2023-09-18 15:32:43 +02:00
{ config , pkgs , . . . }:
{
2023-09-18 16:22:12 +02:00
# Systemd Journal Monitoring.
# Alternative:
# journal-biref
# https://github.com/twaugh/journal-brief
# https://opensource.com/article/20/7/systemd-journals-email
2023-09-18 15:32:43 +02:00
# Write to Systemd Journal:
# echo 'hello' | systemd-cat -p emerg
# echo 'hello' | systemd-cat -t someapp -p emerg
# View Systemd Journal.
2023-09-27 17:05:01 +02:00
# Output similar to dmesg
# journalctl -b -k
2023-09-18 15:32:43 +02:00
# Filter by app:
# journalctl -b -t someapp
# Filter by priority:
# journalctl -b -p 5
# Manually execute journalwatch timer:
# sudo systemctl start journalwatch.service
# Find a message and view its details
# journalctl -b -p5 -o json-pretty
# Then press "/" and enter a pattern, then press "Enter".
assertions = [ {
assertion = config . services . opensmtpd . enable ;
message = " j o u r n a l w a t c h r e q u i r e s a c o n f i g u r e d s e n d m a i l M T A , s e e s e n d m a i l - m t a . n i x . " ;
} ] ;
services . journalwatch = {
enable = true ;
# TODO: Same as configured by sendmail MTA.
mailFrom = " l a n g b e i n @ m a i l . d e " ;
mailTo = " d a n i e l + j o u r n a l w a t c h @ s y s t e m l i . o r g " ;
#interval = "hourly";
2023-09-27 16:44:56 +02:00
# Lowest priority of message to be considered. A value between 7 (“debug”), and 0 (“emerg”). Defaults to 6 (“info”). If you don't care about anything with “info” priority, you can reduce this to e.g. 5 (“notice”) to considerably reduce the amount of messages without needing many filterBlocks.
2023-09-18 15:32:43 +02:00
priority = 5 ;
# Default patterns: https://github.com/The-Compiler/journalwatch/blob/363725ac4b8aa841d87654fa8a63403a59ad1275/journalwatch.py#L71
2023-09-29 17:25:03 +02:00
# If the value of `match` starts and ends with a forward-slash, it is interpreted as a regular expression, if not, it's an exact match.
2023-09-18 15:32:43 +02:00
# `filters` are always regular expressions.
# All regular expressions have to match the full string!
2023-09-30 23:20:39 +02:00
#
# TODO: A "\s" in the double-quoted string `match` is inserted as `s` in the generated config file! We have to use "\\s" to insert `\s`.
# TODO: A ''\s'' in the multiline string `filter` is inserted as `\s` in the generated config file.
#
2023-09-18 15:32:43 +02:00
filterBlocks = [
2023-09-20 15:39:26 +02:00
2023-09-29 13:10:26 +02:00
#
# _TRANSPORT
#
{ # yodaNas
filters = ''
booting system configuration /nix/store / \ S + \ . 0 5 pre-git
'' ;
match = " _ T R A N S P O R T = k e r n e l " ;
}
2023-09-27 16:44:56 +02:00
#
# _EXE
#
{ # yodaNas
filters = ''
# Ignore any invocation of sudo.
. *
'' ;
2023-09-27 17:05:01 +02:00
match = " _ E X E = / / n i x / s t o r e / [ a - z 0 - 9 ] + - s u d o - [ 0 - 9 ] + \. [ 0 - 9 ] + \. [ 0 - 9 ] + [ a - z 0 - 9 ] + / b i n / s u d o / " ;
2023-09-27 16:44:56 +02:00
}
2023-09-23 19:16:38 +02:00
#
# _SYSTEMD_CGROUP
#
{ # yodaYoga
filters = ''
2023-09-27 16:44:56 +02:00
parent not found ! continent_id [ 0 -9 ] +
2023-09-23 19:16:38 +02:00
'' ;
match = " _ S Y S T E M D _ C G R O U P = / s y s t e m . s l i c e / d o c k e r . s e r v i c e " ;
}
2023-09-29 17:25:03 +02:00
#
# CONTAINER_NAME
#
{ # yodaNas
filters = ''
. *
'' ;
2023-10-02 16:12:35 +02:00
match = " C O N T A I N E R _ N A M E = / ( d o c k e r - c o m p o s e - b t p - p r o x y - 1 | n c _ w e b _ [ ^ - _ \\ s ] + | n g i n x _ a r c h \. p 1 s t \. d e ) / " ;
2023-09-29 17:25:03 +02:00
}
{ # yodaNas
# TODO: Open issue on GitHub https://github.com/nginx-proxy/nginx-proxy/issues/1256. Maybe set env variable RESOLVERS=1.1.1.1?
