{ config, lib, pkgs, ... }: let domain = "schulischer-schabernack.de"; in { services.nginx = { commonHttpConfig = '' # privacy-aware log format log_format schabernack '$remote_addr_schabernack - - [$time_local] "$request" $status $body_bytes_sent "-" "$http_user_agent"'; # anonymise ip address map $remote_addr $remote_addr_schabernack { ~(?P\d+\.\d+)\. $ip.0.0; ~(?P[^:]+:[^:]+): $ip::; default 0.0.0.0; } ''; virtualHosts = { ${domain} = { forceSSL = true; enableACME = true; root = "/var/www/schabernack"; # only log page views, rss feed access, media file download and embed views extraConfig = '' location ~ index\.html|rss\.xml|\.(opus|m4a|ogg|mp3|\.podlove.json)$ { access_log /var/log/nginx/schabernack.log schabernack; } ''; }; "www.${domain}" = { forceSSL = true; enableACME = true; globalRedirect = domain; extraConfig = '' access_log off; ''; }; }; }; }