makefu/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

download.binaergewitter.de: move logs to /var/log/nginx

Browse source
This commit is contained in:
makefu 2023-09-03 14:13:37 +02:00
parent 9b24acf518
commit f320050bb9
No known key found for this signature in database
GPG key ID: 36F7711F3FC0F225
1 changed files with 10 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
2configs/bgt/download.binaergewitter.de.nix
View file

@ -1,15 +1,19 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
with pkgs.stockholm.lib; with pkgs.stockholm.lib;
let let
ident = (builtins.readFile ./auphonic.pub); ident = (builtins.readFile ./auphonic.pub);
bgtaccess = "/var/spool/nginx/logs/binaergewitter.access.log"; nginxlogs = "/var/log/nginx";
bgterror = "/var/spool/nginx/logs/binaergewitter.error.log"; bgtaccess = "${nginxlogs}/binaergewitter.access.log";
bgterror = "${nginxlogs}/binaergewitter.error.log";
# TODO: only when the data is stored somewhere else # TODO: only when the data is stored somewhere else
wwwdir = "/var/www/binaergewitter"; wwwdir = "/var/www/binaergewitter";
storedir = "/media/cloud/www/binaergewitter"; storedir = "/media/cloud/www/binaergewitter";
in { in {
state = [ bgtaccess bgterror ];
fileSystems."${wwwdir}" = { fileSystems."${wwwdir}" = {
device = storedir; device = storedir;
options = [ "bind" ]; options = [ "bind" ];
@ -54,9 +58,9 @@ in {
}; };
# 20.09 unharden nginx to write logs # 20.09 unharden nginx to write logs
systemd.services.nginx.serviceConfig.ReadWritePaths = [ systemd.services.nginx.serviceConfig.ReadWritePaths = [ nginxlogs ];
"/var/spool/nginx/logs/" systemd.tmpfiles.rules = [ "d ${nginxlogs} 0700 nginx root - -" ];
];
sops.secrets."lego-binaergewitter" = {}; sops.secrets."lego-binaergewitter" = {};
security.acme.certs."download.binaergewitter.de" = { security.acme.certs."download.binaergewitter.de" = {
dnsProvider = "cloudflare"; dnsProvider = "cloudflare";
@ -76,7 +80,7 @@ in {
virtualHosts."download.binaergewitter.de" = { virtualHosts."download.binaergewitter.de" = {
addSSL = true; addSSL = true;
enableACME = true; enableACME = true;
serverAliases = [ "dl2.binaergewitter.de" ]; serverAliases = [ "binaergewitter.jit.computer" "podcast.savar.de" "dl2.binaergewitter.de" ];
root = "/var/www/binaergewitter"; root = "/var/www/binaergewitter";
extraConfig = '' extraConfig = ''
access_log ${bgtaccess} combined; access_log ${bgtaccess} combined;