gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(nginx): access_log options

Browse source
This commit is contained in:
arcnmx 2024-06-16 10:26:59 -07:00
parent 398f947d22
commit 37137017c2
5 changed files with 161 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

138
modules/nixos/nginx/log.nix Normal file
View file

@ -0,0 +1,138 @@
let
locationModule = {
config,
virtualHost,
lib,
...
}: {
options = with lib.types; {
/*
accessLog = mkOption {
type = submoduleWith {
modules = [accessLogModule accessLogDefaults];
};
};
*/
};
};
hostModule = {
config,
nixosConfig,
xvars,
gensokyo-zone,
lib,
...
}: let
inherit (gensokyo-zone.lib) mapAlmostOptionDefaults;
inherit (lib.options) mkOption;
inherit (lib.modules) mkIf;
inherit (nixosConfig.services) nginx;
cfg = config.accessLog;
accessLogDefaults = _: {
config = mapAlmostOptionDefaults {
inherit (nginx.accessLog) enable path format;
};
};
in {
options = with lib.types; {
accessLog = mkOption {
type = submoduleWith {
modules = [accessLogModule accessLogDefaults];
};
default = {};
};
locations = mkOption {
type = attrsOf (submoduleWith {
modules = [locationModule];
shorthandOnlyDefinesConfig = true;
});
};
};
config = {
extraConfig = mkIf cfg.emit cfg.directive;
};
};
accessLogModule = {
config,
lib,
...
}: let
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkOptionDefault;
defaultPath = "/var/log/nginx/access.log";
defaultFormat = "combined";
in {
options = with lib.types; {
enable =
mkEnableOption "access_log"
// {
default = true;
};
path = mkOption {
type = str;
default = defaultPath;
};
format = mkOption {
type = str;
default = defaultFormat;
};
directive = mkOption {
type = str;
};
emit = mkOption {
internal = true;
type = bool;
};
};
config = let
isDefault = config.enable && config.path == defaultPath && config.format == defaultFormat;
directive =
if config.enable
then "access_log ${config.path} ${config.format};"
else "access_log off;";
in {
emit = mkOptionDefault (!isDefault);
directive = mkOptionDefault directive;
};
};
in
{
config,
gensokyo-zone,
lib,
...
}: let
inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
inherit (lib.options) mkOption;
inherit (lib.modules) mkIf mkAfter;
inherit (config.services) nginx;
cfg = nginx.accessLog;
accessLogService = _: {
config.emit = mkAlmostOptionDefault false;
};
in {
options.services.nginx = with lib.types; {
accessLog = mkOption {
type = submoduleWith {
modules = [
accessLogModule
accessLogService
];
};
default = {};
};
virtualHosts = mkOption {
type = attrsOf (submodule [hostModule]);
};
};
config.services.nginx = {
commonHttpConfig = mkIf cfg.emit (mkAfter cfg.directive);
virtualHosts.localhost = mkIf nginx.statusPage {
# nixos module already sets `extraConfig = "access_log off;"`
accessLog = {
enable = false;
emit = false;
};
};
};
}

21
modules/nixos/nginx/proxied.nix
View file

@ -82,7 +82,7 @@ let
}: let
inherit (gensokyo-zone.lib) mkAlmostOptionDefault orderJustBefore unmerged;
inherit (lib.options) mkOption;
inherit (lib.modules) mkIf mkOrder mkDefault;
inherit (lib.modules) mkIf mkMerge mkOrder mkDefault;
inherit (nixosConfig.services) nginx;
cfg = config.proxied;
in {
@ -145,9 +145,14 @@ let
port = mkAlmostOptionDefault nginx.proxied.listenPort;
};
};
extraConfig = mkIf (cfg.enabled && config.xvars.enable) (
mkOrder (orderJustBefore + 25) (xHeadersProxied {inherit xvars;})
);
accessLog = mkIf cfg.enabled {
format = mkDefault "combined_proxied";
};
extraConfig = mkMerge [
(mkIf (cfg.enabled && config.xvars.enable) (
mkOrder (orderJustBefore + 25) (xHeadersProxied {inherit xvars;})
))
];
};
};
in
@ -160,7 +165,7 @@ in
}: let
inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkIf mkOptionDefault;
inherit (lib.modules) mkIf;
inherit (lib.attrsets) attrValues;
inherit (lib.lists) any;
inherit (config.services) nginx;
@ -212,6 +217,12 @@ in
'';
};
};
commonHttpConfig = mkIf cfg.enable ''
log_format combined_proxied '$x_remote_addr proxied $remote_user@$x_host [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
'';
};
networking.firewall.interfaces.lan = mkIf nginx.enable {
allowedTCPPorts = mkIf cfg.enable [cfg.listenPort];

1
nixos/access/barcodebuddy.nix
View file

@ -28,6 +28,7 @@ in {
inherit serverName;
proxied.enable = mkDefault true;
local.denyGlobal = true;
accessLog.enable = false;
};
barcodebuddy = {
inherit name;

2
nixos/access/grocy.nix
View file

@ -59,6 +59,7 @@ in {
inherit serverName;
proxied.enable = true;
local.denyGlobal = true;
accessLog.enable = false;
};
grocy = mkMerge [
luaAuthHost
@ -101,6 +102,7 @@ in {
enable = true;
localSso.enable = true;
};
accessLog.enable = false;
}
];
};

5
nixos/nginx.nix
View file

@ -33,11 +33,14 @@ in {
#X-Content-Type-Options = "nosniff";
#X-XSS-Protection = "1; mode=block";
};
accessLog.format = mkDefault "combined_host";
commonHttpConfig = ''
map $scheme $hsts_header {
https "max-age=31536000; includeSubdomains; preload";
}
#proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
log_format combined_host '$remote_addr - $remote_user@$host [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
'';
clientMaxBodySize = mkDefault "512m";
virtualHosts.fallback = {