feat(nginx): access_log options

2026-02-09 20:39:18 -08:00 · 2024-06-16 10:26:59 -07:00 · 2024-06-16 10:26:59 -07:00 · 37137017c2
commit 37137017c2
parent 398f947d22
5 changed files with 161 additions and 6 deletions
--- a/modules/nixos/nginx/log.nix
+++ b/modules/nixos/nginx/log.nix
@ -0,0 +1,138 @@
+let
+  locationModule = {
+    config,
+    virtualHost,
+    lib,
+    ...
+  }: {
+    options = with lib.types; {
+      /*
+      accessLog = mkOption {
+        type = submoduleWith {
+          modules = [accessLogModule accessLogDefaults];
+        };
+      };
+      */
+    };
+  };
+  hostModule = {
+    config,
+    nixosConfig,
+    xvars,
+    gensokyo-zone,
+    lib,
+    ...
+  }: let
+    inherit (gensokyo-zone.lib) mapAlmostOptionDefaults;
+    inherit (lib.options) mkOption;
+    inherit (lib.modules) mkIf;
+    inherit (nixosConfig.services) nginx;
+    cfg = config.accessLog;
+    accessLogDefaults = _: {
+      config = mapAlmostOptionDefaults {
+        inherit (nginx.accessLog) enable path format;
+      };
+    };
+  in {
+    options = with lib.types; {
+      accessLog = mkOption {
+        type = submoduleWith {
+          modules = [accessLogModule accessLogDefaults];
+        };
+        default = {};
+      };
+      locations = mkOption {
+        type = attrsOf (submoduleWith {
+          modules = [locationModule];
+          shorthandOnlyDefinesConfig = true;
+        });
+      };
+    };
+    config = {
+      extraConfig = mkIf cfg.emit cfg.directive;
+    };
+  };
+  accessLogModule = {
+    config,
+    lib,
+    ...
+  }: let
+    inherit (lib.options) mkOption mkEnableOption;
+    inherit (lib.modules) mkOptionDefault;
+    defaultPath = "/var/log/nginx/access.log";
+    defaultFormat = "combined";
+  in {
+    options = with lib.types; {
+      enable =
+        mkEnableOption "access_log"
+        // {
+          default = true;
+        };
+      path = mkOption {
+        type = str;
+        default = defaultPath;
+      };
+      format = mkOption {
+        type = str;
+        default = defaultFormat;
+      };
+      directive = mkOption {
+        type = str;
+      };
+      emit = mkOption {
+        internal = true;
+        type = bool;
+      };
+    };
+    config = let
+      isDefault = config.enable && config.path == defaultPath && config.format == defaultFormat;
+      directive =
+        if config.enable
+        then "access_log ${config.path} ${config.format};"
+        else "access_log off;";
+    in {
+      emit = mkOptionDefault (!isDefault);
+      directive = mkOptionDefault directive;
+    };
+  };
+in
+  {
+    config,
+    gensokyo-zone,
+    lib,
+    ...
+  }: let
+    inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
+    inherit (lib.options) mkOption;
+    inherit (lib.modules) mkIf mkAfter;
+    inherit (config.services) nginx;
+    cfg = nginx.accessLog;
+    accessLogService = _: {
+      config.emit = mkAlmostOptionDefault false;
+    };
+  in {
+    options.services.nginx = with lib.types; {
+      accessLog = mkOption {
+        type = submoduleWith {
+          modules = [
+            accessLogModule
+            accessLogService
+          ];
+        };
+        default = {};
+      };
+      virtualHosts = mkOption {
+        type = attrsOf (submodule [hostModule]);
+      };
+    };
+    config.services.nginx = {
+      commonHttpConfig = mkIf cfg.emit (mkAfter cfg.directive);
+      virtualHosts.localhost = mkIf nginx.statusPage {
+        # nixos module already sets `extraConfig = "access_log off;"`
+        accessLog = {
+          enable = false;
+          emit = false;
+        };
+      };
+    };
+  }
--- a/modules/nixos/nginx/proxied.nix
+++ b/modules/nixos/nginx/proxied.nix
@ -82,7 +82,7 @@ let
  }: let
    inherit (gensokyo-zone.lib) mkAlmostOptionDefault orderJustBefore unmerged;
    inherit (lib.options) mkOption;
-    inherit (lib.modules) mkIf mkOrder mkDefault;
+    inherit (lib.modules) mkIf mkMerge mkOrder mkDefault;
    inherit (nixosConfig.services) nginx;
    cfg = config.proxied;
  in {
@ -145,9 +145,14 @@ let
          port = mkAlmostOptionDefault nginx.proxied.listenPort;
        };
      };
-      extraConfig = mkIf (cfg.enabled && config.xvars.enable) (
-        mkOrder (orderJustBefore + 25) (xHeadersProxied {inherit xvars;})
-      );
+      accessLog = mkIf cfg.enabled {
+        format = mkDefault "combined_proxied";
+      };
+      extraConfig = mkMerge [
+        (mkIf (cfg.enabled && config.xvars.enable) (
+          mkOrder (orderJustBefore + 25) (xHeadersProxied {inherit xvars;})
+        ))
+      ];
    };
  };
 in
@ -160,7 +165,7 @@ in
  }: let
    inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
    inherit (lib.options) mkOption mkEnableOption;
-    inherit (lib.modules) mkIf mkOptionDefault;
+    inherit (lib.modules) mkIf;
    inherit (lib.attrsets) attrValues;
    inherit (lib.lists) any;
    inherit (config.services) nginx;
@ -212,6 +217,12 @@ in
            '';
          };
        };
+        commonHttpConfig = mkIf cfg.enable ''
+          log_format combined_proxied '$x_remote_addr proxied $remote_user@$x_host [$time_local] '
+                    '"$request" $status $body_bytes_sent '
+                    '"$http_referer" "$http_user_agent"';
+
+        '';
      };
      networking.firewall.interfaces.lan = mkIf nginx.enable {
        allowedTCPPorts = mkIf cfg.enable [cfg.listenPort];