moved haproxy to a service

systems/jeeves/docker/cloud_flare_tunnel.nix

@@ -0,0 +1,18 @@
+let
+  vars = import ../vars.nix;
+in
+{
+  virtualisation.oci-containers.containers = {
+    cloud_flare_tunnel = {
+      image = "cloudflare/cloudflared:2025.1.1";
+      user = "600:600";
+      cmd = [
+        "tunnel"
+        "run"
+      ];
+      environmentFiles = ["${vars.storage_secrets}/docker/cloud_flare_tunnel"];
+      extraOptions = [ "--network=web" ];
+      autoStart = true;
+    };
+  };
+}

systems/jeeves/docker/reverse_proxy.nix

@@ -1,35 +0,0 @@
-let
-  vars = import ../vars.nix;
-in
-{
-  virtualisation.oci-containers.containers = {
-    haproxy = {
-      image = "haproxy:3.1";
-      user = "600:600";
-      environment = {
-        TZ = "Etc/EST";
-      };
-      volumes = [
-        "${vars.storage_secrets}/docker/cloudflare.pem:/etc/ssl/certs/cloudflare.pem"
-        "${./haproxy.cfg}:/usr/local/etc/haproxy/haproxy.cfg"
-      ];
-      dependsOn = [
-        "uptime_kuma"
-      ];
-      extraOptions = [ "--network=web" ];
-      autoStart = true;
-    };
-    cloud_flare_tunnel = {
-      image = "cloudflare/cloudflared:2025.1.1";
-      user = "600:600";
-      cmd = [
-        "tunnel"
-        "run"
-      ];
-      environmentFiles = ["${vars.storage_secrets}/docker/cloud_flare_tunnel"];
-      dependsOn = [ "haproxy" ];
-      extraOptions = [ "--network=web" ];
-      autoStart = true;
-    };
-  };
-}

systems/jeeves/docker/share.nix

@@ -4,6 +4,7 @@ in
 {
   virtualisation.oci-containers.containers.share = {
     image = "ubuntu/apache2:2.4-22.04_beta";
+    ports = [ "8091:80" ];
     volumes = [
       "${../../../common/docker_templates}/file_server/sites/:/etc/apache2/sites-enabled/"
       "${vars.media_share}:/data"

systems/jeeves/docker/uptime_kuma.nix

@@ -4,6 +4,7 @@ in
 {
   virtualisation.oci-containers.containers = {
     uptime_kuma = {
+      ports = [ "3001:3001" ];
       image = "louislam/uptime-kuma:1.23.16-debian";
       volumes = [
         "${vars.media_docker_configs}/uptime_kuma:/app/data"

systems/jeeves/services/haproxy.cfg

@@ -22,7 +22,7 @@ defaults
 #Application Setup
 frontend ContentSwitching
   bind *:80
-  bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem
+  bind *:443 ssl crt /zfs/storage/secrets/docker/cloudflare.pem
   mode  http
   # tmmworkshop.com
   acl host_audiobookshelf  hdr(host) -i audiobookshelf.tmmworkshop.com
@@ -66,8 +66,8 @@ backend jellyfin
 
 backend share_nodes
   mode http
-  server server share:80
+  server server 192.168.95.14:8091
 
 backend uptime_kuma_nodes
   mode http
-  server server uptime_kuma:3001
+  server server 192.168.95.14:3001

systems/jeeves/services/haproxy.nix

@@ -0,0 +1,8 @@
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.haproxy = {
+    enable = true;
+    config = builtins.readFile ./haproxy.cfg;
+  };
+}

systems/jeeves/services/home_assistant.nix

@@ -16,7 +16,7 @@ in
             "192.168.98.4"
           ];
           use_x_forwarded_for = true;
-          trusted_proxies = "172.18.0.0/24";
+          trusted_proxies = "192.168.95.0/24";
         };
         homeassistant = {
           time_zone = "America/New_York";
@@ -57,6 +57,7 @@ in
           pyownet
           rokuecp
           uiprotect
+          wakeonlan
         ];
       extraComponents = [ "isal" ];
     };

systems/jeeves/services/validate_system.toml

@@ -2,7 +2,7 @@ zpool = ["root_pool", "storage", "torrenting", "media"]
 services = [
     "audiobookshelf",
     "docker-cloud_flare_tunnel",
-    "docker-haproxy",
+    "haproxy",
     "docker-qbit",
     "docker-qbitvpn",
     "docker-uptime_kuma",