{pkgs, config, ...}: let globals = import ../../config/globals.nix ; in { age.secrets.goaccess-password = { file = ../../secrets/goaccess-password.age; owner = "caddy"; group = "caddy"; mode = "0400"; }; environment.systemPackages = with pkgs; [ goaccess ]; environment.etc."local/bin/generate-goaccess.sh".text = '' #!/bin/sh set -eu RAW_LOG="/var/log/caddy/access-${globals.services.levr.url}.log" CLEAN_LOG="/tmp/goaccess-clean.log" REPORT="${globals.services.goaccess.home}/index.html" ${pkgs.gnugrep}/bin/grep -v '192.168.' "$RAW_LOG" > "$CLEAN_LOG" ${pkgs.goaccess}/bin/goaccess "$CLEAN_LOG" --log-format=CADDY -o "$REPORT"; ''; environment.etc."local/bin/generate-goaccess.sh".mode = "0755"; systemd.services.goaccess-report = { description = "Generate GoAccess HTML report"; serviceConfig = { ExecStart = "/etc/local/bin/generate-goaccess.sh"; }; }; systemd.timers.goaccess-report = { description = "Hourly GoAccess report generation"; wantedBy = ["timers.target"]; timerConfig = { OnCalendar = "hourly"; Persistent = true; }; }; systemd.services."goaccess-auth-sync" = { description = "Sync goaccess password for Caddy"; wantedBy = [ "caddy.service" ]; before = [ "caddy.service" ]; serviceConfig = { Type = "oneshot"; ExecStart = pkgs.writeScript "sync-goaccess-auth" '' #!${pkgs.bash}/bin/bash mkdir -p /etc/caddy/extra cp /run/agenix/goaccess-password /etc/caddy/extra/goaccess-auth.conf chown caddy:caddy /etc/caddy/extra/goaccess-auth.conf chmod 400 /etc/caddy/extra/goaccess-auth.conf ''; }; }; services.caddy = { virtualHosts = { "${globals.services.goaccess.url}" = { extraConfig = '' root * ${globals.services.goaccess.home} basic_auth /* { import /etc/caddy/extra/goaccess-auth.conf } file_server browse try_files {path} {path}/ /index.html ''; }; }; }; systemd.tmpfiles.rules = [ "d ${globals.services.goaccess.home} 0755 root root -" "d /etc/caddy/extra 0750 caddy caddy -" ]; }