filters = ''
2023-09-29 17:35:22 +02:00
\ S + \ S + \ [ warn \ ] \ S + : no resolver defined to resolve r3 \ . o \ . lencr \ . org while requesting certificate status , responder : r3 \ . o \ . lencr \ . org , certificate : " / e t c / n g i n x / c e r t s / \S + \. c r t "
2023-09-29 17:25:03 +02:00
'' ;
match = " C O N T A I N E R _ N A M E = n g i n x - p r o x y " ;
}
2023-09-24 22:07:58 +02:00
#
# IMAGE_NAME
#
2023-09-30 15:58:06 +02:00
{ # yodaNas, yodaYoga
2023-09-24 22:07:58 +02:00
filters = ''
2023-09-29 17:25:03 +02:00
. *
2023-09-24 22:07:58 +02:00
'' ;
2023-10-02 16:12:35 +02:00
match = " I M A G E _ N A M E = / ( p 1 s t / d o c k e r - g e n : . + | n g i n x p r o x y / a c m e - c o m p a n i o n | b i k e t r i p p l a n n e r / d i g i t r a n s i t - u i : . + | t h e t o r p r o j e c t / s n o w f l a k e - p r o x y : . + | c o l l a b o r a / c o d e | w o r d p r e s s ) / " ;
2023-09-30 14:25:11 +02:00
}
2023-09-30 15:58:06 +02:00
{ # yodaNas
2023-09-30 14:25:11 +02:00
filters = ''
\ S + \ S + [ error ] \ S + : \ S + open \ ( \ ) " / u s r / s h a r e / n g i n x / h t m l / r o b o t s . t x t " failed \ ( 2 : No such file or directory \ ) , client : \ S + , server : localhost , request : " G E T / r o b o t s . t x t H T T P / [ ^ " ] + " , h o s t : " [ ^ " ] + "
'' ;
match = " I M A G E _ N A M E = / n g i n x : \S + / " ;
2023-09-24 22:07:58 +02:00
}
2023-09-29 13:10:26 +02:00
{ # yodaNas
# TODO: logged IP is not the public one, but always 172.24.0.6
filters = ''
Could not yet connect with DB \ . Retrying in 1 0 s \ . \ . \ .
2023-09-29 17:25:03 +02:00
[ 0 -9 ] \ [ [ > - ] + \ ] [ 0 -9 ] \ [ [ > - ] + \ ]
2023-09-29 13:10:26 +02:00
# 1.1.1.1 - 28/Sep/2023:21:03:39 +0000 "GET /status.php" 200
# 1.1.1.1 - 28/Sep/2023:21:12:16 +0000 "GET /index.php" 200
# 1.1.1.1 - my-username 28/Sep/2023:21:20:16 +0000 "DELETE /index.php" 200
2023-09-30 15:58:06 +02:00
[ 0 -9 ] + \ . [ 0 -9 ] + \ . [ 0 -9 ] + \ . [ 0 -9 ] + - \ S * \ S + \ + 0000 " ( D E L E T E | G E T | P A T C H | P O S T | P U T ) / ( i n d e x | s t a t u s ) \. p h p " ( 200 | 204 | 302 | 303 | 304 | 404 | 405 )
2023-09-29 13:10:26 +02:00
# 1.1.1.1 - my-username 28/Sep/2023:21:10:18 +0000 "PROPFIND /remote\.php" 207
2023-10-02 16:12:35 +02:00
[ 0 -9 ] + \ . [ 0 -9 ] + \ . [ 0 -9 ] + \ . [ 0 -9 ] + - \ S * \ S + \ + 0000 " ( D E L E T E | G E T | H E A D | M K C O L | M O V E | O P T I O N S | P O S T | P R O P F I N D | P U T | R E P O R T ) / r e m o t e \. p h p " ( 200 | 201 | 204 | 207 | 401 | 404 | 405 )
