diff options
| -rw-r--r-- | .config/logrotate.conf | 31 | ||||
| -rw-r--r-- | .config/systemd/user/logrotate.service | 28 | ||||
| -rw-r--r-- | .config/systemd/user/logrotate.timer | 11 |
3 files changed, 70 insertions, 0 deletions
diff --git a/.config/logrotate.conf b/.config/logrotate.conf new file mode 100644 index 0000000..2d891e3 --- /dev/null +++ b/.config/logrotate.conf @@ -0,0 +1,31 @@ + +# see "man logrotate" for details +# rotate log files weekly +weekly + +# keep 4 weeks worth of backlogs +rotate 4 + +# restrict maximum size of log files +#size 20M + +# create new (empty) log files after rotating old ones +create + +# uncomment this if you want your log files compressed +#compress + +# Logs are moved into directory for rotation +# olddir /var/log/archive +# include ~/.config/logrotate.d + +~/.log/a2j/a2j.log { + notifempty + copytruncate + missingok +} +~/.log/sway.log { + notifempty + copytruncate + missingok +} diff --git a/.config/systemd/user/logrotate.service b/.config/systemd/user/logrotate.service new file mode 100644 index 0000000..f517394 --- /dev/null +++ b/.config/systemd/user/logrotate.service @@ -0,0 +1,28 @@ +[Unit] +Description=Rotate log files +Documentation=man:logrotate(8) man:logrotate.conf(5) +ConditionACPower=true + +[Service] +Type=oneshot +ExecStart=/usr/bin/logrotate %h/.config/logrotate.conf -s %S/logrotate.status -v +Nice=19 +IOSchedulingClass=best-effort +IOSchedulingPriority=7 + +# hardening options +# details: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +# no ProtectHome for userdir logs +# no PrivateNetwork for mail deliviery +# no NoNewPrivileges for third party rotate scripts +# LockPersonality=true +# MemoryDenyWriteExecute=true +# PrivateDevices=true +# PrivateTmp=true +# ProtectControlGroups=true +# ProtectKernelLogs=true +# ProtectKernelModules=true +# ProtectKernelTunables=true +# ProtectSystem=full +# RestrictNamespaces=true +# RestrictRealtime=true diff --git a/.config/systemd/user/logrotate.timer b/.config/systemd/user/logrotate.timer new file mode 100644 index 0000000..ea37931 --- /dev/null +++ b/.config/systemd/user/logrotate.timer @@ -0,0 +1,11 @@ +[Unit] +Description=Daily rotation of log files +Documentation=man:logrotate(8) man:logrotate.conf(5) + +[Timer] +OnCalendar=daily +AccuracySec=1h +Persistent=true + +[Install] +WantedBy=timers.target |