nixos: systemd: split off journald into separate module
This commit is contained in:
parent
e2cb8903da
commit
fee1e24b3b
3 changed files with 128 additions and 116 deletions
|
@ -1166,6 +1166,7 @@
|
|||
./system/boot/stage-1.nix
|
||||
./system/boot/stage-2.nix
|
||||
./system/boot/systemd.nix
|
||||
./system/boot/systemd/journald.nix
|
||||
./system/boot/systemd/logind.nix
|
||||
./system/boot/systemd/nspawn.nix
|
||||
./system/boot/timesyncd.nix
|
||||
|
|
|
@ -80,18 +80,6 @@ let
|
|||
"printer.target"
|
||||
"smartcard.target"
|
||||
|
||||
# Journal.
|
||||
"systemd-journald.socket"
|
||||
"systemd-journald@.socket"
|
||||
"systemd-journald-varlink@.socket"
|
||||
"systemd-journald.service"
|
||||
"systemd-journald@.service"
|
||||
"systemd-journal-flush.service"
|
||||
"systemd-journal-catalog-update.service"
|
||||
] ++ (optional (!config.boot.isContainer) "systemd-journald-audit.socket") ++ [
|
||||
"systemd-journald-dev-log.socket"
|
||||
"syslog.socket"
|
||||
|
||||
# Coredumps.
|
||||
"systemd-coredump.socket"
|
||||
"systemd-coredump@.service"
|
||||
|
@ -179,9 +167,6 @@ let
|
|||
"systemd-hostnamed.service"
|
||||
"systemd-exit.service"
|
||||
"systemd-update-done.service"
|
||||
] ++ optionals config.services.journald.enableHttpGateway [
|
||||
"systemd-journal-gatewayd.socket"
|
||||
"systemd-journal-gatewayd.service"
|
||||
] ++ cfg.additionalUpstreamSystemUnits;
|
||||
|
||||
upstreamSystemWants =
|
||||
|
@ -399,79 +384,6 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
services.journald.console = mkOption {
|
||||
default = "";
|
||||
type = types.str;
|
||||
description = "If non-empty, write log messages to the specified TTY device.";
|
||||
};
|
||||
|
||||
services.journald.rateLimitInterval = mkOption {
|
||||
default = "30s";
|
||||
type = types.str;
|
||||
description = ''
|
||||
Configures the rate limiting interval that is applied to all
|
||||
messages generated on the system. This rate limiting is applied
|
||||
per-service, so that two services which log do not interfere with
|
||||
each other's limit. The value may be specified in the following
|
||||
units: s, min, h, ms, us. To turn off any kind of rate limiting,
|
||||
set either value to 0.
|
||||
|
||||
See <option>services.journald.rateLimitBurst</option> for important
|
||||
considerations when setting this value.
|
||||
'';
|
||||
};
|
||||
|
||||
services.journald.rateLimitBurst = mkOption {
|
||||
default = 10000;
|
||||
type = types.int;
|
||||
description = ''
|
||||
Configures the rate limiting burst limit (number of messages per
|
||||
interval) that is applied to all messages generated on the system.
|
||||
This rate limiting is applied per-service, so that two services
|
||||
which log do not interfere with each other's limit.
|
||||
|
||||
Note that the effective rate limit is multiplied by a factor derived
|
||||
from the available free disk space for the journal as described on
|
||||
<link xlink:href="https://www.freedesktop.org/software/systemd/man/journald.conf.html">
|
||||
journald.conf(5)</link>.
|
||||
|
||||
Note that the total amount of logs stored is limited by journald settings
|
||||
such as <literal>SystemMaxUse</literal>, which defaults to a 4 GB cap.
|
||||
|
||||
It is thus recommended to compute what period of time that you will be
|
||||
able to store logs for when an application logs at full burst rate.
|
||||
With default settings for log lines that are 100 Bytes long, this can
|
||||
amount to just a few hours.
|
||||
'';
|
||||
};
|
||||
|
||||
services.journald.extraConfig = mkOption {
|
||||
default = "";
|
||||
type = types.lines;
|
||||
example = "Storage=volatile";
|
||||
description = ''
|
||||
Extra config options for systemd-journald. See man journald.conf
|
||||
for available options.
|
||||
'';
|
||||
};
|
||||
|
||||
services.journald.enableHttpGateway = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to enable the HTTP gateway to the journal.
|
||||
'';
|
||||
};
|
||||
|
||||
services.journald.forwardToSyslog = mkOption {
|
||||
default = config.services.rsyslogd.enable || config.services.syslog-ng.enable;
|
||||
defaultText = literalExpression "services.rsyslogd.enable || services.syslog-ng.enable";
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to forward log messages to syslog.
