Git-Mirrors/graphene-os-server-infrastructure
1
0
Fork 0
mirror of https://github.com/GrapheneOS/infrastructure.git synced 2025-11-19 22:42:24 -05:00
Code Issues Projects Releases Packages Wiki Activity

switch back to unified journald rotation/retention

Browse source 
Since we're no longer storing nginx logs in journald, we no longer need
to use journald configuration to control nginx log rotation/retention.

We switched from nginx to dnsdist for the authoritative DNS servers and
are therefore no longer logging any of the queries persistently since we
can rely on the PowerDNS and dnsdist in-memory buffers and stats.

We can use nginx-specific logrotate configuration on a per-server basis
based on balancing the usefulness of access logs with storage space and
getting rid of slightly sensitive data faster (mainly IP addresses).
This commit is contained in:
Daniel Micay 2025-11-03 19:42:21 -05:00
parent 9d68a079db
commit 8697cf2a2d
2 changed files with 2 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

4
etc/systemd/journald.conf
View file

@ -32,8 +32,8 @@ SystemMaxFiles=10000
#RuntimeKeepFree=
#RuntimeMaxFileSize=
#RuntimeMaxFiles=100
MaxRetentionSec={{journald_max_retention_sec}}
MaxFileSec={{journald_max_file_sec}}
MaxRetentionSec=10day
MaxFileSec=1day
#ForwardToSyslog=no
#ForwardToKMsg=no
#ForwardToConsole=no

30
hosts.sh
View file

@ -213,36 +213,6 @@ declare -Ar hosts_journald_system_max_file_size=(
[grapheneos.social]=1G
)
declare -Ar hosts_journald_max_file_sec=(
[ns1.staging.grapheneos.org]=12hour
[0.ns1.grapheneos.org]=12hour
[1.ns1.grapheneos.org]=12hour
[2.ns1.grapheneos.org]=12hour
[3.ns1.grapheneos.org]=12hour
[0.ns2.grapheneos.org]=12hour
[1.ns2.grapheneos.org]=12hour
[2.ns2.grapheneos.org]=12hour
[0.grapheneos.network]=12hour
[1.grapheneos.network]=12hour
[2.grapheneos.network]=12hour
[3.grapheneos.network]=12hour
)
declare -Ar hosts_journald_max_retention_sec=(
[ns1.staging.grapheneos.org]=4day
[0.ns1.grapheneos.org]=4day
[1.ns1.grapheneos.org]=4day
[2.ns1.grapheneos.org]=4day
[3.ns1.grapheneos.org]=4day
[0.ns2.grapheneos.org]=4day
[1.ns2.grapheneos.org]=4day
[2.ns2.grapheneos.org]=4day
[0.grapheneos.network]=4day
[1.grapheneos.network]=4day
[2.grapheneos.network]=4day
[3.grapheneos.network]=4day
)
declare -Ar hosts_ipv4_address=(
[ns1.staging.grapheneos.org]=198.98.56.238
[0.ns1.grapheneos.org]=51.161.34.158