From cd8345684373e6a08ca3f94e155d43b947bac35f Mon Sep 17 00:00:00 2001 From: arcnmx Date: Sun, 11 Aug 2024 13:55:58 -0700 Subject: [PATCH] chore(fluidd): proxied --- nixos/access/fluidd.nix | 6 ++---- nixos/fluidd.nix | 45 ++++++++++++++++++++++++++++++++++++----- nixos/moonraker.nix | 7 +++++-- 3 files changed, 47 insertions(+), 11 deletions(-) diff --git a/nixos/access/fluidd.nix b/nixos/access/fluidd.nix index d0178d34..9a5f6586 100644 --- a/nixos/access/fluidd.nix +++ b/nixos/access/fluidd.nix @@ -8,8 +8,7 @@ inherit (lib.modules) mkDefault; name.shortServer = mkDefault "print"; upstreamName = "fluidd'access"; - serverName = "print.local.${domain}"; - # TODO: serverName = "@fluidd_internal"; + serverName = "@fluidd_internal"; # "print.local.${domain}" in { config.services.nginx = { upstreams'.${upstreamName} = { @@ -19,13 +18,12 @@ in { name = "nginx"; system = "logistics"; port = "proxied"; - # XXX: logistics doesn't listen on v6 - getAddressFor = "getAddress4For"; }; }; }; virtualHosts = let copyFromVhost = mkDefault "fluidd"; + # TODO: just use moonraker as the upstream directly? locations = { "/" = { proxy = { diff --git a/nixos/fluidd.nix b/nixos/fluidd.nix index e79ddc39..ca0d84b3 100644 --- a/nixos/fluidd.nix +++ b/nixos/fluidd.nix @@ -2,12 +2,13 @@ inherit (gensokyo-zone.lib) domain; inherit (lib.modules) mkIf mkDefault; cfg = config.services.fluidd; + serverName = "@fluidd_internal"; + virtualHost = config.services.nginx.virtualHosts.${cfg.hostName}; in { services = { fluidd = { enable = mkDefault true; - hostName = mkDefault "print.local.${domain}"; - # TODO: hostName = "@fluidd_internal"; + hostName = mkDefault "print.local.${domain}"; # TODO: serverName? nginx.locations."/webcam".proxyPass = let inherit (config.services.motion.cameras) printercam; inherit (printercam.settings) camera_id; @@ -15,9 +16,43 @@ in { }; nginx = mkIf cfg.enable { proxied.enable = true; - virtualHosts.${cfg.hostName} = { - proxied.enable = true; - local.denyGlobal = true; + virtualHosts = { + ${cfg.hostName} = { + enable = false; + }; + ${serverName} = { + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/web-apps/fluidd.nix + proxied.enable = true; + # TODO: proxy.upstream = "fluidd-apiserver"; + proxy.url = "http://fluidd-apiserver"; + root = virtualHost.root; + locations = { + "/" = { + inherit (virtualHost.locations."/") index tryFiles; + }; + "/index.html" = { + extraConfig = '' + add_header Cache-Control "no-store, no-cache, must-revalidate"; + ''; + }; + "/websocket" = { + proxy = { + enable = true; + websocket.enable = true; + }; + }; + "/webcam" = { + inherit (virtualHost.locations."/webcam") proxyPass; + }; + "~ ^/(printer|api|access|machine|server)/" = { + proxy = { + enable = true; + websocket.enable = true; + path = "$request_uri"; + }; + }; + }; + }; }; }; }; diff --git a/nixos/moonraker.nix b/nixos/moonraker.nix index e377ceeb..9fe4fa23 100644 --- a/nixos/moonraker.nix +++ b/nixos/moonraker.nix @@ -43,13 +43,16 @@ "*.lan" "*.${domain}" ]; - trusted_clients = access.cidrForNetwork.allLocal.all; + trusted_clients = + access.cidrForNetwork.allLocal.all + # XXX: only safe when protected behind vouch! + ++ [ "0.0.0.0/24" ]; }; }; }; }; systemd.services.moonraker = mkIf cfg.enable { - # TODO: restartIfChanged = false; + restartIfChanged = false; }; networking.firewall = mkIf cfg.enable { interfaces.lan.allowedTCPPorts = [