2023-09-29 13:10:26 +02:00
# 1.1.1.1 - my-username 28/Sep/2023:21:11:48 +0000 "GET /ocs/v2.php" 304
# 1.1.1.1 - 28/Sep/2023:21:13:10 +0000 "GET /ocs/v2.php" 304
2023-09-30 14:25:11 +02:00
[ 0 -9 ] + \ . [ 0 -9 ] + \ . [ 0 -9 ] + \ . [ 0 -9 ] + - \ S * \ S + \ + 0000 " ( D E L E T E | G E T ) / o c s / ( v 1 | v 2 ) \. p h p " ( 200 | 304 | 404 )
[ 0 -9 ] + \ . [ 0 -9 ] + \ . [ 0 -9 ] + \ . [ 0 -9 ] + - \ S * \ S + \ + 0000 " G E T / o c s - p r o v i d e r / i n d e x \. p h p " 200
[ 0 -9 ] + \ . [ 0 -9 ] + \ . [ 0 -9 ] + \ . [ 0 -9 ] + - \ S * \ S + \ + 0000 " P R O P F I N D / p u b l i c \. p h p " ( 207 | 401 | 404 )
2023-09-29 13:10:26 +02:00
'' ;
match = " I M A G E _ N A M E = p 1 s t / n e x t c l o u d : s t a b l e - f p m - a l p i n e " ;
}
{ # yodaNas
filters = ''
\ S + browserless:server Health check stats : CPU [ 0 -9 ] + % , MEM : [ 0 -9 ] + % ,
\ S + browserless:server Health check stats : CPU [ 0 -9 ] + % , [ 0 -9 ] + % MEM : [ 0 -9 ] + % , [ 0 -9 ] + %
\ S + browserless:server Current period usage:.+
'' ;
match = " I M A G E _ N A M E = b r o w s e r l e s s / c h r o m e " ;
}
{ # yodaNas
filters = ''
\ S + [ 0 -9 ] + \ [ Warning \ ] \ [ MY-013360 \ ] \ [ Server \ ] Plugin mysql_native_password reported : '' ' m y s q l _ n a t i v e _ p a s s w o r d ' i s d e p r e c a t e d a n d w i l l b e r e m o v e d i n a f u t u r e r e l e a s e \ . P l e a s e u s e c a c h i n g _ s h a 2 _ p a s s w o r d i n s t e a d '
'' ;
match = " I M A G E _ N A M E = / m y s q l : [ 0 - 9 ] + / " ;
}
{ # yodaNas
filters = ''
2023-09-29 13:14:05 +02:00
crond : USER root pid [ 0 -9 ] + cmd wget - qO- http://money \ . p1st \ . de:8080/api/v1/cron/ \ S + > /proc/1/fd/1 2 > /proc/1/fd/2
2023-09-29 13:10:26 +02:00
'' ;
match = " I M A G E _ N A M E = b u s y b o x " ;
}
{ # yodaNas
filters = ''
. *
'' ;
match = " I M A G E _ N A M E = / ( d e l u a n / n a v i d r o m e | g h c r \. i o / d g t l m o o n / c h a n g e d e t e c t i o n \. i o ) / " ;
}
2023-09-24 22:07:58 +02:00
2023-09-20 15:39:26 +02:00
#
# _SYSTEMD_UNIT
#
2023-09-18 15:45:26 +02:00
{ # yodaTux
filters = ''
2023-09-27 16:44:56 +02:00
. *
2023-09-18 15:45:26 +02:00
'' ;
2023-09-20 11:34:32 +02:00
match = " _ S Y S T E M D _ U N I T = / ( b l u e t o o t h \. s e r v i c e | c u p s \. s e r v i c e ) / " ;
2023-09-18 15:45:26 +02:00
}
2023-09-20 11:34:32 +02:00
{ # yodaYoga
2023-09-18 15:45:26 +02:00
filters = ''
