split caddy logging by host and error

also add debug, admin, and other log
Revert "flake.lock: Update"
2024-12-04 18:19:08 +00:00 · 2024-08-18 15:42:30 +00:00 · 2024-08-18 15:15:05 +00:00
2 changed files with 160 additions and 69 deletions
--- a/flake.lock
+++ b/flake.lock
@ -87,11 +87,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1723859949,
-        "narHash": "sha256-kiaGz4deGYKMjJPOji/JVvSP/eTefrIA3rAjOnOpXl4=",
+        "lastModified": 1722924007,
+        "narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=",
        "owner": "lnl7",
        "repo": "nix-darwin",
-        "rev": "076b9a905af8a52b866c8db068d6da475839d97b",
+        "rev": "91010a5613ffd7ee23ee9263213157a1c422b705",
        "type": "github"
      },
      "original": {
@ -108,11 +108,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1723685519,
-        "narHash": "sha256-GkXQIoZmW2zCPp1YFtAYGg/xHNyFH/Mgm79lcs81rq0=",
+        "lastModified": 1723080788,
+        "narHash": "sha256-C5LbM5VMdcolt9zHeLQ0bYMRjUL+N+AL5pK7/tVTdes=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "276a0d055a720691912c6a34abb724e395c8e38a",
+        "rev": "ffc1f95f6c28e1c6d1e587b51a2147027a3e45ed",
        "type": "github"
      },
      "original": {
@ -145,11 +145,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1723942423,
-        "narHash": "sha256-uxstga6zuQJUWKliCb8Ji9v0AZV1vZdnOoaX8Djwv5w=",
+        "lastModified": 1723337675,
+        "narHash": "sha256-JKEthOttE4K+qLicLEFBqHcy/LHPLEAJtcVNjzWG5aY=",
        "owner": "bandithedoge",
        "repo": "nixpkgs-firefox-darwin",
-        "rev": "4a17fec79e6c600f3c2e57984197cb7834a616b0",
+        "rev": "6ffec5acd449b5f2ab4b22c271ad1670a790a1e1",
        "type": "github"
      },
      "original": {
@ -267,11 +267,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1723399884,
-        "narHash": "sha256-97wn0ihhGqfMb8WcUgzzkM/TuAxce2Gd20A8oiruju4=",
+        "lastModified": 1723015306,
+        "narHash": "sha256-jQnFEtH20/OsDPpx71ntZzGdRlpXhUENSQCGTjn//NA=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "086f619dd991a4d355c07837448244029fc2d9ab",
+        "rev": "b3d5ea65d88d67d4ec578ed11d4d2d51e3de525e",
        "type": "github"
      },
      "original": {
@ -307,11 +307,11 @@
    "markview-nvim-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1723885833,
-        "narHash": "sha256-Z7iy0LW9WjH4U9dhX3zCyCTnsZZMlMCHJnn8xku6osU=",
+        "lastModified": 1723341339,
+        "narHash": "sha256-/82M85uv63L/rCMTU/w1LRJgg1F5CYl7881Vq9UPDKo=",
        "owner": "OXY2DEV",
        "repo": "markview.nvim",
-        "rev": "738ddc0390449c0652f34b99a6cbe0699b2fcf58",
+        "rev": "c9fa1065098663c3bfe7e07656937c3d2f3dabea",
        "type": "github"
      },
      "original": {
@ -362,7 +362,7 @@
    "nextcloud-snappymail": {
      "flake": false,
      "locked": {
-        "lastModified": 1723952471,
+        "lastModified": 1723347706,
        "narHash": "sha256-HlqO7xlMSRGgBtwi0t5oz5v7iw0zTSHysc9wGVRwGZI=",
        "type": "tarball",
        "url": "https://snappymail.eu/repository/nextcloud/snappymail-2.36.4-nextcloud.tar.gz"
@ -395,11 +395,11 @@
    },
    "nixlib": {
      "locked": {
-        "lastModified": 1723337705,
-        "narHash": "sha256-znSU0DeNDPt7+LMAfFkvKloMaeQ6yl/U5SqV/ktl1vA=",
+        "lastModified": 1722732880,
+        "narHash": "sha256-do2Mfm3T6SR7a5A804RhjQ+JTsF5hk4JTPGjCTRM/m8=",
        "owner": "nix-community",
        "repo": "nixpkgs.lib",
-        "rev": "ace7856d327b618d3777e31b1f224b3ab57ed71a",
+        "rev": "8bebd4c74f368aacb047f0141db09ec6b339733c",
        "type": "github"
      },
      "original": {
@ -416,11 +416,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1723870831,
-        "narHash": "sha256-rXQKvogLHY3BxRVVt5unpbi0zpRf965f57gplWSzQ5k=",
+        "lastModified": 1723078345,
+        "narHash": "sha256-HSxOQEKNZXiJe9aWnckTTCThOhcRCabwHa32IduDKLk=",
        "owner": "nix-community",
        "repo": "nixos-generators",
-        "rev": "32e9d82bada67fc5155e8d4d99b6fc3a1765bfdc",
+        "rev": "d6c5d29f58acc10ea82afff1de2b28f038f572bd",
        "type": "github"
      },
      "original": {
@ -431,11 +431,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1723637854,
-        "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=",
+        "lastModified": 1723175592,
+        "narHash": "sha256-M0xJ3FbDUc4fRZ84dPGx5VvgFsOzds77KiBMW/mMTnI=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9",
+        "rev": "5e0ca22929f3342b19569b21b2f3462f053e497b",
        "type": "github"
      },
      "original": {
@ -463,11 +463,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1723949656,
-        "narHash": "sha256-4C7TBGD97Vj6gDbw3n+uw7sxGUD1PkJgMsn/UYyaNRs=",
+        "lastModified": 1723345421,
+        "narHash": "sha256-KJ/+Q43cumayNUUvz6VCImL6PcRYnLuupDnXg9mA+xo=",
        "owner": "nix-community",
        "repo": "nur",
-        "rev": "eefd7f643ffeb25543019d48952e66ddae3da583",
+        "rev": "638e850bd503b43214c8e39a838c625f011d9b10",
        "type": "github"
      },
      "original": {
@ -479,11 +479,11 @@
    "nvim-lint-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1723839733,
-        "narHash": "sha256-V35ivsZnL9M5ge7E+7fqcLjjM3xsDGCLmxTmQ8iZNiA=",
+        "lastModified": 1723296187,
+        "narHash": "sha256-PoCx65jQGEoKFyedNs1IoQFcsw7jd3kEbRyZE8mkSzA=",
        "owner": "mfussenegger",
        "repo": "nvim-lint",
-        "rev": "debabca63c0905b59ce596a55a8e33eafdf66342",
+        "rev": "ad0fe35e80f5cd31a0f19176d7b30e5c3011119d",
        "type": "github"
      },
      "original": {
@ -528,11 +528,11 @@
    "nvim-treesitter-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1723928672,
-        "narHash": "sha256-VqAaWEkLmIXZnFyY1PsfFRrVH2gen9ONkUEKIlJCpik=",
+        "lastModified": 1723278970,
+        "narHash": "sha256-KF/5Ng0mzrZv/ghyAeEJWuyP0SwA5JKNJCg8Ozoob8g=",
        "owner": "nvim-treesitter",
        "repo": "nvim-treesitter",
-        "rev": "6d74da7f0a29c35ee7636e157e72dd221e8d6197",
+        "rev": "8a966f32c973511f9697264b3533e9846d29fd09",
        "type": "github"
      },
      "original": {
@ -734,11 +734,11 @@
    "tiny-inline-diagnostic-nvim-src": {
      "flake": false,
      "locked": {
-        "lastModified": 1723808284,
-        "narHash": "sha256-RFX4iPDDG7s+jN8uLqv4oHhddsqVBYP+oyFycaBKIsg=",
+        "lastModified": 1723294442,
+        "narHash": "sha256-Y2Suu8ISSKRvgVTEYo9Fl8+Z4d6ZjhtFGXjt0x2iw30=",
        "owner": "rachartier",
        "repo": "tiny-inline-diagnostic.nvim",
-        "rev": "957e1a4710f2cbad66b747c579ab8b450bda9dd6",
+        "rev": "7b212b214aed37d8ae1a26ac6ca9593223a23ddb",
        "type": "github"
      },
      "original": {
@ -833,11 +833,11 @@
    "tree-sitter-python": {
      "flake": false,
      "locked": {
-        "lastModified": 1723942537,
-        "narHash": "sha256-x9PTCiwa5hVLLqc3wFfI68KCyOlx6XtcTCJynZ0fDSk=",
+        "lastModified": 1721001135,
+        "narHash": "sha256-H6t98tuXJW2VD5Ay+rOfnp9p5ZljyPxvtIy60PycMUQ=",
        "owner": "tree-sitter",
        "repo": "tree-sitter-python",
-        "rev": "55a9b8a4fbfbaf0d10cdd47dd4a9d02606c4c218",
+        "rev": "0dee05ef958ba2eae88d1e65f24b33cad70d4367",
        "type": "github"
      },
      "original": {
--- a/modules/nixos/services/caddy.nix
+++ b/modules/nixos/services/caddy.nix
@ -58,38 +58,129 @@
      }
    ];

