From df884dafd22e5dab92a278fffc9ebfc79c44f41e Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Thu, 21 Nov 2024 15:07:12 +0100
Subject: [PATCH] nixos/frigate: stop enabling recommendedProxySettings
 globally

Closes: #320512
---
 nixos/modules/services/video/frigate.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/video/frigate.nix b/nixos/modules/services/video/frigate.nix
index d1b2572870ca2..84a8ba9cb10a5 100644
--- a/nixos/modules/services/video/frigate.nix
+++ b/nixos/modules/services/video/frigate.nix
@@ -177,7 +177,6 @@ in
         set-misc
         vod
       ];
-      recommendedProxySettings = mkDefault true;
       recommendedGzipSettings = mkDefault true;
       mapHashBucketSize = mkDefault 128;
       upstreams = {
@@ -208,6 +207,7 @@ in
           # auth_location.conf
           "/auth" = {
             proxyPass = "http://frigate-api/auth";
+            recommendedProxySettings = true;
             extraConfig = ''
               internal;
 
@@ -312,11 +312,13 @@ in
           };
           "/ws" = {
             proxyPass = "http://frigate-mqtt-ws/";
+            recommendedProxySettings = true;
             proxyWebsockets = true;
             extraConfig = nginxAuthRequest + nginxProxySettings;
           };
           "/live/jsmpeg" = {
             proxyPass = "http://frigate-jsmpeg/";
+            recommendedProxySettings = true;
             proxyWebsockets = true;
             extraConfig = nginxAuthRequest + nginxProxySettings;
           };
@@ -324,6 +326,7 @@ in
           "/live/mse/api/ws" = {
             proxyPass = "http://frigate-go2rtc/api/ws";
             proxyWebsockets = true;
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -333,6 +336,7 @@ in
           "/live/webrtc/api/ws" = {
             proxyPass = "http://frigate-go2rtc/api/ws";
             proxyWebsockets = true;
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -342,6 +346,7 @@ in
           # pass through go2rtc player
           "/live/webrtc/webrtc.html" = {
             proxyPass = "http://frigate-go2rtc/webrtc.html";
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -351,6 +356,7 @@ in
           # frontend uses this to fetch the version
           "/api/go2rtc/api" = {
             proxyPass = "http://frigate-go2rtc/api";
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -361,6 +367,7 @@ in
           "/api/go2rtc/webrtc" = {
             proxyPass = "http://frigate-go2rtc/api/webrtc";
             proxyWebsockets = true;
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               limit_except GET {
                   deny  all;
@@ -369,12 +376,14 @@ in
           };
           "~* /api/.*\.(jpg|jpeg|png|webp|gif)$" = {
             proxyPass = "http://frigate-api";
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               rewrite ^/api/(.*)$ $1 break;
             '';
           };
           "/api/" = {
             proxyPass = "http://frigate-api/";
+            recommendedProxySettings = true;
             extraConfig = nginxAuthRequest + nginxProxySettings + ''
               add_header Cache-Control "no-store";
               expires off;