Why... why,,,

nix-system-configs/modules/system/traefik.nix

@@ -46,7 +46,8 @@ in {
 
     # Configure Anubis service
     services.anubis = {
-      instances."" = {
+      instances = {
+        "" = {
           enable = true;
           settings = {
             # Bind to TCP instead of Unix socket for Docker-style integration
@@ -79,6 +80,50 @@ in {
             METRICS_BIND = "127.0.0.1:8091";
           };
         };
+
+        # Per-service Anubis instances (reverse-proxy mode) ---------------------------
+        forgejo = {
+          enable = true;
+          settings = {
+            BIND_NETWORK = "tcp";
+            BIND = "127.0.0.1:8092";
+            TARGET = "http://10.1.1.4:3000"; # Forgejo backend
+            DIFFICULTY = 20;
+            SERVE_ROBOTS_TXT = true;
+            WEBMASTER_EMAIL = "dtu.prg@gmail.com";
+            METRICS_BIND_NETWORK = "tcp";
+            METRICS_BIND = "127.0.0.1:8095";
+          };
+        };
+
+        wavelog = {
+          enable = true;
+          settings = {
+            BIND_NETWORK = "tcp";
+            BIND = "127.0.0.1:8093";
+            TARGET = "http://10.1.1.249:8086"; # Wavelog backend
+            DIFFICULTY = 20;
+            SERVE_ROBOTS_TXT = true;
+            WEBMASTER_EMAIL = "dtu.prg@gmail.com";
+            METRICS_BIND_NETWORK = "tcp";
+            METRICS_BIND = "127.0.0.1:8096";
+          };
+        };
+
+        partdb = {
+          enable = true;
+          settings = {
+            BIND_NETWORK = "tcp";
+            BIND = "127.0.0.1:8094";
+            TARGET = "http://10.1.1.249:8087"; # PartDB backend
+            DIFFICULTY = 20;
+            SERVE_ROBOTS_TXT = true;
+            WEBMASTER_EMAIL = "dtu.prg@gmail.com";
+            METRICS_BIND_NETWORK = "tcp";
+            METRICS_BIND = "127.0.0.1:8097";
+          };
+        };
+      };
     };
 
     services.traefik = {
@@ -141,16 +186,6 @@ in {
           }
         ];
 
-        # Define Anubis middleware
-        http.middlewares = {
-          anubis = {
-            forwardAuth = {
-              address = "http://127.0.0.1:8090/.within.website/x/cmd/anubis/api/check";
-              trustForwardHeader = true;
-            };
-          };
-        };
-
         http.routers = {
           #anubis-api = {
           #  rule = "Host(`anubis.prg-radio.org`) && PathPrefix(`/.within.website/x/cmd/anubis/api`)";
@@ -173,7 +208,6 @@ in {
             rule = "Host(`git.prg-radio.org`)";
             service = "forgejo";
             entryPoints = ["websecure"];
-            middlewares = ["anubis"]; # Add Anubis protection
             tls = {};
           };
 
@@ -190,22 +224,20 @@ in {
             rule = "Host(`wavelog.prg-radio.org`)";
             service = "wavelog";
             entryPoints = ["websecure"];
-            middlewares = ["anubis"]; # Add Anubis protection
             tls = {};
           };
 
-          # Protected service: PartDB (remove middleware)
+          # Protected service: PartDB
           partdb = {
             rule = "Host(`partdb.prg-radio.org`)";
             service = "partdb";
-            middlewares = ["anubis"]; # Add Anubis protection
             entryPoints = ["websecure"];
             tls = {};
           };
         };
 
         http.services = {
-          # Anubis service
+          # Anubis service (challenge UI / redirect endpoint)
           anubis.loadBalancer = {
             servers = [
               {url = "http://127.0.0.1:8090";}
@@ -215,7 +247,7 @@ in {
 
           forgejo.loadBalancer = {
             servers = [
-              {url = "http://10.1.1.4:3000";}
+              {url = "http://127.0.0.1:8092";}
             ];
           };
           matrix.loadBalancer = {
@@ -225,13 +257,13 @@ in {
           };
           wavelog.loadBalancer = {
             servers = [
-              {url = "http://10.1.1.249:8086";}
+              {url = "http://127.0.0.1:8093";}
             ];
           };
 
           partdb.loadBalancer = {
             servers = [
-              {url = "http://10.1.1.249:8087";}
+              {url = "http://127.0.0.1:8094";}
             ];
           };
         };