pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / system / boot / systemd / journald.nix
at 25.11-pre 6.0 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 utils, 6 ... 7}: 8let 9 cfg = config.services.journald; 10in 11{ 12 imports = [ 13 (lib.mkRenamedOptionModule 14 [ "services" "journald" "enableHttpGateway" ] 15 [ "services" "journald" "gateway" "enable" ] 16 ) 17 ]; 18 19 options = { 20 services.journald.console = lib.mkOption { 21 default = ""; 22 type = lib.types.str; 23 description = "If non-empty, write log messages to the specified TTY device."; 24 }; 25 26 services.journald.rateLimitInterval = lib.mkOption { 27 default = "30s"; 28 type = lib.types.str; 29 description = '' 30 Configures the rate limiting interval that is applied to all 31 messages generated on the system. This rate limiting is applied 32 per-service, so that two services which log do not interfere with 33 each other's limit. The value may be specified in the following 34 units: s, min, h, ms, us. To turn off any kind of rate limiting, 35 set either value to 0. 36 37 See {option}`services.journald.rateLimitBurst` for important 38 considerations when setting this value. 39 ''; 40 }; 41 42 services.journald.storage = lib.mkOption { 43 default = "persistent"; 44 type = lib.types.enum [ 45 "persistent" 46 "volatile" 47 "auto" 48 "none" 49 ]; 50 description = '' 51 Controls where to store journal data. See 52 {manpage}`journald.conf(5)` for further information. 53 ''; 54 }; 55 56 services.journald.rateLimitBurst = lib.mkOption { 57 default = 10000; 58 type = lib.types.int; 59 description = '' 60 Configures the rate limiting burst limit (number of messages per 61 interval) that is applied to all messages generated on the system. 62 This rate limiting is applied per-service, so that two services 63 which log do not interfere with each other's limit. 64 65 Note that the effective rate limit is multiplied by a factor derived 66 from the available free disk space for the journal as described on 67 {manpage}`journald.conf(5)`. 68 69 Note that the total amount of logs stored is limited by journald settings 70 such as `SystemMaxUse`, which defaults to 10% the file system size 71 (capped at max 4GB), and `SystemKeepFree`, which defaults to 15% of the 72 file system size. 73 74 It is thus recommended to compute what period of time that you will be 75 able to store logs for when an application logs at full burst rate. 76 With default settings for log lines that are 100 Bytes long, this can 77 amount to just a few hours. 78 ''; 79 }; 80 81 services.journald.audit = lib.mkOption { 82 default = null; 83 type = lib.types.nullOr lib.types.bool; 84 description = '' 85 If enabled systemd-journald will turn on auditing on start-up. 86 If disabled it will turn it off. If unset it will neither enable nor disable it, leaving the previous state unchanged. 87 88 NixOS defaults to leaving this unset as enabling audit without auditd running leads to spamming /dev/kmesg with random messages 89 and if you enable auditd then auditd is responsible for turning auditing on. 90 91 If you want to have audit logs in journald and do not mind audit logs also ending up in /dev/kmesg you can set this option to true. 92 93 If you want to for some ununderstandable reason disable auditing if auditd enabled it then you can set this option to false. 94 It is of NixOS' opinion that setting this to false is definitely the wrong thing to do - but it's an option. 95 ''; 96 }; 97 98 services.journald.extraConfig = lib.mkOption { 99 default = ""; 100 type = lib.types.lines; 101 example = "Storage=volatile"; 102 description = '' 103 Extra config options for systemd-journald. See {manpage}`journald.conf(5)` 104 for available options. 105 ''; 106 }; 107 108 services.journald.forwardToSyslog = lib.mkOption { 109 default = config.services.rsyslogd.enable || config.services.syslog-ng.enable; 110 defaultText = lib.literalExpression "services.rsyslogd.enable || services.syslog-ng.enable"; 111 type = lib.types.bool; 112 description = '' 113 Whether to forward log messages to syslog. 114 ''; 115 }; 116 }; 117 118 config = { 119 systemd.additionalUpstreamSystemUnits = 120 [ 121 "systemd-journald.socket" 122 "systemd-journald@.socket" 123 "systemd-journald-varlink@.socket" 124 "systemd-journald.service" 125 "systemd-journald@.service" 126 "systemd-journal-flush.service" 127 "systemd-journal-catalog-update.service" 128 "systemd-journald-sync@.service" 129 ] 130 ++ (lib.optional (!config.boot.isContainer) "systemd-journald-audit.socket") 131 ++ [ 132 "systemd-journald-dev-log.socket" 133 "syslog.socket" 134 ]; 135 136 systemd.sockets.systemd-journald-audit.wantedBy = [ 137 "systemd-journald.service" 138 "sockets.target" 139 ]; 140 141 environment.etc = { 142 "systemd/journald.conf".text = '' 143 [Journal] 144 Storage=${cfg.storage} 145 RateLimitInterval=${cfg.rateLimitInterval} 146 RateLimitBurst=${toString cfg.rateLimitBurst} 147 ${lib.optionalString (cfg.console != "") '' 148 ForwardToConsole=yes 149 TTYPath=${cfg.console} 150 ''} 151 ${lib.optionalString (cfg.forwardToSyslog) '' 152 ForwardToSyslog=yes 153 ''} 154 Audit=${utils.systemdUtils.lib.toOption cfg.audit} 155 ${cfg.extraConfig} 156 ''; 157 }; 158 159 users.groups.systemd-journal.gid = config.ids.gids.systemd-journal; 160 161 systemd.services.systemd-journal-flush.restartIfChanged = false; 162 systemd.services.systemd-journald.restartTriggers = [ 163 config.environment.etc."systemd/journald.conf".source 164 ]; 165 systemd.services.systemd-journald.stopIfChanged = false; 166 systemd.services."systemd-journald@".restartTriggers = [ 167 config.environment.etc."systemd/journald.conf".source 168 ]; 169 systemd.services."systemd-journald@".stopIfChanged = false; 170 }; 171}