-    services.caddy = {
-      adapter = "''"; # Required to enable JSON
-      configFile = pkgs.writeText "Caddyfile" (
-        builtins.toJSON {
-          apps.http.servers.main = {
-            listen = [ ":443" ];
+    services.caddy =
+      let
+        default_logger_name = "other";
+        roll_size_mb = 10;
+        # Extract list of hostnames (fqdns) from current caddy routes
+        getHostnameFromMatch = match: if (lib.hasAttr "host" match) then match.host else [ ];
+        getHostnameFromRoute =
+          route:
+          if (lib.hasAttr "match" route) then (lib.concatMap getHostnameFromMatch route.match) else [ ];
+        hostnames_non_unique = lib.concatMap getHostnameFromRoute config.caddy.routes;
+        hostnames = lib.unique hostnames_non_unique;
+        # Create attrset of subdomains to their fqdns
+        hostname_map = builtins.listToAttrs (
+          map (hostname: {
+            name = builtins.head (lib.splitString "." hostname);
+            value = hostname;
+          }) hostnames
+        );
+      in
+      {
+        adapter = "''"; # Required to enable JSON
+        configFile = pkgs.writeText "Caddyfile" (
+          builtins.toJSON {
+            apps.http.servers.main = {
+              listen = [ ":443" ];

