Add: Agenix for caddy goaccess page

2025-10-17 22:43:24 +02:00 · 2025-10-17 22:43:24 +02:00 · 53c0163ccc
commit 53c0163ccc
parent fd12d647e4
5 changed files with 154 additions and 17 deletions
--- a/modules/services/goaccess.nix
+++ b/modules/services/goaccess.nix
@ -1,7 +1,14 @@
-{pkgs, ...}: 
+{pkgs, config, ...}: 
 let 
  globals = import ../../config/globals.nix ;
 in {
+  age.secrets.goaccess-password = {
+    file = ../../secrets/goaccess-password.age;
+    owner = "caddy";
+    group = "caddy";
+    mode = "0400";
+  };
+
  environment.systemPackages = with pkgs; [
    goaccess
  ];
@ -26,7 +33,6 @@ in {
    };
  };

-  # Timer pour régénérer le rapport toutes les heures
  systemd.timers.goaccess-report = {
    description = "Hourly GoAccess report generation";
    wantedBy = ["timers.target"];
@ -35,20 +41,43 @@ in {
      Persistent = true;
    };
  };
+
+  systemd.services."goaccess-auth-sync" = {
+    description = "Sync goaccess password for Caddy";
+    wantedBy = [ "caddy.service" ];
+    before = [ "caddy.service" ];
+    serviceConfig = {
+      Type = "oneshot";
+    ExecStart = pkgs.writeScript "sync-goaccess-auth" ''
+        #!${pkgs.bash}/bin/bash
+        mkdir -p /etc/caddy/extra
+        cp /run/agenix/goaccess-password /etc/caddy/extra/goaccess-auth.conf
+        chown caddy:caddy /etc/caddy/extra/goaccess-auth.conf
+        chmod 400 /etc/caddy/extra/goaccess-auth.conf
+      '';
+    };
+  };
+
  services.caddy = {
    virtualHosts = {
      "${globals.services.goaccess.url}" = {
        extraConfig = ''
          root * ${globals.services.goaccess.home}
+
+          basic_auth /* {
+            import /etc/caddy/extra/goaccess-auth.conf
+          }
+
          file_server browse
          try_files {path} {path}/ /index.html
-
        '';
+
      };
    };
  };

  systemd.tmpfiles.rules = [
    "d ${globals.services.goaccess.home} 0755 root root -"
+    "d /etc/caddy/extra 0750 caddy caddy -"
  ];
 }