diff --git a/nixos/access/fluidd.nix b/nixos/access/fluidd.nix index 2fd2f0cb..d0178d34 100644 --- a/nixos/access/fluidd.nix +++ b/nixos/access/fluidd.nix @@ -1,21 +1,24 @@ { config, + gensokyo-zone, lib, ... }: let - inherit (lib.modules) mkIf mkDefault; - inherit (config.services) nginx fluidd; + inherit (gensokyo-zone.lib) domain; + inherit (lib.modules) mkDefault; name.shortServer = mkDefault "print"; upstreamName = "fluidd'access"; + serverName = "print.local.${domain}"; + # TODO: serverName = "@fluidd_internal"; in { config.services.nginx = { - upstreams'.${upstreamName}.servers = { - service = {upstream, ...}: { - enable = true; + upstreams'.${upstreamName} = { + host = serverName; + servers.service = { accessService = { name = "nginx"; system = "logistics"; - port = "http"; + port = "proxied"; # XXX: logistics doesn't listen on v6 getAddressFor = "getAddress4For"; }; @@ -34,10 +37,7 @@ in { in { fluidd = { inherit name locations; - proxy = { - upstream = mkDefault upstreamName; - host = nginx.virtualHosts.fluidd'local.serverName; - }; + proxy.upstream = mkDefault upstreamName; vouch.enable = mkDefault true; }; fluidd'local = { diff --git a/nixos/fluidd.nix b/nixos/fluidd.nix index 95f5664f..e79ddc39 100644 --- a/nixos/fluidd.nix +++ b/nixos/fluidd.nix @@ -1,17 +1,24 @@ -{ config, gensokyo-zone, ... }: let - inherit (config.services) motion; +{ config, gensokyo-zone, lib, ... }: let inherit (gensokyo-zone.lib) domain; + inherit (lib.modules) mkIf mkDefault; + cfg = config.services.fluidd; in { services = { fluidd = { - enable = true; - hostName = "print.local.gensokyo.zone"; + enable = mkDefault true; + hostName = mkDefault "print.local.${domain}"; + # TODO: hostName = "@fluidd_internal"; nginx.locations."/webcam".proxyPass = let - inherit (motion.cameras) printercam; + inherit (config.services.motion.cameras) printercam; inherit (printercam.settings) camera_id; in "https://kitchen.local.${domain}/${toString camera_id}/stream"; }; + nginx = mkIf cfg.enable { + proxied.enable = true; + virtualHosts.${cfg.hostName} = { + proxied.enable = true; + local.denyGlobal = true; + }; + }; }; - - networking.firewall.interfaces.lan.allowedTCPPorts = [80]; } diff --git a/nixos/klipper.nix b/nixos/klipper.nix index 94b7103e..01b05da4 100644 --- a/nixos/klipper.nix +++ b/nixos/klipper.nix @@ -1,11 +1,17 @@ -{ pkgs, ... }: { - +{ config, gensokyo-zone, lib, ... }: let + inherit (gensokyo-zone.lib) mkAlmostOptionDefault; + inherit (lib.modules) mkIf mkDefault; + inherit (config.services) moonraker octoprint; + cfg = config.services.klipper; +in { services = { klipper = { - enable = true; - octoprintIntegration = true; + enable = mkDefault true; + octoprintIntegration = mkIf octoprint.enable (mkDefault true); + user = mkIf moonraker.enable (mkAlmostOptionDefault "moonraker"); + group = mkIf moonraker.enable (mkAlmostOptionDefault "moonraker"); mutableConfig = true; - mutableConfigFolder = "/var/lib/moonraker/config"; + mutableConfigFolder = mkIf moonraker.enable (mkDefault "${moonraker.stateDir}/config"); settings = {}; }; }; diff --git a/nixos/moonraker.nix b/nixos/moonraker.nix index acc7b3e3..f2e16168 100644 --- a/nixos/moonraker.nix +++ b/nixos/moonraker.nix @@ -1,39 +1,39 @@ -{ config, gensokyo-zone, ... }: let - inherit (config.services) motion; +{ config, access, gensokyo-zone, lib, ... }: let + inherit (lib.modules) mkIf mkDefault; inherit (gensokyo-zone.lib) domain; + inherit (config.services) klipper; + cfg = config.services.moonraker; in { sops.secrets = { moonraker_cfg = { sopsFile = ./secrets/moonraker.yaml; - path = "/var/lib/moonraker/config/secrets.conf"; - owner = "octoprint"; + path = "${cfg.stateDir}/config/secrets.conf"; + owner = cfg.user; }; }; services = { moonraker = { - enable = true; - address = "0.0.0.0"; - user = "octoprint"; + enable = mkDefault true; + address = mkDefault "0.0.0.0"; + user = mkDefault klipper.user; + group = mkDefault klipper.group; port = 7125; # it's the default but i'm specifying it anyway settings = { "include secrets.conf" = { }; octoprint_compat = { }; history = { }; - "webcam printer" = { + "webcam printer" = let + inherit (config.services.motion.cameras) printercam; + inherit (printercam.settings) camera_id; + in { location = "printer"; enabled = true; service = "mjpegstreamer"; icon = "mdiPrinter3d"; target_fps = 5; target_fps_idle = 1; - stream_url = let - inherit (motion.cameras) printercam; - inherit (printercam.settings) camera_id; - in "https://kitchen.local.