chore(fluidd): proxied

nixos/access/fluidd.nix

@@ -8,8 +8,7 @@
   inherit (lib.modules) mkDefault;
   name.shortServer = mkDefault "print";
   upstreamName = "fluidd'access";
-  serverName = "print.local.${domain}";
+  serverName = "@fluidd_internal"; # "print.local.${domain}"
-  # TODO: serverName = "@fluidd_internal";
 in {
   config.services.nginx = {
     upstreams'.${upstreamName} = {
@@ -19,13 +18,12 @@ in {
           name = "nginx";
           system = "logistics";
           port = "proxied";
-          # XXX: logistics doesn't listen on v6
-          getAddressFor = "getAddress4For";
         };
       };
     };
     virtualHosts = let
       copyFromVhost = mkDefault "fluidd";
+      # TODO: just use moonraker as the upstream directly?
       locations = {
         "/" = {
           proxy = {

nixos/fluidd.nix

@@ -2,12 +2,13 @@
   inherit (gensokyo-zone.lib) domain;
   inherit (lib.modules) mkIf mkDefault;
   cfg = config.services.fluidd;
+  serverName = "@fluidd_internal";
+  virtualHost = config.services.nginx.virtualHosts.${cfg.hostName};
 in {
   services = {
     fluidd = {
       enable = mkDefault true;
-      hostName = mkDefault "print.local.${domain}";
+      hostName = mkDefault "print.local.${domain}"; # TODO: serverName?
-      # TODO: hostName = "@fluidd_internal";
       nginx.locations."/webcam".proxyPass = let
             inherit (config.services.motion.cameras) printercam;
             inherit (printercam.settings) camera_id;
@@ -15,9 +16,43 @@ in {
     };
     nginx = mkIf cfg.enable {
       proxied.enable = true;
-      virtualHosts.${cfg.hostName} = {
+      virtualHosts = {
-        proxied.enable = true;
+        ${cfg.hostName} = {
-        local.denyGlobal = true;
+          enable = false;
+        };
+        ${serverName} = {
+          # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/web-apps/fluidd.nix
+          proxied.enable = true;
+          # TODO: proxy.upstream = "fluidd-apiserver";
+          proxy.url = "http://fluidd-apiserver";
+          root = virtualHost.root;
+          locations = {
+            "/" = {
+              inherit (virtualHost.locations."/") index tryFiles;
+            };
+            "/index.html" = {
+              extraConfig = ''
+                add_header Cache-Control "no-store, no-cache, must-revalidate";
+              '';
+            };
+            "/websocket" = {
+              proxy = {
+                enable = true;
+                websocket.enable = true;
+              };
+            };
+            "/webcam" = {
+              inherit (virtualHost.locations."/webcam") proxyPass;
+            };
+            "~ ^/(printer|api|access|machine|server)/" = {
+              proxy = {
+                enable = true;
+                websocket.enable = true;
+                path = "$request_uri";
+              };
+            };
+          };
+        };
       };
     };
   };

nixos/moonraker.nix

@@ -43,13 +43,16 @@
             "*.lan"
             "*.${domain}"
           ];
-          trusted_clients = access.cidrForNetwork.allLocal.all;
+          trusted_clients =
+            access.cidrForNetwork.allLocal.all
+            # XXX: only safe when protected behind vouch!
+            ++ [ "0.0.0.0/24" ];
         };
       };
     };
   };
   systemd.services.moonraker = mkIf cfg.enable {
-    # TODO: restartIfChanged = false;
+    restartIfChanged = false;
   };
   networking.firewall = mkIf cfg.enable {
     interfaces.lan.allowedTCPPorts = [