From 80eecdb05cda11833bf4f4ba4040a65184018022 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Thu, 21 Nov 2024 15:07:12 +0100
Subject: [PATCH] nixos/frigate: stop enabling recommendedProxySettings
 globally

Closes: #320512
---
 nixos/modules/services/video/frigate.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/video/frigate.nix b/nixos/modules/services/video/frigate.nix
index d960dea38c095c..a20e0d8bb08214 100644
--- a/nixos/modules/services/video/frigate.nix
+++ b/nixos/modules/services/video/frigate.nix
@@ -176,7 +176,6 @@ in
         set-misc
         vod
       ];
-      recommendedProxySettings = mkDefault true;
       recommendedGzipSettings = mkDefault true;
       mapHashBucketSize = mkDefault 128;
       upstreams = {
@@ -207,6 +206,7 @@ in
           # auth_location.conf
           "/auth" = {
             proxyPass = "http://frigate-api/auth";
+            recommendedProxySettings = true;
             extraConfig = ''
               internal;
 
@@ -311,11 +311,13 @@ in
           };
           "/ws" = {
             proxyPass = "http://frigate-mqtt-ws/";
+            recommendedProxySettings = true;
             proxyWebsockets = true;
             extraConfig = nginxAuthRequest + nginxProxySettings;
           };
           "/live/jsmpeg" = {
             proxyPass = "http://frigate-jsmpeg/";
+            recommendedProxySettings = true;
             proxyWebsockets = true;
             extraConfig = nginxAuthRequest + nginxProxySettings;
           };
@@ -323,6 +325,7 @@ in
           "/live/mse/api/ws" = {
             proxyPass = "http://frigate-go2rtc/api/ws";
             proxyWebsockets = true;
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -332,6 +335,7 @@ in
           "/live/webrtc/api/ws" = {
             proxyPass = "http://frigate-go2rtc/api/ws";
             proxyWebsockets = true;
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -341,6 +345,7 @@ in
           # pass through go2rtc player
           "/live/webrtc/webrtc.html" = {
             proxyPass = "http://frigate-go2rtc/webrtc.html";
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -350,6 +355,7 @@ in
           # frontend uses this to fetch the version
           "/api/go2rtc/api" = {
             proxyPass = "http://frigate-go2rtc/api";
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -360,6 +366,7 @@ in
           "/api/go2rtc/webrtc" = {
             proxyPass = "http://frigate-go2rtc/api/webrtc";
             proxyWebsockets = true;
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -368,12 +375,14 @@ in
           };
           "~* /api/.*\.(jpg|jpeg|png|webp|gif)$" = {
             proxyPass = "http://frigate-api";
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               rewrite ^/api/(.*)$ $1 break;
             '';
           };
           "/api/" = {
             proxyPass = "http://frigate-api/";
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               add_header Cache-Control "no-store";
               expires off;