2023-09-27 16:44:56 +02:00
# Somebody evil ...
2023-09-30 14:25:11 +02:00
error : kex_exchange_identification : banner line contains invalid characters
# error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_188.194.209.73_2222"
# error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
error : kex_exchange_identification : client sent invalid protocol identifier " [ ^ " ] + "
2023-09-27 16:44:56 +02:00
error : kex_exchange_identification : Connection closed by remote host
2023-09-30 14:25:11 +02:00
error : kex_exchange_identification : read : Connection reset by peer
2023-09-27 16:44:56 +02:00
error : PAM : Authentication failure for \ S + from \ S +
2023-09-28 10:28:59 +02:00
fatal : Timeout before authentication for \ S + port [ 0 -9 ] +
2023-09-18 15:45:26 +02:00
'' ;
2023-09-20 11:34:32 +02:00
match = " _ S Y S T E M D _ U N I T = s s h d . s e r v i c e " ;
2023-09-18 15:45:26 +02:00
}
2023-09-20 15:39:26 +02:00
{ # yodaTux, yodaYoga
2023-09-18 15:45:26 +02:00
filters = ''
The system will suspend now !
2023-09-27 16:44:56 +02:00
The system will power off now !
2023-09-20 15:39:26 +02:00
System is powering down \ .
2023-09-18 15:45:26 +02:00
'' ;
match = " _ S Y S T E M D _ U N I T = s y s t e m d - l o g i n d . s e r v i c e " ;
}
{ # yodaTux
filters = ''
2023-09-20 15:39:26 +02:00
Reexecuting \ .
( finished ) ? switching to system configuration /nix/store/.+-nixos-system-.+- [ 0 -9 ] + \ . [ 0 -9 ] + pre-git
2023-09-18 15:45:26 +02:00
'' ;
match = " _ S Y S T E M D _ U N I T = u s e r @ 0 . s e r v i c e " ;
}
{ # yodaTux
filters = ''
2023-09-20 15:39:26 +02:00
Reexecuting \ .
2023-09-18 15:45:26 +02:00
( finished ) ? switching to system configuration /nix/store/.+-nixos-system-.+- [ 0 -9 ] + \ . [ 0 -9 ] + pre-git
'' ;
match = " _ S Y S T E M D _ U N I T = u s e r @ 1 0 0 0 . s e r v i c e " ;
}
{ # yodaTux
filters = ''
Reloading rules
2023-09-20 15:39:26 +02:00
Collecting garbage unconditionally \ . \ . \ .
2023-09-18 15:45:26 +02:00
Loading rules from directory /.+
Finished loading , compiling and executing [ 0 -9 ] + rules
'' ;
match = " _ S Y S T E M D _ U N I T = p o l k i t . s e r v i c e " ;
}
{ # yodaTux
filters = ''
. + error name = " o r g \. b l u e z \. M e d i a E n d p o i n t 1 \. E r r o r \. N o t I m p l e m e n t e d " . +
2023-09-20 11:34:32 +02:00
# Open issue: https://github.com/NixOS/nixpkgs/issues/79220
2023-09-23 15:22:24 +02:00
Unknown ( username | group ) . + in message bus configuration file
2023-09-18 15:45:26 +02:00
'' ;
2023-09-18 22:02:25 +02:00
match = " _ S Y S T E M D _ U N I T = d b u s . s e r v i c e " ;
}
2023-09-20 11:34:32 +02:00
{ # yodaTux
filters = ''
2023-09-20 13:38:26 +02:00
Mounted /dev / \ S + at / \ S + on behalf of uid [ 0 -9 ] +
Cleaning up mount point / \ S + \ ( device \ S + is not mounted \ )
Unmounted /dev / \ S + on behalf of uid [ 0 -9 ] +
Successfully sent SCSI command SYNCHRONIZE CACHE to /dev / \ S +
Successfully sent SCSI command START STOP UNIT to /dev / \ S +
Powered off /dev / \ S + - successfully wrote to sysfs path /sys/devices / \ S +
2023-09-20 11:34:32 +02:00
'' ;
2023-09-20 13:38:26 +02:00
match = " _ S Y S T E M D _ U N I T = u d i s k s 2 . s e r v i c e " ;
}
#
# SYSLOG_IDENTIFIER
#
{ # yodaTux. If the user `yoda` runs a command with `sudo`.
