(WIP) Install logrotate using system manager

Author: yvan-sraka

nix/packages/docker-ubuntu.nix

@@ -14,12 +14,16 @@ let
     in
     runCommand "ubuntu-cloudimg" { nativeBuildInputs = [ xz ]; } ''
       mkdir -p $out
+      # Remove (among other things) builtin logrotate to avoid conflicts with the one set-up by system-manager
       tar --exclude='dev/*' \
           --exclude='etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service' \
           --exclude='etc/systemd/system/multi-user.target.wants/systemd-resolved.service' \
+          --exclude='etc/systemd/system/timers.target.wants/logrotate.timer' \
           --exclude='usr/lib/systemd/system/tpm-udev.service' \
           --exclude='usr/lib/systemd/system/systemd-remount-fs.service' \
           --exclude='usr/lib/systemd/system/systemd-resolved.service' \
+          --exclude='usr/lib/systemd/system/logrotate.service' \
+          --exclude='usr/lib/systemd/system/logrotate.timer' \
           --exclude='usr/lib/systemd/system/proc-sys-fs-binfmt_misc.automount' \
           --exclude='usr/lib/systemd/system/sys-kernel-*' \
           --exclude='var/lib/apt/lists/*' \

nix/systemConfigs.nix

@@ -1,9 +1,11 @@
 { self, inputs, ... }:
 let
   mkModules = system: [
+    self.systemModules.logrotate
     ({
       services.nginx.enable = true;
       nixpkgs.hostPlatform = system;
+      supabase.services.logrotate.enable = true;
     })
   ];
 

nix/systemModules/default.nix

@@ -4,6 +4,8 @@
 {
   imports = [ ./tests ];
   flake = {
-    systemModules = { };
+    systemModules = {
+      logrotate = ./logrotate.nix;
+    };
   };
 }

nix/systemModules/logrotate.nix

@@ -0,0 +1,74 @@
+{
+  lib,
+  nixosModulesPath,
+  config,
+  ...
+}:
+let
+  cfg = config.supabase.services.logrotate;
+in
+{
+  imports = map (path: nixosModulesPath + path) [
+    # FIXME: error: The option `services.logrotate' in module `/nix/store/...-source/nix/modules'
+    # would be a parent of the following options,but its type `attribute set' does not support nested options.
+    # "/services/logging/logrotate.nix"
+  ];
+
+  options = {
+    supabase.services.logrotate = {
+      enable = lib.mkEnableOption "Whether to enable the logrotate systemd service.";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.logrotate = {
+      enable = true;
+      settings = {
+        "/var/log/postgresql/auth-failures.csv" = {
+          size = "10M";
+          rotate = 5;
+          compress = true;
+          delaycompress = true;
+          notifempty = true;
+          missingok = true;
+        };
+        "/var/log/postgresql/postgresql.csv" = {
+          size = "50M";
+          rotate = 9;
+          compress = true;
+          delaycompress = true;
+          notifempty = true;
+          missingok = true;
+          postrotate = ''
+            sudo -u postgres /usr/lib/postgresql/bin/pg_ctl -D /var/lib/postgresql/data logrotate
+          '';
+        };
+        "/var/log/postgresql/postgresql.log" = {
+          size = "50M";
+          rotate = 3;
+          copytruncate = true;
+          delaycompress = true;
+          compress = true;
+          notifempty = true;
+          missingok = true;
+        };
+        "/var/log/wal-g/*.log" = {
+          size = "50M";
+          rotate = 3;
+          copytruncate = true;
+          delaycompress = true;
+          compress = true;
+          notifempty = true;
+          missingok = true;
+        };
+      };
+    };
+
+    # FIXME: logrotate.service isn't a valid unit file (missing ExecStart)
+    # systemd.services.logrotate = {
+    #   wantedBy = lib.mkForce [
+    #     "system-manager.target"
+    #   ];
+    # };
+  };
+}

nix/systemModules/tests/test_logrotate.py

@@ -0,0 +1,7 @@
+# from time import sleep
+
+
+def test_logrotate_service(host):
+    # sleep(5000) # Handy for interactive debugging (with docker exec -it $CONTAINER_ID /bin/bash)
+    assert host.service("logrotate.service").is_valid
+    assert host.service("logrotate.service").is_running, "Logrotate service should be running but failed: {}".format(host.run("systemctl status logrotate.service").stdout)