From 8697cf2a2d3e2b87f934a0ab64d8727db5a76429 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Mon, 3 Nov 2025 19:42:21 -0500 Subject: [PATCH] switch back to unified journald rotation/retention Since we're no longer storing nginx logs in journald, we no longer need to use journald configuration to control nginx log rotation/retention. We switched from nginx to dnsdist for the authoritative DNS servers and are therefore no longer logging any of the queries persistently since we can rely on the PowerDNS and dnsdist in-memory buffers and stats. We can use nginx-specific logrotate configuration on a per-server basis based on balancing the usefulness of access logs with storage space and getting rid of slightly sensitive data faster (mainly IP addresses). --- etc/systemd/journald.conf | 4 ++-- hosts.sh | 30 ------------------------------ 2 files changed, 2 insertions(+), 32 deletions(-) diff --git a/etc/systemd/journald.conf b/etc/systemd/journald.conf index 2eb8439..2cfdb7f 100644 --- a/etc/systemd/journald.conf +++ b/etc/systemd/journald.conf @@ -32,8 +32,8 @@ SystemMaxFiles=10000 #RuntimeKeepFree= #RuntimeMaxFileSize= #RuntimeMaxFiles=100 -MaxRetentionSec={{journald_max_retention_sec}} -MaxFileSec={{journald_max_file_sec}} +MaxRetentionSec=10day +MaxFileSec=1day #ForwardToSyslog=no #ForwardToKMsg=no #ForwardToConsole=no diff --git a/hosts.sh b/hosts.sh index 59dd2ed..68b1a55 100644 --- a/hosts.sh +++ b/hosts.sh @@ -213,36 +213,6 @@ declare -Ar hosts_journald_system_max_file_size=( [grapheneos.social]=1G ) -declare -Ar hosts_journald_max_file_sec=( - [ns1.staging.grapheneos.org]=12hour - [0.ns1.grapheneos.org]=12hour - [1.ns1.grapheneos.org]=12hour - [2.ns1.grapheneos.org]=12hour - [3.ns1.grapheneos.org]=12hour - [0.ns2.grapheneos.org]=12hour - [1.ns2.grapheneos.org]=12hour - [2.ns2.grapheneos.org]=12hour - [0.grapheneos.network]=12hour - [1.grapheneos.network]=12hour - [2.grapheneos.network]=12hour - [3.grapheneos.network]=12hour -) - -declare -Ar hosts_journald_max_retention_sec=( - [ns1.staging.grapheneos.org]=4day - [0.ns1.grapheneos.org]=4day - [1.ns1.grapheneos.org]=4day - [2.ns1.grapheneos.org]=4day - [3.ns1.grapheneos.org]=4day - [0.ns2.grapheneos.org]=4day - [1.ns2.grapheneos.org]=4day - [2.ns2.grapheneos.org]=4day - [0.grapheneos.network]=4day - [1.grapheneos.network]=4day - [2.grapheneos.network]=4day - [3.grapheneos.network]=4day -) - declare -Ar hosts_ipv4_address=( [ns1.staging.grapheneos.org]=198.98.56.238 [0.ns1.grapheneos.org]=51.161.34.158