filters = ''
2023-09-23 18:36:51 +02:00
\ s + yoda : TTY = pts / [ 0 -9 ] ; PWD = / \ S + ; USER = root ; COMMAND = /.+
2023-09-20 13:38:26 +02:00
'' ;
match = " S Y S L O G _ I D E N T I F I E R = s u d o " ;
}
{ # yodaYoga
filters = ''
( finished ) ? switching to system configuration /nix/store/.+-nixos-system-.+- [ 0 -9 ] + \ . [ 0 -9 ] + pre-git
'' ;
match = " S Y S L O G _ I D E N T I F I E R = n i x o s " ;
2023-09-20 11:34:32 +02:00
}
2023-09-20 15:39:26 +02:00
{ # yodaYoga
filters = ''
2023-09-29 13:14:05 +02:00
\ S + \ . ( service | scope ) : Consumed . + CPU time , read . + from disk , written . + to disk . +
\ S + \ . ( service | scope ) : Consumed . + CPU time , received . + IP traffic , sent . + IP traffic \ .
2023-09-20 15:39:26 +02:00
#
Shutting down \ .
'' ;
match = " S Y S L O G _ I D E N T I F I E R = s y s t e m d " ;
}
2023-09-18 22:02:25 +02:00
{ # yodaTux
filters = ''
. *
'' ;
match = " S Y S L O G _ I D E N T I F I E R = / / n i x / s t o r e / . + / l i b e x e c / g d m - x - s e s s i o n / " ;
2023-09-18 15:45:26 +02:00
}
2023-09-23 15:22:24 +02:00
{ # yodaTux, yodaTab
2023-09-18 15:45:26 +02:00
filters = ''
2023-09-23 15:22:24 +02:00
#
# YodaTux
#
2023-09-20 22:24:33 +02:00
# Bug.
2023-09-18 15:45:26 +02:00
ACPI : FW issue : working around C-state latencies out of order
# Kernel WiFi driver bug.
2023-09-23 15:22:24 +02:00
#iwlwifi 0000:01:00\.0: .*
iwlwifi 0000 : 01 : 00 \ .0 : Unhandled alg : 0 x707
iwlwifi 0000 : 01 : 00 \ .0 : Not associated and the session protection is over already . . .
2023-09-23 19:16:38 +02:00
iwlwifi 0000 : 01 : 00 \ .0 : api flags index 2 larger than supported by driver
2023-09-20 22:24:33 +02:00
# Ignore.
2023-09-29 13:10:26 +02:00
audit : type = 2000 audit ( [ 0 -9 ] + \ . [ 0 -9 ] + : [ 0 -9 ] + ) : state = initialized audit_enabled = 0 res = 1
ENERGY_PERF_BIAS : Set to ' normal' , was ' performance'
2023-09-29 13:14:05 +02:00
Kernel command line : initrd = \ \ efi \ \ nixos \ \ \ S + - initrd-linux- \ S + - initrd \ . efi init = /nix/store / \ S + - nixos-system- \ S + - [ 0 -9 ] + \ . [ 0 -9 ] +pre-git/init ip = dhcp loglevel = [ 0 -9 ]
2023-09-29 13:10:26 +02:00
Linux version \ S + \ ( nixbld @ localhost \ ) \ ( gcc \ ( GCC \ ) \ S + , GNU ld \ ( GNU Binutils \ ) \ S + \ ) #1-NixOS SMP PREEMPT_DYNAMIC \S+ \S+ \S+ \S+ UTC \S+
2023-09-20 11:34:32 +02:00
random : crng reseeded on system resumption
2023-09-27 16:44:56 +02:00
random : crng init done
2023-09-27 17:05:01 +02:00
sd [ 0 -9 ] : 0 : 0 : 0 : \ [ sd [ a-z ] \ ] [ 0 -9 ] + 5 1 2 - byte logical blocks : \ ( [ 0 -9 ] + GB / [ 0 -9 ] + ( GiB | TiB ) \ )
sd [ 0 -9 ] : 0 : 0 : 0 : \ [ sd [ a-z ] \ ] [ 0 -9 ] - byte physical blocks
sd [ 0 -9 ] : 0 : 0 : 0 : \ [ sd [ a-z ] \ ] Write Protect is off
sd [ 0 -9 ] : 0 : 0 : 0 : \ [ sd [ a-z ] \ ] Write cache : enabled , read cache : enabled , doesn't support DPO or FUA
sd [ 0 -9 ] : 0 : 0 : 0 : \ [ sd [ a-z ] \ ] Optimal transfer size [ 0 -9 ] + bytes not a multiple of preferred minimum block size ( [ 0 -9 ] bytes )
