chore(fluidd): proxied

2026-02-09 12:29:19 -08:00 · 2024-08-11 13:55:58 -07:00 · 2024-08-11 13:55:58 -07:00 · cd83456843
commit cd83456843
parent bd78e75619
3 changed files with 47 additions and 11 deletions
--- a/nixos/access/fluidd.nix
+++ b/nixos/access/fluidd.nix
@ -8,8 +8,7 @@
  inherit (lib.modules) mkDefault;
  name.shortServer = mkDefault "print";
  upstreamName = "fluidd'access";
-  serverName = "print.local.${domain}";
-  # TODO: serverName = "@fluidd_internal";
+  serverName = "@fluidd_internal"; # "print.local.${domain}"
 in {
  config.services.nginx = {
    upstreams'.${upstreamName} = {
@ -19,13 +18,12 @@ in {
          name = "nginx";
          system = "logistics";
          port = "proxied";
-          # XXX: logistics doesn't listen on v6
-          getAddressFor = "getAddress4For";
        };
      };
    };
    virtualHosts = let
      copyFromVhost = mkDefault "fluidd";
+      # TODO: just use moonraker as the upstream directly?
      locations = {
        "/" = {
          proxy = {
--- a/nixos/fluidd.nix
+++ b/nixos/fluidd.nix
@ -2,12 +2,13 @@
  inherit (gensokyo-zone.lib) domain;
  inherit (lib.modules) mkIf mkDefault;
  cfg = config.services.fluidd;
+  serverName = "@fluidd_internal";
+  virtualHost = config.services.nginx.virtualHosts.${cfg.hostName};
 in {
  services = {
    fluidd = {
      enable = mkDefault true;
-      hostName = mkDefault "print.local.${domain}";
-      # TODO: hostName = "@fluidd_internal";
+      hostName = mkDefault "print.local.${domain}"; # TODO: serverName?
      nginx.locations."/webcam".proxyPass = let
            inherit (config.services.motion.cameras) printercam;
            inherit (printercam.settings) camera_id;
@ -15,9 +16,43 @@ in {
    };
    nginx = mkIf cfg.enable {
      proxied.enable = true;
-      virtualHosts.${cfg.hostName} = {
+      virtualHosts = {
+        ${cfg.hostName} = {
+          enable = false;
+        };
+        ${serverName} = {
+          # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/web-apps/fluidd.nix
          proxied.enable = true;
-        local.denyGlobal = true;
+          # TODO: proxy.upstream = "fluidd-apiserver";
+          proxy.url = "http://fluidd-apiserver";
+          root = virtualHost.root;
+          locations = {
+            "/" = {
+              inherit (virtualHost.locations."/") index tryFiles;
+            };
+            "/index.html" = {
+              extraConfig = ''
+                add_header Cache-Control "no-store, no-cache, must-revalidate";
+              '';
+            };
+            "/websocket" = {
+              proxy = {
+                enable = true;
+                websocket.enable = true;
+              };
+            };
+            "/webcam" = {
+              inherit (virtualHost.locations."/webcam") proxyPass;
+            };
+            "~ ^/(printer|api|access|machine|server)/" = {
+              proxy = {
+                enable = true;
+                websocket.enable = true;
+                path = "$request_uri";
+              };
+            };
+          };
+        };
      };
    };
  };
--- a/nixos/moonraker.nix
+++ b/nixos/moonraker.nix
@ -43,13 +43,16 @@
            "*.lan"
            "*.${domain}"
          ];
-          trusted_clients = access.cidrForNetwork.allLocal.all;
+          trusted_clients =
+            access.cidrForNetwork.allLocal.all
+            # XXX: only safe when protected behind vouch!
+            ++ [ "0.0.0.0/24" ];
        };
      };
    };
  };
  systemd.services.moonraker = mkIf cfg.enable {
-    # TODO: restartIfChanged = false;
+    restartIfChanged = false;
  };
  networking.firewall = mkIf cfg.enable {
    interfaces.lan.allowedTCPPorts = [