diff --git a/hosts/fw/modules/nas-wake-on-access.nix b/hosts/fw/modules/nas-wake-on-access.nix index e150e57..7b6cea9 100644 --- a/hosts/fw/modules/nas-wake-on-access.nix +++ b/hosts/fw/modules/nas-wake-on-access.nix @@ -89,47 +89,6 @@ let date +%s > "${lastSeenFile}" fi ''; - - fwIp = "${config.networkPrefix}.97.1"; - - nasWakeHtml = pkgs.writeText "nas-wake.html" '' - - - - - - Waking up NAS... - - - -
-

NAS is waking up…

-

A wake-on-LAN packet has been sent.
This page will refresh automatically in 15 seconds.

-
- - - ''; - - nasWakeHttpScript = pkgs.writeShellScript "nas-wake-http" '' - # Trigger WOL (reuses cooldown/holdoff from wakeScript) - ${wakeScript} >&2 || true - - BODY=$(cat ${nasWakeHtml}) - LENGTH=''${#BODY} - - printf "HTTP/1.1 503 Service Unavailable\r\n" - printf "Content-Type: text/html; charset=utf-8\r\n" - printf "Content-Length: %d\r\n" "$LENGTH" - printf "Retry-After: 15\r\n" - printf "Connection: close\r\n" - printf "\r\n" - printf "%s" "$BODY" - ''; in { systemd.services.nas-wake-journal = { @@ -171,26 +130,4 @@ in AccuracySec = "1s"; }; }; - - # Allow web-02 (bridged to server) to reach the wake HTTP endpoint - networking.firewall.interfaces."server".allowedTCPPorts = [ 9800 ]; - - # HTTP endpoint for nginx error_page → WOL trigger. - # When nginx on web-arm gets a 502/504 from a NAS-proxied vhost, it - # proxies the request here. We send WOL and return a "waking up" page. - systemd.services.nas-wake-http = { - description = "HTTP endpoint to wake NAS on reverse-proxy failure"; - after = [ "network-online.target" ]; - wants = [ "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - path = with pkgs; [ coreutils ]; - serviceConfig = { - Type = "simple"; - ExecStart = "${pkgs.socat}/bin/socat TCP-LISTEN:9800,bind=${fwIp},reuseaddr,fork EXEC:${nasWakeHttpScript}"; - Restart = "always"; - RestartSec = "5s"; - RuntimeDirectory = "nas-wake-on-access"; - RuntimeDirectoryPreserve = "yes"; - }; - }; } diff --git a/hosts/fw/modules/web/proxies.nix b/hosts/fw/modules/web/proxies.nix index 4a45bf3..421ea1a 100644 --- a/hosts/fw/modules/web/proxies.nix +++ b/hosts/fw/modules/web/proxies.nix @@ -1,16 +1,4 @@ { config, lib, ... }: { - # Catch-all default server: drop connections from bots/scanners hitting - # by IP or unknown Host header. Without this, the alphabetically first - # vhost (audiobooks) becomes the implicit default — and its @nas_wake - # error handler wakes the NAS on every random internet probe. - services.nginx.virtualHosts."_" = { - default = true; - rejectSSL = true; - extraConfig = '' - return 444; - ''; - }; - services.nginx.virtualHosts."git.cloonar.com" = { forceSSL = true; enableACME = true; @@ -57,17 +45,12 @@ allow ${config.networkPrefix}.97.0/24; allow ${config.networkPrefix}.98.0/24; deny all; - proxy_connect_timeout 3s; - error_page 502 504 = @nas_wake; ''; locations."/" = { proxyPass = "http://${config.networkPrefix}.97.11:8000"; proxyWebsockets = true; }; - locations."@nas_wake" = { - proxyPass = "http://${config.networkPrefix}.97.1:9800"; - }; }; services.nginx.virtualHosts."jellyfin.cloonar.com" = { @@ -75,11 +58,6 @@ enableACME = true; acmeRoot = null; - extraConfig = '' - proxy_connect_timeout 3s; - error_page 502 504 = @nas_wake; - ''; - locations."/" = { proxyPass = "http://${config.networkPrefix}.97.11:8096"; proxyWebsockets = true; @@ -95,9 +73,6 @@ proxy_buffering off; ''; }; - locations."@nas_wake" = { - proxyPass = "http://${config.networkPrefix}.97.1:9800"; - }; }; services.nginx.virtualHosts."audiobooks.cloonar.com" = { @@ -105,11 +80,6 @@ enableACME = true; acmeRoot = null; - extraConfig = '' - proxy_connect_timeout 3s; - error_page 502 504 = @nas_wake; - ''; - locations."/" = { proxyPass = "http://${config.networkPrefix}.97.11:13378"; proxyWebsockets = true; @@ -124,9 +94,6 @@ proxy_buffering off; ''; }; - locations."@nas_wake" = { - proxyPass = "http://${config.networkPrefix}.97.1:9800"; - }; }; services.nginx.virtualHosts."moltbot.cloonar.com" = { diff --git a/hosts/nas/hardware-configuration.nix b/hosts/nas/hardware-configuration.nix index 8e7ad19..1e43f96 100644 --- a/hosts/nas/hardware-configuration.nix +++ b/hosts/nas/hardware-configuration.nix @@ -6,7 +6,6 @@ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.loader.timeout = 1; boot.loader.systemd-boot = { enable = true; configurationLimit = 5; @@ -29,6 +28,8 @@ boot.swraid = { enable = true; mdadmConf = '' + DEVICE /dev/disk/by-id/nvme-KIOXIA-EXCERIA_PLUS_G3_SSD_7FJKS1MAZ0E7-part1 + DEVICE /dev/disk/by-id/nvme-KIOXIA-EXCERIA_PLUS_G3_SSD_7FJKS1M9Z0E7-part1 DEVICE /dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_8582A01SF4MJ-part1 DEVICE /dev/disk/by-id/ata-TOSHIBA_MG10ACA20TE_75V2A0H3F4MJ-part1 ''; @@ -83,6 +84,12 @@ ]; }; + # LVM volumes on RAID array + fileSystems."/var/lib/downloads" = { + device = "/dev/vg-data-fast/downloads"; + fsType = "ext4"; + }; + fileSystems."/var/lib/multimedia" = { device = "/dev/vg-data-slow/multimedia"; fsType = "ext4";