Mirror/nix-git
Mirror/nix-git
1
0
Fork 0
mirror of https://codeberg.org/privacy1st/nix-git synced 2025-02-23 10:15:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

journalwatch config

Browse Source
This commit is contained in:
Daniel Langbein 2025-02-18 13:57:01 +01:00
parent 50282ef775
commit 61da992b0d
Signed by: langfingaz
GPG Key ID: 6C47C753F0823002
1 changed files with 22 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
modules/journalwatch.nix
View File

@ -25,14 +25,24 @@
# #=> /nix/store/vzfvp7kizycs6lnks6icmlw3h1x6p7la-journalwatch-config # #=> /nix/store/vzfvp7kizycs6lnks6icmlw3h1x6p7la-journalwatch-config
# cat /nix/store/vzfvp7kizycs6lnks6icmlw3h1x6p7la-journalwatch-config/journalwatch/config # cat /nix/store/vzfvp7kizycs6lnks6icmlw3h1x6p7la-journalwatch-config/journalwatch/config
# cat /nix/store/vzfvp7kizycs6lnks6icmlw3h1x6p7la-journalwatch-config/journalwatch/patterns # cat /nix/store/vzfvp7kizycs6lnks6icmlw3h1x6p7la-journalwatch-config/journalwatch/patterns
#
# As bash script:
#
# nix-shell -p ripgrep
# service_file="$(systemctl show -P FragmentPath journalwatch.service)"
# store_path="$(rg -o 'XDG_CONFIG_HOME=(.+)"' -r '$1' < "${service_file}")"
# less "${store_path}/journalwatch/patterns"
# Find a message and view its details # Find a message and view its details
# journalctl -b -p5 -o json-pretty # journalctl -b -p5 -o json-pretty
# Then press "/", enter a pattern and press "Enter". # journalctl --since "2025-02-16T14:00:00" -p5 -o json-pretty
# Then press `/`, write a pattern and press `Enter`.
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
sshd_filter = '' stopped-service-consumption-summary = ''
\S+\.(service|scope|slice|swap|mount): Consumed ([0-9]+d )?([0-9]+h )?([0-9]+min )?[0-9\.]+(s|ms) CPU time(, .+)?\.'';
sshd-log = ''
Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: ED25519 SHA256:\S+ Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: ED25519 SHA256:\S+
# TODO: Change RSA key of yodaHedgehog to ED25519 # TODO: Change RSA key of yodaHedgehog to ED25519
Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+ Accepted publickey for (root|yoda) from \S+ port \S+ ssh2: RSA SHA256:\S+
@ -72,8 +82,7 @@ let
error: PAM: Authentication failure for illegal user \S+ from \S+ error: PAM: Authentication failure for illegal user \S+ from \S+
error: Protocol major versions differ: 2 vs\. 1 error: Protocol major versions differ: 2 vs\. 1
error: beginning MaxStartups throttling error: beginning MaxStartups throttling
fatal: Timeout before authentication for \S+ port [0-9]+ fatal: Timeout before authentication for \S+ port [0-9]+'';
'';
in in
{ {
assertions = [{ assertions = [{
@ -480,7 +489,7 @@ in
match = "IMAGE_NAME = /mysql:[0-9]+/"; match = "IMAGE_NAME = /mysql:[0-9]+/";
} }
{ {
filters = sshd_filter; filters = sshd-log;
match = "IMAGE_NAME = gitea/gitea:1"; match = "IMAGE_NAME = gitea/gitea:1";
} }
{ # yodaNas { # yodaNas
@ -650,7 +659,7 @@ in
} }
{ # yodaTux, yodaNas { # yodaTux, yodaNas
filters = '' filters = ''
\S+\.(service|scope|slice|swap|mount): Consumed ([0-9]+d )?([0-9]+h )?([0-9]+min )?[0-9\.]+(s|ms) CPU time(, .+)?\. ${stopped-service-consumption-summary}
# #
Reload requested from client PID [0-9]+ \('\.switch-to-conf'\) \(unit session-[0-9]+\.scope\)\.\.\. Reload requested from client PID [0-9]+ \('\.switch-to-conf'\) \(unit session-[0-9]+\.scope\)\.\.\.
# #
@ -822,10 +831,16 @@ in
# Sometimes (TODO maybe always since NixOS 24.11 ?) # Sometimes (TODO maybe always since NixOS 24.11 ?)
# SYSLOG_IDENTIFIER = sshd-session # SYSLOG_IDENTIFIER = sshd-session
{ {
filters = sshd_filter; filters = sshd-log;
match = "SYSLOG_IDENTIFIER = /(sshd|sshd-session)/"; match = "SYSLOG_IDENTIFIER = /(sshd|sshd-session)/";
} }
{
filters = ''
${stopped-service-consumption-summary}
'';
match = "SYSLOG_IDENTIFIER = systemd";
}
{ {
filters = '' filters = ''
pam_unix\(sudo:session\): session opened for user root\(uid=0\) by (yoda)?\(uid=[0-9]+\) pam_unix\(sudo:session\): session opened for user root\(uid=0\) by (yoda)?\(uid=[0-9]+\)