
         # TODO change all these with a vim macro when i learn how to extend submodules
         "changedetection.protogen.io" = mkReverseProxy 5000;
@@ -84,15 +105,28 @@
         "hass.protogen.io" = mkReverseProxy 8123;
         "node.protogen.io" = mkReverseProxy 1880;
         # z2m auth 8124
+        "z2m.protogen.io" = mkAuthProxy 8124;
         "room.protogen.io" = mkReverseProxy 8096;
-        # deemix auth 8096
+        "deemix.protogen.io" = mkAuthProxy 6595;
         # libreddit auth 8087
+        "libreddit.protogen.io" = mkAuthProxy 8087;
         "rss.protogen.io" = mkReverseProxy 8082;
         "blahaj.protogen.io" = mkReverseProxy 8086;
         # octoprint (proxy_addr is 10.10.1.8)
+        "print.protogen.io" = mkProxy { auth = true; upstream = "http://10.10.1.8:80"; };
         # searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml)
+        "searx.protogen.io" = let
+          port = 8088;
+        in mkProxy { auth = true; inherit port; extraConfig = {
+          locations = lib.genAttrs [ "/favicon.ico" "/autocompleter" "/opensearch.xml" ] (attr: {
+            basicAuthFile = lib.mkForce null;
+            basicAuth = lib.mkForce { };
+          });
+        };};
         # nbt.sh alias proot.link 8090
+        "nbt.sh" = mkProxy { port = 8090; extraConfig.serverAliases = [ "proot.link" ]; };
         # admin.nbt.sh alias admin.proot.link 8091 auth
+        "admin.nbt.sh" = mkProxy { auth = true; port = 8091; extraConfig.serverAliases = [ "admin.proot.link" ]; };
         # create track map todo later
         "uptime.protogen.io" = mkReverseProxy 3001;
         "kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io";