pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / system / boot / systemd / journald.nix
at master 5.9 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 utils, 6 ... 7}: 8let 9 cfg = config.services.journald; 10in 11{ 12 imports = [ 13 (lib.mkRenamedOptionModule 14 [ "services" "journald" "enableHttpGateway" ] 15 [ "services" "journald" "gateway" "enable" ] 16 ) 17 ]; 18 19 options = { 20 services.journald.console = lib.mkOption { 21 default = ""; 22 type = lib.types.str; 23 description = "If non-empty, write log messages to the specified TTY device."; 24 }; 25 26 services.journald.rateLimitInterval = lib.mkOption { 27 default = "30s"; 28 type = lib.types.str; 29 description = '' 30 Configures the rate limiting interval that is applied to all 31 messages generated on the system. This rate limiting is applied 32 per-service, so that two services which log do not interfere with 33 each other's limit. The value may be specified in the following 34 units: s, min, h, ms, us. To turn off any kind of rate limiting, 35 set either value to 0. 36 37 See {option}`services.journald.rateLimitBurst` for important 38 considerations when setting this value. 39 ''; 40 }; 41 42 services.journald.storage = lib.mkOption { 43 default = "persistent"; 44 type = lib.types.enum [ 45 "persistent" 46 "volatile" 47 "auto" 48 "none" 49 ]; 50 description = '' 51 Controls where to store journal data. See 52 {manpage}`journald.conf(5)` for further information. 53 ''; 54 }; 55 56 services.journald.rateLimitBurst = lib.mkOption { 57 default = 10000; 58 type = lib.types.int; 59 description = '' 60 Configures the rate limiting burst limit (number of messages per 61 interval) that is applied to all messages generated on the system. 62 This rate limiting is applied per-service, so that two services 63 which log do not interfere with each other's limit. 64 65 Note that the effective rate limit is multiplied by a factor derived 66 from the available free disk space for the journal as described on 67 {manpage}`journald.conf(5)`. 68 69 Note that the total amount of logs stored is limited by journald settings 70 such as `SystemMaxUse`, which defaults to 10% the file system size 71 (capped at max 4GB), and `SystemKeepFree`, which defaults to 15% of the 72 file system size. 73 74 It is thus recommended to compute what period of time that you will be 75 able to store logs for when an application logs at full burst rate. 76 With default settings for log lines that are 100 Bytes long, this can 77 amount to just a few hours. 78 ''; 79 }; 80 81 services.journald.audit = lib.mkOption { 82 default = null; 83 type = lib.types.nullOr lib.types.bool; 84 description = '' 85 If enabled systemd-journald will turn on auditing on start-up. 86 If disabled it will turn it off. If unset it will neither enable nor disable it, leaving the previous state unchanged. 87 88 NixOS defaults to leaving this unset as enabling audit without auditd running leads to spamming /dev/kmesg with random messages 89 and if you enable auditd then auditd is responsible for turning auditing on. 90 91 If you want to have audit logs in journald and do not mind audit logs also ending up in /dev/kmesg you can set this option to true. 92 93 If you want to for some ununderstandable reason disable auditing if auditd enabled it then you can set this option to false. 94 It is of NixOS' opinion that setting this to false is definitely the wrong thing to do - but it's an option. 95 ''; 96 }; 97 98 services.journald.extraConfig = lib.mkOption { 99 default = ""; 100 type = lib.types.lines; 101 example = "Storage=volatile"; 102 description = '' 103 Extra config options for systemd-journald. See {manpage}`journald.conf(5)` 104 for available options. 105 ''; 106 }; 107 108 services.journald.forwardToSyslog = lib.mkOption { 109 default = config.services.rsyslogd.enable || config.services.syslog-ng.enable; 110 defaultText = lib.literalExpression "services.rsyslogd.enable || services.syslog-ng.enable"; 111 type = lib.types.bool; 112 description = '' 113 Whether to forward log messages to syslog. 114 ''; 115 }; 116 }; 117 118 config = { 119 systemd.additionalUpstreamSystemUnits = [ 120 "systemd-journald.socket" 121 "systemd-journald@.socket" 122 "systemd-journald-varlink@.socket" 123 "systemd-journald.service" 124 "systemd-journald@.service" 125 "systemd-journal-flush.service" 126 "systemd-journal-catalog-update.service" 127 "systemd-journald-sync@.service" 128 "systemd-journald-audit.socket" 129 "systemd-journald-dev-log.socket" 130 "syslog.socket" 131 ]; 132 133 systemd.sockets.systemd-journald-audit.wantedBy = [ 134 "systemd-journald.service" 135 "sockets.target" 136 ]; 137 138 environment.etc = { 139 "systemd/journald.conf".text = '' 140 [Journal] 141 Storage=${cfg.storage} 142 RateLimitInterval=${cfg.rateLimitInterval} 143 RateLimitBurst=${toString cfg.rateLimitBurst} 144 ${lib.optionalString (cfg.console != "") '' 145 ForwardToConsole=yes 146 TTYPath=${cfg.console} 147 ''} 148 ${lib.optionalString (cfg.forwardToSyslog) '' 149 ForwardToSyslog=yes 150 ''} 151 Audit=${utils.systemdUtils.lib.toOption cfg.audit} 152 ${cfg.extraConfig} 153 ''; 154 }; 155 156 users.groups.systemd-journal.gid = config.ids.gids.systemd-journal; 157 158 systemd.services.systemd-journal-flush.restartIfChanged = false; 159 systemd.services.systemd-journald.restartTriggers = [ 160 config.environment.etc."systemd/journald.conf".source 161 ]; 162 systemd.services.systemd-journald.stopIfChanged = false; 163 systemd.services."systemd-journald@".restartTriggers = [ 164 config.environment.etc."systemd/journald.conf".source 165 ]; 166 systemd.services."systemd-journald@".stopIfChanged = false; 167 }; 168}