Journald
services.journald.console
If non-empty, write log messages to the specified TTY device.
Type: string
Default
""
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald.nix
services.journald.extraConfig
Extra config options for systemd-journald. See {manpage}journald.conf(5)
for available options.
Type: strings concatenated with "\n"
Default
""
Example
"Storage=volatile"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald.nix
services.journald.forwardToSyslog
Whether to forward log messages to syslog.
Type: boolean
Default
services.rsyslogd.enable || services.syslog-ng.enable
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald.nix
services.journald.gateway.cert
The path to a file or AF_UNIX stream socket to read the server
certificate from.
The certificate must be in PEM format. This option switches
systemd-journal-gatewayd into HTTPS mode and must be used together
with {option}services.journald.gateway.key.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-gateway.nix
services.journald.gateway.enable
Whether to enable the HTTP gateway to the journal.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-gateway.nix
services.journald.gateway.key
Specify the path to a file or AF_UNIX stream socket to read the
secret server key corresponding to the certificate specified with
{option}services.journald.gateway.cert from.
The key must be in PEM format.
This key should not be world-readable, and must be readably by the
systemd-journal-gateway user.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-gateway.nix
services.journald.gateway.merge
Serve entries interleaved from all available journals, including other machines.
This has the same meaning as --merge option for
{manpage}journalctl(1).
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-gateway.nix
services.journald.gateway.port
The port to listen to.
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
19531
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-gateway.nix
services.journald.gateway.system
Serve entries from system services and the kernel.
This has the same meaning as --system for {manpage}journalctl(1).
Type: boolean
Default
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-gateway.nix
services.journald.gateway.trust
Specify the path to a file or AF_UNIX stream socket to read a CA
certificate from.
The certificate must be in PEM format.
Setting this option enforces client certificate checking.
Type: null or string
Default
null
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-gateway.nix
services.journald.gateway.user
Serve entries from services for the current user.
This has the same meaning as --user for {manpage}journalctl(1).
Type: boolean
Default
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-gateway.nix
services.journald.rateLimitBurst
Configures the rate limiting burst limit (number of messages per interval) that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit.
Note that the effective rate limit is multiplied by a factor derived from the available free disk space for the journal as described on journald.conf(5).
Note that the total amount of logs stored is limited by journald settings
such as SystemMaxUse, which defaults to 10% the file system size
(capped at max 4GB), and SystemKeepFree, which defaults to 15% of the
file system size.
It is thus recommended to compute what period of time that you will be able to store logs for when an application logs at full burst rate. With default settings for log lines that are 100 Bytes long, this can amount to just a few hours.
Type: signed integer
Default
10000
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald.nix
services.journald.rateLimitInterval
Configures the rate limiting interval that is applied to all messages generated on the system. This rate limiting is applied per-service, so that two services which log do not interfere with each other's limit. The value may be specified in the following units: s, min, h, ms, us. To turn off any kind of rate limiting, set either value to 0.
See {option}services.journald.rateLimitBurst for important
considerations when setting this value.
Type: string
Default
"30s"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald.nix
services.journald.remote.enable
Whether to enable receiving systemd journals from the network.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-remote.nix
services.journald.remote.listen
Which protocol to listen to.
Type: one of "https", "http"
Default
"https"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-remote.nix
services.journald.remote.output
The location of the output journal.
In case the output file is not specified, journal files will be created
underneath the selected directory. Files will be called
{file}remote-hostname.journal, where the hostname part is the
escaped hostname of the source endpoint of the connection, or the
numerical address if the hostname cannot be determined.
Type: string
Default
"/var/log/journal/remote/"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-remote.nix
services.journald.remote.port
The port to listen to.
Note that this option is used only if
{option}services.journald.upload.listen is configured to be either
"https" or "http".
Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)
Default
19532
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-remote.nix
services.journald.remote.settings
Configuration in the journal-remote configuration file. See
{manpage}journal-remote.conf(5) for available options.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-remote.nix
services.journald.remote.settings.Remote.Seal
Periodically sign the data in the journal using Forward Secure Sealing.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-remote.nix
services.journald.remote.settings.Remote.ServerCertificateFile
A path to a SSL certificate file in PEM format.
This option can be used with listen = "https". If the path
refers to an AF_UNIX stream socket in the file system a
connection is made to it and the certificate read from it.
Type: string
Default
"/etc/ssl/certs/journal-remote.pem"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-remote.nix
services.journald.remote.settings.Remote.ServerKeyFile
A path to a SSL secret key file in PEM format.
Note that due to security reasons, systemd-journal-remote will
refuse files from the world-readable /nix/store. This file
should be readable by the "" user.
This option can be used with listen = "https". If the path
refers to an AF_UNIX stream socket in the file system a
connection is made to it and the key read from it.
Type: string
Default
"/etc/ssl/private/journal-remote.pem"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-remote.nix
services.journald.remote.settings.Remote.SplitMode
With "host", a separate output file is used, based on the hostname of the other endpoint of a connection. With "none", only one output journal file is used.
Type: one of "host", "none"
Default
"host"
Example
"none"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-remote.nix
services.journald.remote.settings.Remote.TrustedCertificateFile
A path to a SSL CA certificate file in PEM format, or all.
If all is set, then client certificate checking will be
disabled.
This option can be used with listen = "https". If the path
refers to an AF_UNIX stream socket in the file system a
connection is made to it and the certificate read from it.
Type: string
Default
"/etc/ssl/ca/trusted.pem"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-remote.nix
services.journald.storage
Controls where to store journal data. See
{manpage}journald.conf(5) for further information.
Type: one of "persistent", "volatile", "auto", "none"
Default
"persistent"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald.nix
services.journald.upload.enable
Whether to enable uploading the systemd journal to a remote server.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-upload.nix
services.journald.upload.settings
Configuration for journal-upload. See {manpage}journal-upload.conf(5)
for available options.
Type: attribute set of section of an INI file (attrs of INI atom (null, bool, int, float or string) or a list of them for duplicate keys)
Default
{ }
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-upload.nix
services.journald.upload.settings.Upload.NetworkTimeoutSec
When network connectivity to the server is lost, this option configures the time to wait for the connectivity to get restored.
If the server is not reachable over the network for the
configured time, systemd-journal-upload exits. Takes a value in
seconds (or in other time units if suffixed with "ms", "min",
"h", etc). For details, see {manpage}systemd.time(5).
Type: null or string
Default
null
Example
"1s"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-upload.nix
services.journald.upload.settings.Upload.ServerCertificateFile
SSL CA certificate in PEM format.
In contrary to what the name suggests, this option configures the client certificate sent to the remote journal server.
Type: null or string
Default
null
Example
./server-ca.pem
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-upload.nix
services.journald.upload.settings.Upload.ServerKeyFile
SSL key in PEM format.
In contrary to what the name suggests, this option configures the client private key sent to the remote journal server.
This key should not be world-readable, and must be readably by
the systemd-journal group.
Type: null or string
Default
null
Example
./server-key.pem
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-upload.nix
services.journald.upload.settings.Upload.TrustedCertificateFile
SSL CA certificate.
This certificate will be used to check the remote journal HTTPS server certificate.
Type: null or string
Default
null
Example
./ca
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-upload.nix
services.journald.upload.settings.Upload.URL
The URL to upload the journal entries to.
See the description of --url= option in
{manpage}systemd-journal-upload(8) for the description of
possible values.
Type: string
Example
"https://192.168.1.1"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/system/boot/systemd/journald-upload.nix