fix: nas wake up on traffic

2026-04-14 10:46:15 +02:00 · 2026-04-14 10:46:15 +02:00 · 358f2296ce
commit 358f2296ce
parent 227fc49cb8
2 changed files with 96 additions and 0 deletions
--- a/hosts/fw/modules/nas-wake-on-access.nix
+++ b/hosts/fw/modules/nas-wake-on-access.nix
@ -89,6 +89,47 @@ let
      date +%s > "${lastSeenFile}"
    fi
  '';
+
+  fwIp = "${config.networkPrefix}.97.1";
+
+  nasWakeHtml = pkgs.writeText "nas-wake.html" ''
+    <!DOCTYPE html>
+    <html>
+    <head>
+      <meta charset="utf-8">
+      <meta http-equiv="refresh" content="15">
+      <title>Waking up NAS...</title>
+      <style>
+        body { font-family: -apple-system, BlinkMacSystemFont, sans-serif; display: flex; justify-content: center; align-items: center; min-height: 100vh; margin: 0; background: #1a1a2e; color: #e0e0e0; }
+        .container { text-align: center; padding: 2rem; }
+        h1 { font-size: 1.8em; margin-bottom: 0.5em; }
+        p { font-size: 1.1em; color: #aaa; }
+      </style>
+    </head>
+    <body>
+      <div class="container">
+        <h1>NAS is waking up&hellip;</h1>
+        <p>A wake-on-LAN packet has been sent.<br>This page will refresh automatically in 15 seconds.</p>
+      </div>
+    </body>
+    </html>
+  '';
+
+  nasWakeHttpScript = pkgs.writeShellScript "nas-wake-http" ''
+    # Trigger WOL (reuses cooldown/holdoff from wakeScript)
+    ${wakeScript} >&2 || true
+
+    BODY=$(cat ${nasWakeHtml})
+    LENGTH=''${#BODY}
+
+    printf "HTTP/1.1 503 Service Unavailable\r\n"
+    printf "Content-Type: text/html; charset=utf-8\r\n"
+    printf "Content-Length: %d\r\n" "$LENGTH"
+    printf "Retry-After: 15\r\n"
+    printf "Connection: close\r\n"
+    printf "\r\n"
+    printf "%s" "$BODY"
+  '';
 in
 {
  systemd.services.nas-wake-journal = {
@ -130,4 +171,26 @@ in
      AccuracySec = "1s";
    };
  };
+
+  # Allow web-02 (bridged to server) to reach the wake HTTP endpoint
+  networking.firewall.interfaces."server".allowedTCPPorts = [ 9800 ];
+
+  # HTTP endpoint for nginx error_page → WOL trigger.
+  # When nginx on web-arm gets a 502/504 from a NAS-proxied vhost, it
+  # proxies the request here. We send WOL and return a "waking up" page.
+  systemd.services.nas-wake-http = {
+    description = "HTTP endpoint to wake NAS on reverse-proxy failure";
+    after = [ "network-online.target" ];
+    wants = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
+    path = with pkgs; [ coreutils ];
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.socat}/bin/socat TCP-LISTEN:9800,bind=${fwIp},reuseaddr,fork EXEC:${nasWakeHttpScript}";
+      Restart = "always";
+      RestartSec = "5s";
+      RuntimeDirectory = "nas-wake-on-access";
+      RuntimeDirectoryPreserve = "yes";
+    };
+  };
 }