2 files changed, 39 insertions, 0 deletions

diff --git a/.config/systemd/user/logrotate.service b/.config/systemd/user/logrotate.service
new file mode 100644
index 0000000..f517394
--- /dev/null
+++ b/.config/systemd/user/logrotate.service
@@ -0,0 +1,28 @@
+[Unit]
+Description=Rotate log files
+Documentation=man:logrotate(8) man:logrotate.conf(5)
+ConditionACPower=true
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/logrotate %h/.config/logrotate.conf -s %S/logrotate.status -v
+Nice=19
+IOSchedulingClass=best-effort
+IOSchedulingPriority=7
+
+# hardening options
+#  details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+#  no ProtectHome for userdir logs
+#  no PrivateNetwork for mail deliviery
+#  no NoNewPrivileges for third party rotate scripts
+# LockPersonality=true
+# MemoryDenyWriteExecute=true
+# PrivateDevices=true
+# PrivateTmp=true
+# ProtectControlGroups=true
+# ProtectKernelLogs=true
+# ProtectKernelModules=true
+# ProtectKernelTunables=true
+# ProtectSystem=full
+# RestrictNamespaces=true
+# RestrictRealtime=true
diff --git a/.config/systemd/user/logrotate.timer b/.config/systemd/user/logrotate.timer
new file mode 100644
index 0000000..ea37931
--- /dev/null
+++ b/.config/systemd/user/logrotate.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=Daily rotation of log files
+Documentation=man:logrotate(8) man:logrotate.conf(5)
+
+[Timer]
+OnCalendar=daily
+AccuracySec=1h
+Persistent=true
+
+[Install]
+WantedBy=timers.target