From fc3979e64bd749622e1e56b1291a7738d9acad59 Mon Sep 17 00:00:00 2001
From: James Eversole <james@eversole.co>
Date: Thu, 22 May 2025 09:49:28 -0500
Subject: [PATCH] Reopen some services to WAN

---
 nix/application/containers.nix |  4 ++--
 nix/application/nginx.nix      | 17 +++++++++++++++--
 2 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/nix/application/containers.nix b/nix/application/containers.nix
index b178b66..ece6113 100644
--- a/nix/application/containers.nix
+++ b/nix/application/containers.nix
@@ -23,7 +23,7 @@
       };
 
       gitea = {
-        image = "docker.io/gitea/gitea:1.23.0-rc0-rootless";
+        image = "docker.io/gitea/gitea:1.24.0-rc0-rootless";
         volumes = [ "/home/sezycei/srv/containerdata/gitea/data:/var/lib/gitea"
                     "/home/sezycei/srv/containerdata/gitea/config:/etc/gitea"
                   ];
@@ -146,7 +146,7 @@
       };
 
       vaultwarden = {
-        image = "vaultwarden/server:1.32.7";
+        image = "vaultwarden/server:1.33.2";
         ports = [ "40080:80" ];
         volumes = [
           "/home/sezycei/srv/containerdata/bitwarden/data:/data"
diff --git a/nix/application/nginx.nix b/nix/application/nginx.nix
index 700e5e3..98fabfc 100644
--- a/nix/application/nginx.nix
+++ b/nix/application/nginx.nix
@@ -68,6 +68,19 @@
           root = "/var/www/graf.matri.cx";
           extraConfig = allowedLANAddrs;
         };
+        "home.matri.cx" = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass = "http://192.168.0.131:8123"; 
+            proxyWebsockets = true;
+            extraConfig = ''
+              proxy_set_header Upgrade $http_upgrade;
+              proxy_set_header Connection $connection_upgrade;
+            '';
+          };
+          extraConfig = allowedLANAddrs;
+        };
         "hydra.matri.cx" = proxiedLAN {
           target = "http://127.0.0.1:3034";
           extra = ''
@@ -76,9 +89,9 @@
         };
         "jame.su" = static { dir = "/var/www/jame.su"; };
         "matri.cx" = static { dir = "/var/www/matri.cx"; };
-        "media.matri.cx" = proxiedLAN { target = "http://127.0.0.1:8096"; };
+        "media.matri.cx" = proxied { target = "http://127.0.0.1:8096"; };
         "purr.eversole.co" = proxied { target = "http://127.0.0.1:5195"; };
-        "pw.eversole.co" = proxiedLAN { target = "http://127.0.0.1:40080"; };
+        "pw.eversole.co" = proxied { target = "http://127.0.0.1:40080"; };
         "sezycei.com" = static { dir = "/var/www/sezycei.com"; };
         "snakebelmont.com" = static { dir = "/var/www/snakebelmont.com"; };
         "transmission.matri.cx" = proxiedLAN { target = "http://127.0.0.1:9091"; };