palo
/
nixos-config
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases Wiki Activity

nextcloud: add logging

feature/hass
Ingolf Wagner 2020-03-07 02:02:43 +08:00
parent 212c2f4412
commit 0b6d4ff2e2
Signed by: palo
GPG Key ID: 76BF5F1928B9618B
2 changed files with 61 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
configs/workhorse/nextcloud.nix
View File

@ -1,7 +1,14 @@
{ pkgs, ... }: {
{ pkgs, ... }:
let
hostAddress = "192.168.100.10";
containerAddress = "192.168.100.11";
in {
# setup nextcloud in a container
containers.nextcloud = {
# mount host folders
bindMounts = {
rootpassword = {
hostPath = toString <secrets/nextcloud/root_password>;
@ -37,16 +44,51 @@
};
};
# container network setup
# see also nating on host system.
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.11";
hostAddress = hostAddress;
localAddress = containerAddress;
autoStart = true;
config = { config, pkgs, ... }: {
config = { config, pkgs, lib, ... }: {
imports = [ <modules> <krops-lib> ];
services.nginx = {
# Use recommended settings
recommendedGzipSettings = lib.mkDefault true;
recommendedOptimisation = lib.mkDefault true;
recommendedProxySettings = lib.mkDefault true;
recommendedTlsSettings = lib.mkDefault true;
# for graylog logging
commonHttpConfig = let
access_log_sink = "${hostAddress}:12304";
error_log_sink = "${hostAddress}:12305";
in ''
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
'"facility": "nginx", '
'"remote_addr": "$remote_addr", '
'"body_bytes_sent": $body_bytes_sent, '
'"request_time": $request_time, '
'"response_status": $status, '
'"request": "$request", '
'"request_method": "$request_method", '
'"host": "$host",'
'"upstream_cache_status": "$upstream_cache_status",'
'"upstream_addr": "$upstream_addr",'
'"http_x_forwarded_for": "$http_x_forwarded_for",'
'"http_referrer": "$http_referer", '
'"http_user_agent": "$http_user_agent" }';
access_log syslog:server=${access_log_sink} graylog2_json;
error_log syslog:server=${error_log_sink};
'';
};
# don't forget the database backup before doing this
# https://docs.nextcloud.com/server/stable/admin_manual/maintenance/backup.html
# https://docs.nextcloud.com/server/stable/admin_manual/maintenance/upgrade.html
@ -113,7 +155,7 @@
config = {
adminpassFile = toString <secrets/nextcloud/root_password>;
overwriteProtocol = "https";
trustedProxies = [ "195.201.134.247" "192.168.100.11" ];
trustedProxies = [ "195.201.134.247" hostAddress ];
dbtype = "mysql";
dbpassFile = toString config.krops.userKeys."nextcloud".target;
dbport = 3306;
@ -128,6 +170,10 @@
};
environment.systemPackages = [ pkgs.smbclient ];
# send log to host systems graylog (use tinc or wireguard if host is not graylog)
services.SystemdJournal2Gelf.enable = true;
services.SystemdJournal2Gelf.graylogServer = "${hostAddress}:11201";
};
};
@ -139,6 +185,12 @@
# don't let networkmanager manger container network
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
# open ports for logging
networking.firewall.interfaces."ve-nextcloud".allowedTCPPorts =
[ 11201 12304 12305 ];
networking.firewall.interfaces."ve-nextcloud".allowedUDPPorts =
[ 11201 12304 12305 ];
# host nginx setup
services.nginx = {
enable = true;
@ -150,7 +202,7 @@
# "nextcloud.gaykraft.com"
];
locations."/" = {
proxyPass = "http://192.168.100.11";
proxyPass = "http://${containerAddress}";
extraConfig = ''
# allow big uploads
# -----------------

3
system/all/nginx.nix
View File

@ -4,14 +4,15 @@ let
error_log_sink = "workhorse.private:12305";
in {
# for graylog logging
services.nginx = {
# Use recommended settings
recommendedGzipSettings = lib.mkDefault true;
recommendedOptimisation = lib.mkDefault true;
recommendedProxySettings = lib.mkDefault true;
recommendedTlsSettings = lib.mkDefault true;
# for graylog logging
commonHttpConfig = ''
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
'"facility": "nginx", '