diff --git a/flake.nix b/flake.nix index d4e6725..a8e533e 100644 --- a/flake.nix +++ b/flake.nix @@ -9,14 +9,15 @@ outputs = inputs@{ self, nixpkgs, sops-nix, ... }: { nixosModules.default = { config, ... }: { imports = [ - modules/ssl.nix modules/authelia.nix modules/backup.nix modules/home-assistant.nix modules/jellyfin.nix + modules/ldap.nix modules/monitoring.nix modules/nextcloud-server.nix - modules/ldap.nix + modules/nginx.nix + modules/ssl.nix ]; }; diff --git a/modules/nginx.nix b/modules/nginx.nix new file mode 100644 index 0000000..54199e2 --- /dev/null +++ b/modules/nginx.nix @@ -0,0 +1,34 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.shb.nginx; +in +{ + options.shb.nginx = { + accessLog = lib.mkOption { + type = lib.types.bool; + description = "Log all requests"; + default = false; + example = true; + }; + + debugLog = lib.mkOption { + type = lib.types.bool; + description = "Verbose debug of internal. This will print what servers were matched and why."; + default = false; + example = true; + }; + }; + + config = { + services.nginx.logError = lib.mkIf cfg.debugLog "stderr warn"; + services.nginx.appendHttpConfig = lib.mkIf cfg.accessLog '' + log_format postdata '$remote_addr - $remote_user [$time_local] ' + '"$request" <$server_name> $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent" "$gzip_ratio" ' + 'post:"$request_body"'; + + access_log syslog:server=unix:/dev/log postdata; + ''; + }; +}