nix: update inputs

[sourcephile-nix.git] / nixos / profiles / services / nginx.nix

diff --git a/nixos/profiles/services/nginx.nix b/nixos/profiles/services/nginx.nix
index 29b401172baa7f92093047901c4a234939367ce8..bb7b1f233478f554801d135e2ddc3d710c82971c 100644 (file)
--- a/nixos/profiles/services/nginx.nix
+++ b/nixos/profiles/services/nginx.nix
@@ -31,7 +31,31 @@ systemd.services.nginx = {
     LogsDirectory = lib.mkForce ["nginx"];
     StateDirectory = ["nginx"];
     StateDirectoryMode = "2770";
-    BindPaths = ["/dev/shm/nginx:/var/cache/nginx"];
+    #BindPaths = ["/dev/shm/nginx:/var/cache/nginx"];
+  };
+};
+services.logrotate = {
+  enable = true;
+  settings.nginx = {
+    files = [
+      "/var/log/nginx/*.log"
+      "/var/log/nginx/*/*.log"
+      "/var/log/nginx/*/*/*.log"
+      "/var/log/nginx/*/*/*/*.log"
+      "/var/log/nginx/*/*/*/*/*.log"
+      "/var/log/nginx/*.json"
+      "/var/log/nginx/*/*.json"
+      "/var/log/nginx/*/*/*.json"
+      "/var/log/nginx/*/*/*/*.json"
+      "/var/log/nginx/*/*/*/*/*.json"
+    ];
+    frequency = "weekly";
+    rotate = 26;
+    compress = true;
+    delaycompress = true;
+    postrotate = ''
+      [ ! -f /var/run/nginx/nginx.pid ] || kill -USR1 `cat /var/run/nginx/nginx.pid`
+    '';
   };
 };
 services.nginx = {
@@ -86,19 +110,28 @@ services.nginx = {
     log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for"';
-
-    log_format json escape=json
-      '{'
-        '"time_local":"$time_local",'
-        '"remote_addr":"$remote_addr",'
-        '"status": "$status",'
-        '"request":"$request",'
-        '"body_bytes_sent":"$body_bytes_sent",'
-        '"http_referrer":"$http_referer",'
-        '"http_user_agent":"$http_user_agent",'
-        '"remote_user":"$remote_user",'
-        '"request_time":"$request_time"'
-      '}';
+    log_format json escape=json '{'
+      '"time_local":"$time_local",'
+      '"host":"$host",'
+      '"request":"$request",'
+      '"status":"$status",'
+      '"http_referrer":"$http_referer",'
+      '"remote_addr":"$remote_addr",'
+      '"remote_user":"$remote_user",'
+      '"msec":"$msec",'
+      '"body_bytes_sent":"$body_bytes_sent",'
+      '"bytes_sent":"$bytes_sent",'
+      '"http_user_agent":"$http_user_agent",'
+      '"request_length":"$request_length",'
+      '"request_method":"$request_method",'
+      '"request_time":"$request_time",'
+      '"request_uri":"$request_uri",'
+      '"server_protocol":"$server_protocol",'
+      '"ssl_protocol":"$ssl_protocol",'
+      '"upstream_addr":"$upstream_addr",'
+      '"upstream_connect_time":"$upstream_connect_time",'
+      '"upstream_response_time":"$upstream_response_time"'
+    '}';
     charset UTF-8;
     types {
       text/html html5;
@@ -119,7 +152,7 @@ services.nginx = {
         #proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
       '';
       log = ''
-        access_log /var/log/nginx/access.log main buffer=32k;
+        access_log /var/log/nginx/access.json json;
         error_log  /var/log/nginx/error.log warn;
         open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;
       '';
@@ -156,7 +189,6 @@ services.nginx = {
         tcp_nodelay on;
         keepalive_timeout 20;
         reset_timedout_connection on;
-        types_hash_max_size 4096;
         server_names_hash_bucket_size 128;
       '';
       map = ''