sd [ 0 -9 ] : 0 : 0 : 0 : \ [ sd [ a-z ] \ ] Attached SCSI disk
sd [ 0 -9 ] : 0 : 0 : 0 : \ [ sd [ a-z ] \ ] Synchronizing SCSI cache
2023-09-29 13:10:26 +02:00
sd [ 0 -9 ] : 0 : 0 : 0 : \ [ sd [ a-z ] \ ] supports TCG Opal
\ #3
2023-09-23 15:22:24 +02:00
#
# YodaTab
#
# Ignore.
mmc0 : cannot verify signal voltage switch
2023-09-27 16:44:56 +02:00
Initialise system trusted keyrings
Key type asymmetric registered
Asymmetric key parser ' x509' registered
2023-09-29 13:14:05 +02:00
Loading compiled-in X \ .509 certificates
2023-09-27 16:44:56 +02:00
Key type \ . fscrypt registered
Key type fscrypt-provisioning registered
Key type encrypted registered
Bridge firewalling registered
SCSI subsystem initialized
2023-09-27 17:00:39 +02:00
scsi [ 0 -9 ] : 0 : 0 : 0 : Direct-Access \ s + ATA . + PQ : 0 ANSI : 5
2023-09-27 17:05:01 +02:00
scsi [ 0 -9 ] : 0 : 0 : 0 : Direct-Access . + PQ : 0 ANSI : 6
2023-09-27 16:44:56 +02:00
thinkpad_acpi : Disabling thinkpad-acpi brightness events by default \ . \ . \ .
2023-09-27 17:05:01 +02:00
VFS : Disk quotas dquot_ [ 0 -9 ] \ . [ 0 -9 ] \ . [ 0 -9 ]
ata1 \ .00 : supports DRM functions and may not be fully accessible
2023-09-23 15:22:24 +02:00
#
done \ .
2023-09-18 15:45:26 +02:00
'' ;
match = " S Y S L O G _ I D E N T I F I E R = k e r n e l " ;
}
2023-09-20 11:34:32 +02:00
{ # yodaTux
filters = ''
. *
'' ;
match = " S Y S L O G _ I D E N T I F I E R = s i m p l e - s c a n " ;
}
2023-09-20 13:38:26 +02:00
#
# _SYSTEMD_USER_UNIT
#
2023-09-23 15:22:24 +02:00
{ # yodaTux, yodaTab
2023-09-20 13:38:26 +02:00
filters = ''
. + Setting AttentionNeeded to FALSE because EnsureCredentials \ ( \ ) succeded
2023-09-23 15:22:24 +02:00
Connecting to org \ . freedesktop \ . Tracker3 \ . Miner \ . Files
2023-09-20 13:38:26 +02:00
'' ;
match = " _ S Y S T E M D _ U S E R _ U N I T = d b u s . s e r v i c e " ;
}
2023-09-20 11:34:32 +02:00
{ # yodaTux
filters = ''
. *
'' ;
2023-09-23 15:22:24 +02:00
match = " _ S Y S T E M D _ U S E R _ U N I T = / ( o r g \. g n o m e \. . + \. s e r v i c e | p i p e w i r e \. s e r v i c e | w i r e p l u m b e r \. s e r v i c e | a p p - g n o m e - o r g \. g n o m e \. S o f t w a r e - [ 0 - 9 ] + \. s c o p e ) / " ;
2023-09-20 11:34:32 +02:00
}
2023-09-18 15:32:43 +02:00
] ;
} ;
}