From 9917af7fe0e394d854a8e9548ac0a040cfc44621 Mon Sep 17 00:00:00 2001 From: Dominique Martinet Date: Fri, 11 Feb 2022 17:09:52 +0900 Subject: [PATCH 1/5] logrotate: move wtmp/btmp rules to systemd wtmp and btmp are created by systemd, so the rules are more appropriate there. They can be disabled explicitly with something like services.ogrotate.paths = { "/var/log/btmp".enable = false; "/var/log/wtmp".enable = false; }; if required. --- nixos/modules/services/logging/logrotate.nix | 20 -------------------- nixos/modules/system/boot/systemd.nix | 17 +++++++++++++++++ 2 files changed, 17 insertions(+), 20 deletions(-) diff --git a/nixos/modules/services/logging/logrotate.nix b/nixos/modules/services/logging/logrotate.nix index 8cef4e8c083a..26d22d90175b 100644 --- a/nixos/modules/services/logging/logrotate.nix +++ b/nixos/modules/services/logging/logrotate.nix @@ -4,7 +4,6 @@ with lib; let cfg = config.services.logrotate; - inherit (config.users) groups; pathOpts = { name, ... }: { options = { @@ -163,25 +162,6 @@ in } ) cfg.paths; - services.logrotate = { - paths = { - "/var/log/btmp" = { - frequency = mkDefault "monthly"; - keep = mkDefault 1; - extraConfig = '' - create 0660 root ${groups.utmp.name} - ''; - }; - "/var/log/wtmp" = { - frequency = mkDefault "monthly"; - keep = mkDefault 1; - extraConfig = '' - create 0664 root ${groups.utmp.name} - ''; - }; - }; - }; - systemd.services.logrotate = { description = "Logrotate Service"; wantedBy = [ "multi-user.target" ]; diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix index 9dcf9eb769f8..4edaf405fbff 100644 --- a/nixos/modules/system/boot/systemd.nix +++ b/nixos/modules/system/boot/systemd.nix @@ -1212,6 +1212,23 @@ in boot.kernel.sysctl."kernel.pid_max" = mkIf pkgs.stdenv.is64bit (lib.mkDefault 4194304); boot.kernelParams = optional (!cfg.enableUnifiedCgroupHierarchy) "systemd.unified_cgroup_hierarchy=0"; + + services.logrotate.paths = { + "/var/log/btmp" = mapAttrs (_: mkDefault) { + frequency = "monthly"; + keep = 1; + extraConfig = '' + create 0660 root ${config.users.groups.utmp.name} + ''; + }; + "/var/log/wtmp" = mapAttrs (_: mkDefault) { + frequency = "monthly"; + keep = 1; + extraConfig = '' + create 0664 root ${config.users.groups.utmp.name} + ''; + }; + }; }; # FIXME: Remove these eventually. From 61c70dbc97b57188aa4c482cbb79171902e53c6e Mon Sep 17 00:00:00 2001 From: Dominique Martinet Date: Fri, 11 Feb 2022 17:13:38 +0900 Subject: [PATCH 2/5] logrotate: default to enable if any rule is active --- nixos/doc/manual/from_md/release-notes/rl-2205.section.xml | 7 +++++++ nixos/doc/manual/release-notes/rl-2205.section.md | 3 +++ nixos/modules/services/logging/logrotate.nix | 5 ++++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 544b1e138989..a96808014d56 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -865,6 +865,13 @@ Plugins are automatically repackaged using autoPatchelf. + + + services.logrotate.enable now defaults to + true if any rotate path has been defined, and some paths have + been added by default. + + The zrepl package has been updated from diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index c748d2dae9e2..1b627703989b 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -294,6 +294,9 @@ In addition to numerous new and upgraded packages, this release has the followin - `services.mattermost.plugins` has been added to allow the declarative installation of Mattermost plugins. Plugins are automatically repackaged using autoPatchelf. +- `services.logrotate.enable` now defaults to true if any rotate path has + been defined, and some paths have been added by default. + - The `zrepl` package has been updated from 0.4.0 to 0.5: - The RPC protocol version was bumped; all zrepl daemons in a setup must be updated and restarted before replication can resume. diff --git a/nixos/modules/services/logging/logrotate.nix b/nixos/modules/services/logging/logrotate.nix index 26d22d90175b..1467e27deba8 100644 --- a/nixos/modules/services/logging/logrotate.nix +++ b/nixos/modules/services/logging/logrotate.nix @@ -111,7 +111,10 @@ in options = { services.logrotate = { - enable = mkEnableOption "the logrotate systemd service"; + enable = mkEnableOption "the logrotate systemd service" // { + default = foldr (n: a: a || n.enable) false (attrValues cfg.paths); + defaultText = literalExpression "cfg.paths != {}"; + }; paths = mkOption { type = with types; attrsOf (submodule pathOpts); From c7618fbd9b871eec58174c4e65ff22b2739ca6e9 Mon Sep 17 00:00:00 2001 From: Dominique Martinet Date: Fri, 11 Feb 2022 17:17:42 +0900 Subject: [PATCH 3/5] nginx: add logrotate rule for nginx logs --- nixos/modules/services/web-servers/nginx/default.