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.sleep.extraConfig = mkOption {
|
||||
default = "";
|
||||
type = types.lines;
|
||||
|
@ -738,21 +650,6 @@ in
|
|||
${config.systemd.user.extraConfig}
|
||||
'';
|
||||
|
||||
"systemd/journald.conf".text = ''
|
||||
[Journal]
|
||||
Storage=persistent
|
||||
RateLimitInterval=${config.services.journald.rateLimitInterval}
|
||||
RateLimitBurst=${toString config.services.journald.rateLimitBurst}
|
||||
${optionalString (config.services.journald.console != "") ''
|
||||
ForwardToConsole=yes
|
||||
TTYPath=${config.services.journald.console}
|
||||
''}
|
||||
${optionalString (config.services.journald.forwardToSyslog) ''
|
||||
ForwardToSyslog=yes
|
||||
''}
|
||||
${config.services.journald.extraConfig}
|
||||
'';
|
||||
|
||||
"systemd/coredump.conf".text =
|
||||
''
|
||||
[Coredump]
|
||||
|
@ -872,11 +769,6 @@ in
|
|||
"TMPFS_XATTR" "SECCOMP"
|
||||
];
|
||||
|
||||
users.groups.systemd-journal.gid = config.ids.gids.systemd-journal;
|
||||
users.users.systemd-journal-gateway.uid = config.ids.uids.systemd-journal-gateway;
|
||||
users.users.systemd-journal-gateway.group = "systemd-journal-gateway";
|
||||
users.groups.systemd-journal-gateway.gid = config.ids.gids.systemd-journal-gateway;
|
||||
|
||||
# Generate timer units for all services that have a ‘startAt’ value.
|
||||
systemd.timers =
|
||||
mapAttrs (name: service:
|
||||
|
@ -893,9 +785,6 @@ in
|
|||
})
|
||||
(filterAttrs (name: service: service.startAt != []) cfg.user.services);
|
||||
|
||||
systemd.sockets.systemd-journal-gatewayd.wantedBy =
|
||||
optional config.services.journald.enableHttpGateway "sockets.target";
|
||||
|
||||
# Provide the systemd-user PAM service, required to run systemd
|
||||
# user instances.
|
||||
security.pam.services.systemd-user =
|
||||
|
@ -909,16 +798,11 @@ in
|
|||
systemd.services."systemd-fsck@".restartIfChanged = false;
|
||||
systemd.services."systemd-fsck@".path = [ config.system.path ];
|
||||
systemd.services."user@".restartIfChanged = false;
|
||||
systemd.services.systemd-journal-flush.restartIfChanged = false;
|
||||
systemd.services.systemd-random-seed.restartIfChanged = false;
|
||||
systemd.services.systemd-remount-fs.restartIfChanged = false;
|
||||
systemd.services.systemd-update-utmp.restartIfChanged = false;
|
||||
systemd.services.systemd-user-sessions.restartIfChanged = false; # Restart kills all active sessions.
|
||||
systemd.services.systemd-udev-settle.restartIfChanged = false; # Causes long delays in nixos-rebuild
|
||||
systemd.services.systemd-journald.restartTriggers = [ config.environment.etc."systemd/journald.conf".source ];
|
||||
systemd.services.systemd-journald.stopIfChanged = false;
|
||||
systemd.services."systemd-journald@".restartTriggers = [ config.environment.etc."systemd/journald.conf".source ];
|
||||
systemd.services."systemd-journald@".stopIfChanged = false;
|
||||
systemd.targets.local-fs.unitConfig.X-StopOnReconfiguration = true;
|
||||
systemd.targets.remote-fs.unitConfig.X-StopOnReconfiguration = true;
|
||||
systemd.targets.network-online.wantedBy = [ "multi-user.target" ];
|
||||
|
|
127
nixos/modules/system/boot/systemd/journald.nix
Normal file
127
nixos/modules/system/boot/systemd/journald.nix
Normal file
|
@ -0,0 +1,127 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with lib; {
|
||||
options = {
|
||||
services.journald.console = mkOption {
|
||||
default = "";
|
||||
type = types.str;
|
||||
description = "If non-empty, write log messages to the specified TTY device.";
|
||||
};
|
||||
|
||||
services.journald.rateLimitInterval = mkOption {
|
||||
default = "30s";
|
||||
type = types.str;
|
||||
description = ''
|
||||
Configures the rate limiting interval that is applied to all
|
||||
messages generated on the system. This rate limiting is applied
|
||||
per-service, so that two services which log do not interfere with
|
||||
each other's limit. The value may be specified in the following
|
||||
units: s, min, h, ms, us. To turn off any kind of rate limiting,
|
||||
set either value to 0.
