diff --git a/modules/system/exports/octoprint.nix b/modules/system/exports/octoprint.nix new file mode 100644 index 00000000..0ed528c0 --- /dev/null +++ b/modules/system/exports/octoprint.nix @@ -0,0 +1,36 @@ +{ + lib, + gensokyo-zone, + ... +}: let + inherit (gensokyo-zone.lib) mkAlmostOptionDefault; + inherit (lib.modules) mkIf; +in { + config.exports.services.octoprint = {config, ...}: { + displayName = mkAlmostOptionDefault "OctoPrint"; + id = mkAlmostOptionDefault "print"; + nixos = { + serviceAttr = "octoprint"; + assertions = let + mkAssertion = f: nixosConfig: let + cfg = nixosConfig.services.octoprint; + in + f nixosConfig cfg; + in + mkIf config.enable [ + (mkAssertion (nixosConfig: cfg: { + assertion = config.ports.default.port == cfg.port; + message = "port mismatch"; + })) + ]; + }; + defaults.port.listen = mkAlmostOptionDefault "lan"; + ports = { + default = { + port = mkAlmostOptionDefault 5000; + protocol = "http"; + status.enable = mkAlmostOptionDefault true; + }; + }; + }; +} diff --git a/modules/system/exports/openwebrx.nix b/modules/system/exports/openwebrx.nix index b2da4ca6..2b608285 100644 --- a/modules/system/exports/openwebrx.nix +++ b/modules/system/exports/openwebrx.nix @@ -3,9 +3,8 @@ gensokyo-zone, ... }: let - inherit (gensokyo-zone.lib) mapAlmostOptionDefaults mkAlmostOptionDefault; + inherit (gensokyo-zone.lib) mkAlmostOptionDefault; inherit (lib.modules) mkIf; - inherit (lib.attrsets) mapAttrs; in { config.exports.services.openwebrx = {config, ...}: { displayName = mkAlmostOptionDefault "OpenWebRX"; diff --git a/nixos/access/octoprint.nix b/nixos/access/octoprint.nix new file mode 100644 index 00000000..93f24d33 --- /dev/null +++ b/nixos/access/octoprint.nix @@ -0,0 +1,58 @@ +{ + config, + lib, + ... +}: let + inherit (lib.modules) mkIf mkDefault; + inherit (config.services) octoprint; + name.shortServer = mkDefault "print"; + upstreamName = "octoprint'access"; +in { + config.services.nginx = { + upstreams'.${upstreamName}.servers = { + local = { + enable = mkDefault octoprint.enable; + addr = mkDefault "localhost"; + port = mkIf octoprint.enable (mkDefault octoprint.port); + }; + service = {upstream, ...}: { + enable = mkIf upstream.servers.local.enable (mkDefault false); + accessService = { + name = "octoprint"; + # XXX: logistics doesn't listen on v6 + getAddressFor = "getAddress4For"; + }; + }; + }; + virtualHosts = let + copyFromVhost = mkDefault "octoprint"; + locations = { + "/" = { + proxy.enable = true; + }; + "/sockjs/" = { + proxy = { + enable = true; + websocket.enable = true; + }; + }; + }; + in { + octoprint = { + inherit name locations; + proxy.upstream = mkDefault upstreamName; + vouch.enable = mkDefault true; + }; + octoprint'local = { + inherit name locations; + ssl.cert = { + inherit copyFromVhost; + }; + proxy = { + inherit copyFromVhost; + }; + local.enable = mkDefault true; + }; + }; + }; +} diff --git a/nixos/octoprint.nix b/nixos/octoprint.nix new file mode 100644 index 00000000..cd89e73b --- /dev/null +++ b/nixos/octoprint.nix @@ -0,0 +1,53 @@ +{ + config, + access, + lib, + ... +}: let + inherit (lib.modules) mkIf mkMerge mkDefault; + inherit (config.services) motion; + cfg = config.services.octoprint; + behindVouch = false; +in { + services.octoprint = { + enable = mkDefault true; + # host = mkIf config.networking.enableIPv6 "::"; + extraConfig = mkMerge [ + # https://docs.octoprint.org/en/master/configuration/config_yaml.html + { + # TODO: api.key = sops? + server = { + # TODO: secretKey = sops? + reverseProxy = { + schemeHeader = "X-Forwarded-Proto"; + trustedDownstream = access.cidrForNetwork.allLan.all; + }; + }; + webcam = mkIf motion.enable { + # TODO + }; + plugins = { + _disabled = [ + "softwareupdate" + ]; + }; + } + (mkIf (!behindVouch) { + autologinLocal = true; + autologinAs = "guest"; + localNetworks = access.cidrForNetwork.allLocal.all; + }) + (mkIf behindVouch { + trustRemoteUser = true; + addRemoteUsers = true; + remoteUserHeader = "X-Vouch-User"; + }) + ]; + }; + + networking.firewall = mkIf cfg.enable { + interfaces.lan.allowedTCPPorts = [ + cfg.port + ]; + }; +} diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix index b90c8c71..40e2cc8b 100644 --- a/systems/hakurei/nixos.nix +++ b/systems/hakurei/nixos.nix @@ -42,6 +42,7 @@ in { nixos.access.grafana nixos.access.loki nixos.access.kitchencam + nixos.access.octoprint nixos.access.openwebrx nixos.access.deluge nixos.access.home-assistant @@ -266,6 +267,14 @@ in { virtualHosts.kitchencam'local.allServerNames ]; }; + print = { + inherit (nginx) group; + domain = virtualHosts.octoprint.serverName; + extraDomainNames = mkMerge [ + virtualHosts.octoprint.otherServerNames + virtualHosts.octoprint'local.allServerNames + ]; + }; webrx = { inherit (nginx) group; domain = virtualHosts.openwebrx.serverName; @@ -396,6 +405,7 @@ in { }; }; kitchencam.ssl.cert.enable = true; + octoprint.ssl.cert.enable = true; openwebrx.ssl.cert.enable = true; deluge.ssl.cert.enable = true; invidious = { diff --git a/systems/logistics/default.nix b/systems/logistics/default.nix index 1c8d41a4..0d5b78ec 100644 --- a/systems/logistics/default.nix +++ b/systems/logistics/default.nix @@ -11,6 +11,7 @@ _: { enable = true; ports.stream.port = 41081; }; + octoprint.enable = true; }; }; network.networks = { diff --git a/systems/logistics/nixos.nix b/systems/logistics/nixos.nix index a4205305..9070f6ee 100644 --- a/systems/logistics/nixos.nix +++ b/systems/logistics/nixos.nix @@ -14,6 +14,7 @@ in { nixos.base nixos.barcodebuddy-scanner nixos.kitchencam + nixos.octoprint ./hardware-configuration.nix ]; diff --git a/tf/cloudflare_records.tf b/tf/cloudflare_records.tf index 5dc18a31..13ef5493 100644 --- a/tf/cloudflare_records.tf +++ b/tf/cloudflare_records.tf @@ -28,6 +28,7 @@ module "hakurei_system_records" { "smb", "mqtt", "kitchen", + "print", "webrx", "deluge", "home", @@ -46,6 +47,7 @@ module "hakurei_system_records" { "smb", "mqtt", "kitchen", + "print", "webrx", "syncplay", "yt",