rsyslog: configuration

2025-10-09 22:46:00 +02:00
7 changed files with 197 additions and 1 deletions
--- a/disks/layout_vm_log.nix
+++ b/disks/layout_vm_log.nix
@ -0,0 +1,24 @@
 { ... }:
 {
  disko.devices = {
    disk = {
      logs = {
        type = "disk";
        content = {
          type = "gpt";
          partitions = {
            data = {
              size = "100%";
              content = {
                type = "filesystem";
                format = "ext4";
                mountpoint = "/var/log";
              };
            };
          };
        };
      };
    };
  };
 }
--- a/flake.nix
+++ b/flake.nix
@ -60,6 +60,14 @@
              ]
              ++ defaultVM;
            };
            log-2 = nixosSystem {
              specialArgs = inputs;
              modules = [
                ./hosts/vm/log-2
                ./disks/layout_vm_log.nix
              ]
              ++ defaultVM;
            };
            # VL: Peut-être avoir de l'auto-discovery: On a beaucoup trop de machines
            jitsi = nixosSystem {
              specialArgs = inputs;
--- a/hosts/vm/log-2/default.nix
+++ b/hosts/vm/log-2/default.nix
@ -0,0 +1,56 @@
 { ... }:
 {
  imports = [
    ./log.nix
  ];
  disko.devices.disk.logs.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_drive-scsi1";
  networking = {
    hostName = "log-2";
    domain = "int.infra.auro.re";
  };
  boot.loader.systemd-boot.enable = true;
  systemd.network = {
    enable = true;
    links = {
      "10-int" = {
        matchConfig.MACAddress = "04:00:00:37:f2:a1";
        linkConfig.Name = "int";
      };
    };
    networks = {
      "10-int" = {
        domains = [
          "int.infra.auro.re"
          "auro.re"
        ];
        matchConfig.Name = "int";
        linkConfig.RequiredForOnline = "routable";
        address = [
          "10.206.1.10/16"
          "2a09:6840:206::1:10/64"
        ];
        routes = [
          { Gateway = "10.206.0.1"; }
          { Gateway = "2a09:6840:206::1"; }
        ];
        dns = [
          "10.206.1.1"
          "10.206.1.2"
          "2a09:6840:206::1:1"
          "2a09:6840:206::1:2"
        ];
      };
    };
  };
  # TODO: script de rotation des logs
  system.stateVersion = "25.05";
 }
--- a/hosts/vm/log-2/log.nix
+++ b/hosts/vm/log-2/log.nix
@ -0,0 +1,43 @@
 { ... }:
 {
  services.rsyslogd = {
    extraConfig = ''
      module(load="mmrm1stspace")
      module(load="imrelp")
      template(name="incomingFilename" type="list") {
          constant(value="/var/log/remote/")
          property(name="fromhost-ip")
          constant(value="/")
          property(name="timegenerated" dateFormat="year")
          constant(value="-")
          property(name="timegenerated" dateFormat="month")
          constant(value="-")
          property(name="timegenerated" dateFormat="day")
          constant(value=".log")
      }
      ruleset(name="handleIncomingLogs") {
          action(type="mmrm1stspace")
          action(
              type="omfile"
              dynaFile="incomingFilename"
              template="RSYSLOG_FileFormat"
          )
      }
      input(
          type="imrelp"
          port="20514"
          ruleset="handleIncomingLogs"
      )
    '';
  };
  networking.firewall.allowedTCPPorts = [ 20514 ];
  systemd.tmpfiles.rules = [
    "d /var/log/remote 0750 root root -"
  ];
 }
--- a/profiles/common/default.nix
+++ b/profiles/common/default.nix
@ -8,6 +8,7 @@
    ./ntp.nix
    ./programs.nix
    ./prometheus-node-exporter.nix
    ./rsyslog.nix
    ./ssh.nix
    ./tmp.nix
  ];
--- a/profiles/common/rsyslog.nix
+++ b/profiles/common/rsyslog.nix
@ -0,0 +1,59 @@
 { lib, ... }:
 {
  services.rsyslogd = {
    enable = true;
    defaultConfig = ''
      # TODO: Vérifier s'il existe des services qui ne savent pas envoyer
      #       leurs logs sur journald (peut-être freeradius)
      global(
          workDirectory="/var/spool/rsyslog" # TODO: read the doc
          preserveFQDN="on"
      )
      module(load="imjournal")
      module(load="mmjsonparse")
      module(load="omrelp")
      module(
          load="builtin:omfile"
          template="RSYSLOG_FileFormat"
          fileOwner="root"
          fileGroup="root"
          fileCreateMode="0640"
          dirCreateMode="0755"
      )
      ruleset(name="sendLogsToRemote") {
          action(
              type="omrelp"
              target="10.206.1.10"
              port="20514"
              queue.type="LinkedList"
              queue.spoolDirectory="/var/spool/rsyslog"
              queue.fileName="queue_1"
              queue.saveOnShutdown="on"
              queue.highWatermark="500"
              queue.lowWatermark="100"
              queue.checkpointInterval="200"
              queue.syncqueuefiles="on"
              queue.maxDiskSpace="500m"
              action.resumeRetryCount="-1"
              action.reportSuspension="on"
              action.reportSuspensionContinuation="on"
          )
      }
      # Send local logs to the remote collector
      call sendLogsToRemote
    '';
  };
  # Pas de risque de boucle dès lors qu'on n'injecte pas les logs
  # dans journald. 
  systemd.services.syslog.serviceConfig.StandardOutput = lib.mkForce "journal";
 }
--- a/profiles/vm/nginx.nix
+++ b/profiles/vm/nginx.nix
@ -5,6 +5,11 @@
    recommendedTlsSettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
-    recommendedProxySettings = true;    
+    recommendedProxySettings = true;
    appendHttpConfig = ''
      access_log syslog:server=unix:/dev/log combined;
      error_log syslog:server=unix:/dev/log;
    '';
  };
 }