|
||||
|
||||
See <option>services.journald.rateLimitBurst</option> for important
|
||||
considerations when setting this value.
|
||||
'';
|
||||
};
|
||||
|
||||
services.journald.rateLimitBurst = mkOption {
|
||||
default = 10000;
|
||||
type = types.int;
|
||||
description = ''
|
||||
Configures the rate limiting burst limit (number of messages per
|
||||
interval) that is applied to all messages generated on the system.
|
||||
This rate limiting is applied per-service, so that two services
|
||||
which log do not interfere with each other's limit.
|
||||
|
||||
Note that the effective rate limit is multiplied by a factor derived
|
||||
from the available free disk space for the journal as described on
|
||||
<link xlink:href="https://www.freedesktop.org/software/systemd/man/journald.conf.html">
|
||||
journald.conf(5)</link>.
|
||||
|
||||
Note that the total amount of logs stored is limited by journald settings
|
||||
such as <literal>SystemMaxUse</literal>, which defaults to a 4 GB cap.
|
||||
|
||||
It is thus recommended to compute what period of time that you will be
|
||||
able to store logs for when an application logs at full burst rate.
|
||||
With default settings for log lines that are 100 Bytes long, this can
|
||||
amount to just a few hours.
|
||||
'';
|
||||
};
|
||||
|
||||
services.journald.extraConfig = mkOption {
|
||||
default = "";
|
||||
type = types.lines;
|
||||
example = "Storage=volatile";
|
||||
description = ''
|
||||
Extra config options for systemd-journald. See man journald.conf
|
||||
for available options.
|
||||
'';
|
||||
};
|
||||
|
||||
services.journald.enableHttpGateway = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to enable the HTTP gateway to the journal.
|
||||
'';
|
||||
};
|
||||
|
||||
services.journald.forwardToSyslog = mkOption {
|
||||
default = config.services.rsyslogd.enable || config.services.syslog-ng.enable;
|
||||
defaultText = literalExpression "services.rsyslogd.enable || services.syslog-ng.enable";
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Whether to forward log messages to syslog.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
systemd.additionalUpstreamSystemUnits = [
|
||||
# Journal.
|
||||
"systemd-journald.socket"
|
||||
"systemd-journald@.socket"
|
||||
"systemd-journald-varlink@.socket"
|
||||
"systemd-journald.service"
|
||||
"systemd-journald@.service"
|
||||
"systemd-journal-flush.service"
|
||||
"systemd-journal-catalog-update.service"
|
||||
] ++ (optional (!config.boot.isContainer) "systemd-journald-audit.socket") ++ [
|
||||
"systemd-journald-dev-log.socket"
|
||||
"syslog.socket"
|
||||
] ++ optionals config.services.journald.enableHttpGateway [
|
||||
"systemd-journal-gatewayd.socket"
|
||||
"systemd-journal-gatewayd.service"
|
||||
];
|
||||
|
||||
environment.etc = {
|
||||
"systemd/journald.conf".text = ''
|
||||
[Journal]
|
||||
Storage=persistent
|
||||
RateLimitInterval=${config.services.journald.rateLimitInterval}
|
||||
RateLimitBurst=${toString config.services.journald.rateLimitBurst}
|
||||
${optionalString (config.services.journald.console != "") ''
|
||||
ForwardToConsole=yes
|
||||
TTYPath=${config.services.journald.console}
|
||||
''}
|
||||
${optionalString (config.services.journald.forwardToSyslog) ''
|
||||
ForwardToSyslog=yes
|
||||
''}
|
||||
${config.services.journald.extraConfig}
|
||||
'';
|
||||
};
|
||||
|
||||
users.groups.systemd-journal.gid = config.ids.gids.systemd-journal;
|
||||
users.users.systemd-journal-gateway.uid = config.ids.uids.systemd-journal-gateway;
|
||||
users.users.systemd-journal-gateway.group = "systemd-journal-gateway";
|
||||
users.groups.systemd-journal-gateway.gid = config.ids.gids.systemd-journal-gateway;
|
||||
|
||||
systemd.sockets.systemd-journal-gatewayd.wantedBy =
|
||||
optional config.services.journald.enableHttpGateway "sockets.target";
|
||||
|
||||
systemd.services.systemd-journal-flush.restartIfChanged = false;
|
||||
systemd.services.systemd-journald.restartTriggers = [ config.environment.etc."systemd/journald.conf".source ];
|
||||
systemd.services.systemd-journald.stopIfChanged = false;
|
||||
systemd.services."systemd-journald@".restartTriggers = [ config.environment.etc."systemd/journald.conf".source ];
|
||||
systemd.services."systemd-journald@".stopIfChanged = false;
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue