summary refs log tree commit diff
diff options
context:
space:
mode:
authorykonai <mail@ykonai.net>2022-05-23 21:39:08 +0200
committerLudovic Courtès <ludo@gnu.org>2022-05-24 17:19:03 +0200
commit29c931780897b78c8d1499b648692a84a7b5063d (patch)
tree4e9cb980b09e54b6f7594a36e632bfad14ed2024
parent3e59d41df031a86e48f6b8ee1ac7a72d3c183f69 (diff)
downloadguix-29c931780897b78c8d1499b648692a84a7b5063d.tar.gz
services: Add log rotation to most networking services.
This adds a simple log rotation extension to every networking service that
specifies a #:log-file in its Shepherd service, which should prevent some logs
from accumulating indefinitely.

* gnu/services/networking.scm (%ntp-log-rotation): New variable.
(ntp-service-type): Extend 'rottlog-service-type'.
(openntpd-shepherd-service): Change #:log-file argument to "/var/log/ntpd.log".
(openntpd-service-type): Extend 'rottlog-service-type'.
(%tor-log-rotation): New variable.
(tor-service-type): Extend 'rottlog-service-type'.
(%connman-log-rotation): New variable.
(connman-service-type): Extend 'rottlog-service-type'.
(%hostapd-log-rotation): New variable.
(hostapd-service-type): Extend 'rottlog-service-type'.
(%pagekite-log-rotation): New variable.
(pagekite-service-type): Extend 'rottlog-service-type'.
(%yggdrasil-log-rotation): New variable.
(yggdrasil-service-type): Extend 'rottlog-service-type'.
(%ipfs-log-rotation): New variable.
(ipfs-service-type): Extend 'rottlog-service-type'.
(%keepalived-log-rotation): New variable.
(keepalived-service-type): Extend 'rottlog-service-type'.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
-rw-r--r--gnu/services/networking.scm72
1 files changed, 62 insertions, 10 deletions
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 399cd03c1d..d8fe638940 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -41,6 +41,7 @@
   #:use-module (gnu services linux)
   #:use-module (gnu services shepherd)
   #:use-module (gnu services dbus)
+  #:use-module (gnu services admin)
   #:use-module (gnu system shadow)
   #:use-module (gnu system pam)
   #:use-module ((gnu system file-systems) #:select (file-system-mapping))
@@ -384,6 +385,11 @@ daemon is responsible for allocating IP addresses to its client.")))
 ;;; NTP.
 ;;;
 
+
+(define %ntp-log-rotation
+  (list (log-rotation
+         (files '("/var/log/ntpd.log")))))
+
 (define ntp-server-types (make-enumeration
                           '(pool
                             server
@@ -532,7 +538,9 @@ restrict source notrap nomodify noquery\n"))
                        (service-extension account-service-type
                                           (const %ntp-accounts))
                        (service-extension activation-service-type
-                                          ntp-service-activation)))
+                                          ntp-service-activation)
+                       (service-extension rottlog-service-type
+                                          (const %ntp-log-rotation))))
                 (description
                  "Run the @command{ntpd}, the Network Time Protocol (NTP)
 daemon of the @uref{http://www.ntp.org, Network Time Foundation}.  The daemon
@@ -614,7 +622,7 @@ will keep the system clock synchronized with that of the given servers.")
                      ;; When ntpd is daemonized it repeatedly tries to respawn
                      ;; while running, leading shepherd to disable it.  To
                      ;; prevent spamming stderr, redirect output to logfile.
-                     #:log-file "/var/log/ntpd"))
+                     #:log-file "/var/log/ntpd.log"))
            (stop #~(make-kill-destructor))))))
 
 (define (openntpd-service-activation config)
@@ -640,7 +648,9 @@ will keep the system clock synchronized with that of the given servers.")
                        (service-extension profile-service-type
                                           (compose list openntpd-configuration-openntpd))
                        (service-extension activation-service-type
-                                          openntpd-service-activation)))
+                                          openntpd-service-activation)
+                       (service-extension rottlog-service-type
+                                          (const %ntp-log-rotation))))
                 (default-value (openntpd-configuration))
                 (description
                  "Run the @command{ntpd}, the Network Time Protocol (NTP)
@@ -987,6 +997,10 @@ HiddenServicePort ~a ~a~%"
                 (stop #~(make-kill-destructor))
                 (documentation "Run the Tor anonymous network overlay."))))))))
 
+(define %tor-log-rotation
+  (list (log-rotation
+         (files '("/var/log/tor.log")))))
+
 (define (tor-activation config)
   "Set up directories for Tor and its hidden services, if any."
   #~(begin
@@ -1032,7 +1046,9 @@ HiddenServicePort ~a ~a~%"
                        (service-extension account-service-type
                                           (const %tor-accounts))
                        (service-extension activation-service-type
-                                          tor-activation)))
+                                          tor-activation)
+                       (service-extension rottlog-service-type
+                                          (const %tor-log-rotation))))
 
                 ;; This can be extended with hidden services.
                 (compose concatenate)
@@ -1314,6 +1330,10 @@ wireless networking."))))
                       #:log-file "/var/log/connman.log"))
             (stop #~(make-kill-destructor)))))))
 
+(define %connman-log-rotation
+  (list (log-rotation
+         (files '("/var/log/connman.log")))))
+
 (define connman-service-type
   (let ((connman-package (compose list connman-configuration-connman)))
     (service-type (name 'connman)
@@ -1328,7 +1348,9 @@ wireless networking."))))
                                             connman-activation)
                          ;; Add connman to the system profile.
                          (service-extension profile-service-type
-                                            connman-package)))
+                                            connman-package)
+                         (service-extension rottlog-service-type
+                                            (const %connman-log-rotation))))
                   (default-value (connman-configuration))
                   (description
                    "Run @url{https://01.org/connman,Connman},
@@ -1570,12 +1592,18 @@ extra-settings "\n"))))
                    #:log-file "/var/log/hostapd.log"))
          (stop #~(make-kill-destructor)))))
 
+(define %hostapd-log-rotation
+  (list (log-rotation
+         (files '("/var/log/hostapd.log")))))
+
 (define hostapd-service-type
   (service-type
    (name 'hostapd)
    (extensions
     (list (service-extension shepherd-root-service-type
-                             hostapd-shepherd-services)))
+                             hostapd-shepherd-services)
+          (service-extension rottlog-service-type
+                             (const %hostapd-log-rotation))))
    (description
     "Run the @uref{https://w1.fi/hostapd/, hostapd} daemon for Wi-Fi access
 points and authentication servers.")))
@@ -1867,6 +1895,10 @@ table inet filter {
        ;; SIGTERM doesn't always work for some reason.
        (stop #~(make-kill-destructor SIGINT))))))
 
+(define %pagekite-log-rotation
+  (list (log-rotation
+         (files '("/var/log/pagekite.log")))))
+
 (define %pagekite-accounts
   (list (user-group (name "pagekite") (system? #t))
         (user-account
@@ -1885,7 +1917,9 @@ table inet filter {
     (list (service-extension shepherd-root-service-type
                              (compose list pagekite-shepherd-service))
           (service-extension account-service-type
-                             (const %pagekite-accounts))))
+                             (const %pagekite-accounts))
+          (service-extension rottlog-service-type
+                             (const %pagekite-log-rotation))))
    (description
     "Run @url{https://pagekite.net/,PageKite}, a tunneling solution to make
 local servers publicly accessible on the web, even behind NATs and firewalls.")))
@@ -1976,6 +2010,10 @@ local servers publicly accessible on the web, even behind NATs and firewalls."))
                    #:group "yggdrasil"))
          (stop #~(make-kill-destructor)))))
 
+(define %yggdrasil-log-rotation
+  (list (log-rotation
+         (files '("/var/log/yggdrasil.log")))))
+
 (define %yggdrasil-accounts
   (list (user-group (name "yggdrasil") (system? #t))))
 
@@ -1991,7 +2029,9 @@ See @command{yggdrasil -genconf} for config options.")
           (service-extension account-service-type
                              (const %yggdrasil-accounts))
           (service-extension profile-service-type
-                             (compose list yggdrasil-configuration-package))))))
+                             (compose list yggdrasil-configuration-package))
+          (service-extension rottlog-service-type
+                             (const %yggdrasil-log-rotation))))))
 
 
 ;;;
@@ -2061,6 +2101,10 @@ See @command{yggdrasil -genconf} for config options.")
                    #:environment-variables #$%ipfs-environment))
          (stop #~(make-kill-destructor)))))
 
+(define %ipfs-log-rotation
+  (list (log-rotation
+         (files '("/var/log/ipfs.log")))))
+
 (define (%ipfs-activation config)
   "Return an activation gexp for IPFS with CONFIG"
   (define (exec-command . args)
@@ -2116,7 +2160,9 @@ See @command{yggdrasil -genconf} for config options.")
           (service-extension activation-service-type
                              %ipfs-activation)
           (service-extension shepherd-root-service-type
-                             ipfs-shepherd-service)))
+                             ipfs-shepherd-service)
+          (service-extension rottlog-service-type
+                             (const %ipfs-log-rotation))))
    (default-value (ipfs-configuration))
    (description
     "Run @command{ipfs daemon}, the reference implementation
@@ -2153,10 +2199,16 @@ of the IPFS peer-to-peer storage network.")))
        (respawn? #f)
        (stop #~(make-kill-destructor)))))))
 
+(define %keepalived-log-rotation
+  (list (log-rotation
+         (files '("/var/log/keepalived.log")))))
+
 (define keepalived-service-type
   (service-type (name 'keepalived)
                 (extensions (list (service-extension shepherd-root-service-type
-                                                     keepalived-shepherd-service)))
+                                                     keepalived-shepherd-service)
+                                  (service-extension rottlog-service-type
+                                                     (const %keepalived-log-rotation))))
                 (description
                  "Run @uref{https://www.keepalived.org/, Keepalived}
 routing software.")))