-            # These routes are pulled from the rest of this repo
-            routes = config.caddy.routes;
-            errors.routes = config.caddy.blocks;
+              # These routes are pulled from the rest of this repo
+              routes = config.caddy.routes;
+              errors.routes = config.caddy.blocks;

-            logs = { }; # Uncommenting collects access logs
-          };
-          apps.http.servers.metrics = { }; # Enables Prometheus metrics
-          apps.tls.automation.policies = config.caddy.tlsPolicies;
-
-          # Setup logging to file
-          logging.logs.main = {
-            encoder = {
-              format = "console";
+              # Uncommenting collects access logs
+              logs = {
+                inherit default_logger_name;
+                # Invert hostnames keys and values
+                logger_names = lib.mapAttrs' (name: value: {
+                  name = value;
+                  value = name;
+                }) hostname_map;
+              };
            };
-            writer = {
-              output = "file";
-              filename = "${config.services.caddy.logDir}/caddy.log";
-              roll = true;
-              roll_size_mb = 1;
-            };
-            level = "INFO";
-          };
-        }
-      );
-    };
+            apps.http.servers.metrics = { }; # Enables Prometheus metrics
+            apps.tls.automation.policies = config.caddy.tlsPolicies;
+
+            # Setup logging to journal and files
+            logging.logs =
+              {
+                # System logs and catch-all
+                # Must be called `default` to override Caddy's built-in default logger
+                default = {
+                  level = "INFO";
+                  encoder.format = "console";
+                  writer = {
+                    output = "stderr";
+                  };
+                  exclude = map (hostname: "http.log.access.${hostname}") (builtins.attrNames hostname_map);
+                };
+                # This is for the default access logs (anything not captured by hostname)
+                other = {
+                  level = "INFO";
+                  encoder.format = "json";
+                  writer = {
+                    output = "file";
+                    filename = "${config.services.caddy.logDir}/other.log";
+                    roll = true;
+                    inherit roll_size_mb;
+                  };
+                  include = [ "http.log.access.${default_logger_name}" ];
+                };
+                # This is for using the Caddy API, which will probably never happen
+                admin = {
+                  level = "INFO";
+                  encoder.format = "json";
+                  writer = {
+                    output = "file";
+                    filename = "${config.services.caddy.logDir}/admin.log";
+                    roll = true;
+                    inherit roll_size_mb;
+                  };
+                  include = [ "admin.api" ];
+                };
+                # This is for debugging
+                debug = {
+                  level = "DEBUG";
+                  encoder.format = "console";
+                  writer = {
+                    output = "file";
+                    filename = "${config.services.caddy.logDir}/debug.log";
+                    roll = true;
+                    roll_keep = 1;
+                    inherit roll_size_mb;
+                  };
+                };
+              }
+              # These are the access logs for individual hostnames
+              // (lib.mapAttrs (name: value: {
+                level = "INFO";
+                encoder.format = "json";
+                writer = {
+                  output = "file";
+                  filename = "${config.services.caddy.logDir}/${name}-access.log";
+                  roll = true;
+                  inherit roll_size_mb;
+                };
+                include = [ "http.log.access.${name}" ];
+              }) hostname_map)
+              # We also capture just the errors separately for easy debugging
+              // (lib.mapAttrs' (name: value: {
+                name = "${name}-error";
+                value = {
+                  level = "ERROR";
+                  encoder.format = "json";
+                  writer = {
+                    output = "file";
+                    filename = "${config.services.caddy.logDir}/${name}-error.log";
+                    roll = true;
+                    inherit roll_size_mb;
+                  };
+                  include = [ "http.log.access.${name}" ];
+                };
+              }) hostname_map);
+          }
+        );
+      };

    systemd.services.caddy.serviceConfig = {
Author	SHA1	Message	Date
Noah Masur	9fb7f68b07	split caddy logging by host and error also add debug, admin, and other log	2024-08-18 15:42:30 +00:00
Noah Masur	845fc000b6	Revert "flake.lock: Update" This reverts commit `0b0556f057`.	2024-08-18 15:15:05 +00:00