core: configure log retention

2024-03-14 23:59:42 +01:00 · 2024-03-14 23:59:42 +01:00 · 66a554a13b
parent d1c2ece3ea
commit 66a554a13b
2 changed files with 37 additions and 0 deletions
--- a/modules/core/default.nix
+++ b/modules/core/default.nix
@ -2,6 +2,7 @@
 {
  imports = [
    ./base.nix
+    ./logging.nix
    ./bacula.nix
    ./fail2ban.nix
    ./initrd-ssh.nix
--- a/modules/core/logging.nix
+++ b/modules/core/logging.nix
@ -0,0 +1,36 @@
+{ pkgs, ... }:
+{
+  services.rsyslogd = {
+    enable = true;
+    defaultConfig = ''
+      :programname, isequal, "postfix" /var/log/postfix.log
+
+      auth.*                          -/var/log/auth.log
+    '';
+  };
+  services.logrotate.configFile = pkgs.writeText "logrotate.conf" ''
+    weekly
+    missingok
+    notifempty
+    rotate 4
+    "/var/log/postfix.log" {
+      compress
+      delaycompress
+      weekly
+      rotate 156
+      dateext
+      dateformat .%Y-%m-%d
+      extension log
+    }
+    "/var/log/nginx/*.log" {
+      compress
+      delaycompress
+      weekly
+      postrotate
+        [ ! -f /var/run/nginx/nginx.pid ] || kill -USR1 `cat /var/run/nginx/nginx.pid`
+      endscript
+      rotate 26
+      su nginx nginx
+    }
+  '';
+}