From 6048ea42f151c60230e1edaa033688d29a4d7e07 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Thu, 10 Dec 2020 17:26:47 +0100
Subject: [PATCH] pulsebert: serve drkkr.hq.c3d2.de

---
 hosts/pulsebert/configuration.nix | 31 ++++++++++++++++++++++++++++---
 1 file changed, 28 insertions(+), 3 deletions(-)

diff --git a/hosts/pulsebert/configuration.nix b/hosts/pulsebert/configuration.nix
index cf01abcf..503a5224 100644
--- a/hosts/pulsebert/configuration.nix
+++ b/hosts/pulsebert/configuration.nix
@@ -4,6 +4,9 @@
 
 { config, pkgs, ... }:
 
+let
+  octoprintPort = 8080;
+in
 {
   imports = [ # Include the results of the hardware scan.
     <this-host/hardware-configuration.nix>
@@ -123,9 +126,33 @@
     publish.userServices = true;
   };
 
+  security.acme = {
+    acceptTerms = true;
+    email = "mail@c3d2.de";
+  };
+  services.nginx = {
+    enable = true;
+    #recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      "drkkr.hq.c3d2.de" = {
+        default = true;
+        enableACME = true;
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString octoprintPort}";
+          proxyWebsockets = true;
+          extraConfig = ''
+            proxy_set_header X-Scheme $scheme;
+            proxy_set_header Accept-Encoding identity;
+          '';
+        };
+      };
+    };
+  };
   services.octoprint = rec {
     enable = true;
-    port = 80;
+    port = octoprintPort;
     # extraConfig.webcam = {
     #   snapshot = "http://localhost:5050?action=snapshot";
     #   stream = "http://octoprint.local:5050?action=stream";
@@ -149,8 +176,6 @@
     # #in p: [ octoprint-filament-sensor-universal ];
     # in p: [];
   };
-  # Allow binding to port 80
-  systemd.services.octoprint.serviceConfig.AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
 
   # Allow access to printer serial port and GPIO
   users.users.${config.services.octoprint.user}.extraGroups = [ "dialout" "gpio" ];