${domain}/${toString camera_id}/stream"; - snapshot_url = let - inherit (motion.cameras) printercam; - inherit (printercam.settings) camera_id; - in "https://kitchen.local.${domain}/${toString camera_id}/current"; + stream_url = "https://kitchen.local.${domain}/${toString camera_id}/stream"; + snapshot_url = "https://kitchen.local.${domain}/${toString camera_id}/current"; aspect_ratio = "16:9"; }; authorization = { @@ -41,15 +41,16 @@ cors_domains = [ "*.local" "*.lan" - "*.gensokyo.zone" - ]; - trusted_clients = [ - "10.0.0.0/8" - "127.0.0.0/8" - "::1/128" + "*.${domain}" ]; + trusted_clients = access.cidrForNetwork.allLocal.all; }; }; }; }; + networking.firewall = mkIf cfg.enable { + interfaces.lan.allowedTCPPorts = [ + cfg.port + ]; + }; } diff --git a/nixos/octoprint.nix b/nixos/octoprint.nix index 66fac5d1..8bb9f63e 100644 --- a/nixos/octoprint.nix +++ b/nixos/octoprint.nix @@ -26,7 +26,7 @@ in { marlingcodedocumentation printtimegenius stlviewer - #octoklipper? + octoklipper #octolapse? #dashboard? ]; diff --git a/overlays/print.nix b/overlays/print.nix index 5eefb953..b632c219 100644 --- a/overlays/print.nix +++ b/overlays/print.nix @@ -15,7 +15,7 @@ in { }; packageOverrides = python3Packages: python3Packages'prev: lib.mapAttrs (mapPlugin python3Packages) { - inherit (final.octoprintPlugins) prometheus-exporter octorant queue printtimegenius; + inherit (final.octoprintPlugins) prometheus-exporter octorant queue printtimegenius octoklipper; }; octoprint = prev.octoprint.override (old: { packageOverrides = lib.composeExtensions old.packageOverrides or (_: _: {}) packageOverrides; @@ -55,6 +55,23 @@ in { }); in callPackage printtimegenius {}; + octoklipper = let + octoklipper = { + fetchFromGitHub, + python3Packages, + buildPlugin, + }: + octoprintPlugins.octoklipper.overrideAttrs (old: rec { + name = "${old.pname}-${version}"; + version = lib.warnIf (lib.versionAtLeast old.version "0.3.8.4") "octoklipper updated upstream" "0.3.9.5"; + src = fetchFromGitHub { + inherit (old.src) owner repo; + rev = version; + sha256 = "sha256-Ctxg6jyrXIR9sQQDu/Tjo+6+pOuSKgdDTYbnOKlU5ak="; + }; + }); + in + callPackage octoklipper {}; }; # XXX: build broken upstream ugh... diff --git a/systems/logistics/default.nix b/systems/logistics/default.nix index a4782599..7ac9c4e1 100644 --- a/systems/logistics/default.nix +++ b/systems/logistics/default.nix @@ -6,13 +6,15 @@ _: { ]; exports = { services = { + nginx = { + enable = true; + ports.proxied.enable = true; + }; motion = { id = "kitchen"; enable = true; ports.stream.port = 41081; }; - octoprint.enable = true; - nginx.enable = true; moonraker.enable = true; fluidd.enable = true; }; diff --git a/systems/logistics/nixos.nix b/systems/logistics/nixos.nix index 01e73f07..fc5e12c6 100644 --- a/systems/logistics/nixos.nix +++ b/systems/logistics/nixos.nix @@ -12,13 +12,12 @@ in { in [ nixos.sops nixos.base + nixos.nginx nixos.barcodebuddy-scanner nixos.motion nixos.cameras.kitchen nixos.cameras.printer nixos.cameras.logistics-webcam - nixos.octoprint - nixos.nginx nixos.klipper nixos.moonraker nixos.fluidd @@ -63,7 +62,7 @@ in { description = "Logistics"; extraGroups = [ "nixbuilder" - (mkIf (!config.services.octoprint.enable) "dialout") + (mkIf (!config.services.octoprint.enable && !!config.services.klipper.enable) "dialout") (mkIf config.networking.networkmanager.enable "networkmanager") ]; hashedPasswordFile = config.sops.secrets.logistics-user-password.path;