Skip to content
Snippets Groups Projects
Commit 727d84a9 authored by Jean-Paul Calderone's avatar Jean-Paul Calderone
Browse files

Merge branch 'log-retention-policy' into 'develop'

Log retention policy module

See merge request !290
parents 62f03c73 b8815bd4
No related branches found
No related tags found
2 merge requests!298merge develop into production,!290Log retention policy module
Pipeline #2025 passed
......@@ -13,6 +13,7 @@
./packages.nix
./issuer.nix
./private-storage.nix
./monitoring/policy.nix
./monitoring/vpn/client.nix
./monitoring/exporters/node.nix
./monitoring/exporters/tahoe.nix
......
......@@ -11,6 +11,7 @@
let
cfg = config.services.private-storage.monitoring.exporters.promtail;
hostName = config.networking.hostName;
logRetention = toString(config.services.private-storage.monitoring.policy.logRetentionSeconds) + "s";
in {
options.services.private-storage.monitoring.exporters.promtail = {
......@@ -33,25 +34,18 @@ in {
services.promtail.enable = true;
networking.firewall.interfaces.monitoringvpn.allowedTCPPorts = [ 9080 ];
# Since we'll send our journald logs elsewhere, we don't need to keep them
# here for very long. Keep them for a *little* while just to provide some
# context in case someone ends up looking at the logs on the system itself
# but generally suppose that people will look at Loki instead.
services.journald.extraConfig = ''
# This tells journald it can discard log files that contain only log
# entries that are older than 29 days.
MaxRetentionSec=29day
# entries older than...
MaxRetentionSec=${logRetention}
# This tells journald to start a new log file once a day. Together with
# the MaxRetentionSec setting, this means that entries are kept for
# between 29 and 30 days (plus whatever scheduling slop journald has in
# enforcing these limits).
# up to a full day longer than MaxRetentionSec.
#
# https://www.freedesktop.org/software/systemd/man/journald.conf.html
# for further details about these options.
#
# A maximum retention of 30 days conforms to the published log retention
# policy.
MaxFileSec=1day
'';
......
# Codify our log data retention policy
#
# A maximum retention of 30 days conforms to the published log retention policy,
# see https://private.storage/privacy-policy/ .
{ options, lib, ... }: {
options.services.private-storage.monitoring.policy = {
logRetentionSeconds = lib.mkOption {
type = lib.types.int;
description = "How long do we retain logs (seconds)";
default = 29 * (24 * 60 * 60); # 29 days, to accomodate for the journald log rotation (1 day).
};
};
}
......@@ -7,7 +7,11 @@
# https://grafana.com/docs/loki/latest/configuration/examples/#complete-local-configyaml
#
{
{ config, ...}:
let
logRetention = toString(config.services.private-storage.monitoring.policy.logRetentionSeconds) + "s";
in {
config.networking.firewall.interfaces.monitoringvpn.allowedTCPPorts = [ 3100 ];
config.services.loki = {
......@@ -61,7 +65,7 @@
table_manager = {
retention_deletes_enabled = true;
retention_period = "336h"; # two weeks
retention_period = logRetention;
};
};
};
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment