nginx: add access log prometheus exporter

MarcelCoding · MarcelCoding · commit aa9373000873 · 2025-03-27T20:23:24.000+01:00
diff --git a/modules/dd-ix/nginx.nix b/modules/dd-ix/nginx.nix
@@ -1,4 +1,7 @@
+{ lib, config, ... }:
+
 let
+  enable = config.services.nginx.enable;
   headers = ''
     # Permissions Policy - gps only
     more_set_headers "Permissions-Policy: geolocation=()";
@@ -25,14 +28,27 @@ let
   '';
 in
 {
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
-  services.nginx = {
-    recommendedZstdSettings = true;
-    recommendedTlsSettings = true;
-    recommendedProxySettings = true;
-    recommendedOptimisation = true;
-    recommendedGzipSettings = true;
-    recommendedBrotliSettings = true;
-    commonServerConfig = headers;
+  networking.firewall.allowedTCPPorts = lib.mkIf enable [ 80 443 ];
+  services = {
+    nginx = {
+      recommendedZstdSettings = true;
+      recommendedTlsSettings = true;
+      recommendedProxySettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedBrotliSettings = true;
+      commonServerConfig = headers;
+    };
+    prometheus.exporters.nginxlog = lib.mkIf enable {
+      enable = true;
+      group = "nginx";
+      settings.namespaces = [{
+        name = "nginx";
+        source.files = [ "/var/log/nginx/access.log" ];
+        # default value extracted from:
+        # https://nginx.org/en/docs/http/ngx_http_log_module.html#log_format
+        format = "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\"";
+      }];
+    };
   };
 }
diff --git a/modules/obs/prometheus-all.nix b/modules/obs/prometheus-all.nix
@@ -51,6 +51,24 @@ in
             listAddress;
         }];
       }
+      {
+        job_name = "nginxlog_exporter";
+        static_configs = [{
+          targets =
+            let
+              # filters out all the systems where monitoring is turned off
+              monitoredSystems = builtins.filter (x: x.config.services.prometheus.exporters.nginxlog.enable) allSystems;
+
+              # turns the hostname into an address
+              extractAddress = host: "${host.config.dd-ix.hostName}.dd-ix.net:9117";
+
+              # list of addresses
+              listAddress = builtins.map extractAddress monitoredSystems;
+
+            in
+            listAddress;
+        }];
+      }
       {
         job_name = "openrc_exporter";
         static_configs = [{
