2025-10-17 22:43:24 +02:00
|
|
|
{pkgs, config, ...}:
|
2025-10-09 15:34:37 +02:00
|
|
|
let
|
2025-10-09 17:40:43 +02:00
|
|
|
globals = import ../../config/globals.nix ;
|
2025-10-09 15:34:37 +02:00
|
|
|
in {
|
2025-10-17 22:43:24 +02:00
|
|
|
age.secrets.goaccess-password = {
|
|
|
|
|
file = ../../secrets/goaccess-password.age;
|
|
|
|
|
owner = "caddy";
|
|
|
|
|
group = "caddy";
|
|
|
|
|
mode = "0400";
|
|
|
|
|
};
|
|
|
|
|
|
2025-09-24 23:33:06 +02:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
goaccess
|
|
|
|
|
];
|
|
|
|
|
|
2025-10-16 10:27:26 +02:00
|
|
|
environment.etc."local/bin/generate-goaccess.sh".text = ''
|
|
|
|
|
#!/bin/sh
|
|
|
|
|
set -eu
|
|
|
|
|
|
|
|
|
|
RAW_LOG="/var/log/caddy/access-${globals.services.levr.url}.log"
|
|
|
|
|
CLEAN_LOG="/tmp/goaccess-clean.log"
|
|
|
|
|
REPORT="${globals.services.goaccess.home}/index.html"
|
|
|
|
|
|
|
|
|
|
${pkgs.gnugrep}/bin/grep -v '192.168.' "$RAW_LOG" > "$CLEAN_LOG"
|
|
|
|
|
${pkgs.goaccess}/bin/goaccess "$CLEAN_LOG" --log-format=CADDY -o "$REPORT";
|
|
|
|
|
'';
|
|
|
|
|
environment.etc."local/bin/generate-goaccess.sh".mode = "0755";
|
|
|
|
|
|
2025-09-24 23:33:06 +02:00
|
|
|
systemd.services.goaccess-report = {
|
|
|
|
|
description = "Generate GoAccess HTML report";
|
|
|
|
|
serviceConfig = {
|
2025-10-16 10:27:26 +02:00
|
|
|
ExecStart = "/etc/local/bin/generate-goaccess.sh";
|
2025-09-24 23:33:06 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.timers.goaccess-report = {
|
|
|
|
|
description = "Hourly GoAccess report generation";
|
2025-10-05 08:20:57 +02:00
|
|
|
wantedBy = ["timers.target"];
|
2025-09-24 23:33:06 +02:00
|
|
|
timerConfig = {
|
|
|
|
|
OnCalendar = "hourly";
|
|
|
|
|
Persistent = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
2025-10-17 22:43:24 +02:00
|
|
|
|
|
|
|
|
systemd.services."goaccess-auth-sync" = {
|
|
|
|
|
description = "Sync goaccess password for Caddy";
|
|
|
|
|
wantedBy = [ "caddy.service" ];
|
|
|
|
|
before = [ "caddy.service" ];
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
ExecStart = pkgs.writeScript "sync-goaccess-auth" ''
|
|
|
|
|
#!${pkgs.bash}/bin/bash
|
|
|
|
|
mkdir -p /etc/caddy/extra
|
|
|
|
|
cp /run/agenix/goaccess-password /etc/caddy/extra/goaccess-auth.conf
|
|
|
|
|
chown caddy:caddy /etc/caddy/extra/goaccess-auth.conf
|
|
|
|
|
chmod 400 /etc/caddy/extra/goaccess-auth.conf
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2025-09-24 23:33:06 +02:00
|
|
|
services.caddy = {
|
|
|
|
|
virtualHosts = {
|
2025-10-09 17:40:43 +02:00
|
|
|
"${globals.services.goaccess.url}" = {
|
2025-09-24 23:33:06 +02:00
|
|
|
extraConfig = ''
|
2025-10-09 15:34:37 +02:00
|
|
|
root * ${globals.services.goaccess.home}
|
2025-10-17 22:43:24 +02:00
|
|
|
|
|
|
|
|
basic_auth /* {
|
|
|
|
|
import /etc/caddy/extra/goaccess-auth.conf
|
|
|
|
|
}
|
|
|
|
|
|
2025-09-24 23:33:06 +02:00
|
|
|
file_server browse
|
|
|
|
|
try_files {path} {path}/ /index.html
|
2025-10-05 08:20:57 +02:00
|
|
|
'';
|
2025-10-17 22:43:24 +02:00
|
|
|
|
2025-09-24 23:33:06 +02:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
2025-10-16 10:27:26 +02:00
|
|
|
|
|
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
|
"d ${globals.services.goaccess.home} 0755 root root -"
|
2025-10-17 22:43:24 +02:00
|
|
|
"d /etc/caddy/extra 0750 caddy caddy -"
|
2025-10-16 10:27:26 +02:00
|
|
|
];
|
2025-10-05 08:20:57 +02:00
|
|
|
}
|