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index 6876dbf39d84..7daf0f158b35 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -988,5 +988,17 @@ in nginx.gid = config.ids.gids.nginx; }; + services.logrotate.paths.nginx = mapAttrs (_: mkDefault) { + path = "/var/log/nginx/*.log"; + frequency = "weekly"; + keep = 26; + extraConfig = '' + compress + delaycompress + postrotate + [ ! -f /var/run/nginx/nginx.pid ] || kill -USR1 `cat /var/run/nginx/nginx.pid` + endscript + ''; + }; }; } From c132bfaa19ea08cce7c261ab4f0bda42bfc76b48 Mon Sep 17 00:00:00 2001 From: Dominique Martinet Date: Fri, 11 Feb 2022 17:27:06 +0900 Subject: [PATCH 4/5] logrotate: prepend extraConfig instead of postpending it logrotate global options only affect rules following them - as such, services.logrotate.extraConfig being added last makes the option only useful for adding new paths but not for setting global options (e.g. 'dateext' so all logs are rotate with a date suffix). Moving this first solves this problem, and we can then use this instead of default paths config to append missingok/notifempty. --- nixos/modules/services/logging/logrotate.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/nixos/modules/services/logging/logrotate.nix b/nixos/modules/services/logging/logrotate.nix index 1467e27deba8..77e4fc395981 100644 --- a/nixos/modules/services/logging/logrotate.nix +++ b/nixos/modules/services/logging/logrotate.nix @@ -84,10 +84,6 @@ let }; config.name = name; - config.extraConfig = '' - missingok - notifempty - ''; }; mkConf = pathOpts: '' @@ -101,7 +97,11 @@ let ''; paths = sortProperties (attrValues (filterAttrs (_: pathOpts: pathOpts.enable) cfg.paths)); - configFile = pkgs.writeText "logrotate.conf" (concatStringsSep "\n" ((map mkConf paths) ++ [ cfg.extraConfig ])); + configFile = pkgs.writeText "logrotate.conf" ( + concatStringsSep "\n" ( + [ "missingok" "notifempty" cfg.extraConfig ] ++ (map mkConf paths) + ) + ); in { From a05f1c9f9357d3c3c39b99a5aa020399ee28bb99 Mon Sep 17 00:00:00 2001 From: Dominique Martinet Date: Fri, 11 Feb 2022 17:49:52 +0900 Subject: [PATCH 5/5] nixos tests: add logrotate test make sure the service is enabled by default and works. --- nixos/tests/all-tests.nix | 1 + nixos/tests/logrotate.nix | 35 +++++++++++++++++++++++++ pkgs/tools/system/logrotate/default.nix | 5 ++++ 3 files changed, 41 insertions(+) create mode 100644 nixos/tests/logrotate.nix diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix index 3fd4945ed352..9238e831c50d 100644 --- a/nixos/tests/all-tests.nix +++ b/nixos/tests/all-tests.nix @@ -268,6 +268,7 @@ in litestream = handleTest ./litestream.nix {}; locate = handleTest ./locate.nix {}; login = handleTest ./login.nix {}; + logrotate = handleTest ./logrotate.nix {}; loki = handleTest ./loki.nix {}; lxd = handleTest ./lxd.nix {}; lxd-image = handleTest ./lxd-image.nix {}; diff --git a/nixos/tests/logrotate.nix b/nixos/tests/logrotate.nix new file mode 100644 index 000000000000..0f6b59f071d4 --- /dev/null +++ b/nixos/tests/logrotate.nix @@ -0,0 +1,35 @@ +# Test logrotate service works and is enabled by default + +import ./make-test-python.nix ({ pkgs, ...} : rec { + name = "logrotate"; + meta = with pkgs.lib.maintainers; { + maintainers = [ martinetd ]; + }; + + # default machine + machine = { ... }: { + }; + + testScript = + '' + with subtest("whether logrotate works"): + machine.succeed( + # we must rotate once first to create logrotate stamp + "systemctl start --wait logrotate.service", + + # wtmp is present in default config. + "rm -f /var/log/wtmp*", + "echo test > /var/log/wtmp", + + # move into the future and rotate + "date -s 'now + 1 month + 1 day'", + # systemd will run logrotate from logrotate.timer automatically + # on date change, but if we want to wait for it to terminate + # it's easier to run again... + "systemctl start --wait logrotate.service", + + # check rotate worked + "[ -e /var/log/wtmp.1 ]", + ) + ''; +}) diff --git a/pkgs/tools/system/logrotate/default.nix b/pkgs/tools/system/logrotate/default.nix index 97d920ce918e..f0ce08383359 100644 --- a/pkgs/tools/system/logrotate/default.nix +++ b/pkgs/tools/system/logrotate/default.nix @@ -1,6 +1,7 @@ { lib, stdenv, fetchFromGitHub, gzip, popt, autoreconfHook , mailutils ? null , aclSupport ? true, acl +, nixosTests }: stdenv.mkDerivation rec { @@ -25,6 +26,10 @@ stdenv.mkDerivation rec { nativeBuildInputs = [ autoreconfHook ]; buildInputs = [ popt ] ++ lib.optionals aclSupport [ acl ]; + passthru.tests = { + nixos-logrotate = nixosTests.logrotate; + }; + meta = with lib; { homepage = "https://github.com/logrotate/logrotate"; description = "Rotates and compresses system logs";