falkenstein: configure log retention

hosts/falkenstein/default.nix

@@ -5,6 +5,7 @@
       # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ./modules/backup
+      ./modules/logging
       ./modules/dns
       ./modules/fail2ban
       ./modules/mail

hosts/falkenstein/modules/logging/default.nix

@@ -0,0 +1,36 @@
+{ pkgs, ... }:
+{
+  services.rsyslogd = {
+    enable = true;
+    defaultConfig = ''
+      :programname, isequal, "postfix" /var/log/postfix.log
+
+      auth.*                          -/var/log/auth.log
+    '';
+  };
+  services.logrotate.configFile = pkgs.writeText "logrotate.conf" ''
+    weekly
+    missingok
+    notifempty
+    rotate 4
+    "/var/log/postfix.log" {
+      compress
+      delaycompress
+      weekly
+      rotate 156
+      dateext
+      dateformat .%Y-%m-%d
+      extension log
+    }
+    "/var/log/nginx/*.log" {
+      compress
+      delaycompress
+      weekly
+      postrotate
+        [ ! -f /var/run/nginx/nginx.pid ] || kill -USR1 `cat /var/run/nginx/nginx.pid`
+      endscript
+      rotate 26
+      su nginx nginx
+    }
+  '';
+}

overlays/default.nix

@@ -15,6 +15,30 @@ in
     # freeimage is broken
     withBackends = [ "libtiff" "libjpeg" "libpng" "librsvg" "libheif" ];
   };
+  # don't compile the bloat
+  rsyslog = prev.rsyslog.override {
+    withMysql = false;
+    withJemalloc = false;
+    withPostgres = false;
+    withUuid = false;
+    withCurl = false;
+    withDbi = false;
+    withNetSnmp = false;
+    withGnutls = false;
+    withGcrypt = false;
+    withLognorm = false;
+    withMaxminddb = false;
+    withOpenssl = false;
+    withRelp = false;
+    withKsi = false;
+    withLogging = false;
+    withHadoop = false;
+    withRdkafka = false;
+    withMongo = false;
+    withCzmq = false;
+    withRabbitmq = false;
+    withHiredis = false;
+  };
 
   gnome-break-timer = callPackage ../pkgs/gnome-break-timer { };
   jmri = callPackage ../pkgs/jmri { };