From b533b09c8f1e4f6e707c4b3494ee63ebd42db1e4 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Sat, 13 Jun 2026 04:30:40 +0900 Subject: [PATCH] base/various: add to slice `system-monitoring` --- base/default.nix | 4 ++++ base/services/fluentbit.nix | 1 + base/services/journald-upload.nix | 1 + base/services/prometheus-node-exporter.nix | 6 +++++- base/services/prometheus-systemd-exporter.nix | 6 +++++- base/services/rsyslogd.nix | 13 ++++++++++--- base/services/uptimed.nix | 4 +++- 7 files changed, 29 insertions(+), 6 deletions(-) diff --git a/base/default.nix b/base/default.nix index c99cd20..b103563 100644 --- a/base/default.nix +++ b/base/default.nix @@ -95,6 +95,10 @@ AllowHibernation = lib.mkDefault false; }; + systemd.slices."system-monitoring" = { + description = "Monitoring related services"; + }; + # users.mutableUsers = lib.mkDefault false; users.groups."drift".name = "drift"; diff --git a/base/services/fluentbit.nix b/base/services/fluentbit.nix index caf865c..9f8a9b7 100644 --- a/base/services/fluentbit.nix +++ b/base/services/fluentbit.nix @@ -88,6 +88,7 @@ in systemd.services.fluent-bit = lib.mkIf cfg.enable { serviceConfig = { + Slice = "system-monitoring.slice"; StateDirectory = "fluent-bit"; # NOTE: This hardening might be way too strong for general purpose use, don't upstream this. diff --git a/base/services/journald-upload.nix b/base/services/journald-upload.nix index e0277a4..6fb016d 100644 --- a/base/services/journald-upload.nix +++ b/base/services/journald-upload.nix @@ -14,6 +14,7 @@ in }; systemd.services."systemd-journal-upload".serviceConfig = lib.mkIf cfg.enable { + Slice = "system-monitoring.slice"; IPAddressDeny = "any"; IPAddressAllow = [ values.hosts.ildkule.ipv4 diff --git a/base/services/prometheus-node-exporter.nix b/base/services/prometheus-node-exporter.nix index 24d5843..d3b92e7 100644 --- a/base/services/prometheus-node-exporter.nix +++ b/base/services/prometheus-node-exporter.nix @@ -10,7 +10,7 @@ in enabledCollectors = [ "systemd" ]; }; - services.nginx = { + services.nginx = lib.mkIf cfg.enable { enable = lib.mkDefault true; virtualHosts.${config.networking.fqdn} = lib.mkIf config.services.nginx.enable { @@ -31,4 +31,8 @@ in }; }; }; + + systemd.services = lib.mkIf cfg.enable { + "prometheus-node-exporter".serviceConfig.Slice = "system-monitoring.slice"; + }; } diff --git a/base/services/prometheus-systemd-exporter.nix b/base/services/prometheus-systemd-exporter.nix index 986bb14..4dbf5dc 100644 --- a/base/services/prometheus-systemd-exporter.nix +++ b/base/services/prometheus-systemd-exporter.nix @@ -13,7 +13,7 @@ in ]; }; - services.nginx = { + services.nginx = lib.mkIf cfg.enable { enable = lib.mkDefault true; virtualHosts.${config.networking.fqdn} = lib.mkIf config.services.nginx.enable { @@ -34,4 +34,8 @@ in }; }; }; + + systemd.services = lib.mkIf cfg.enable { + "prometheus-systemd-exporter".serviceConfig.Slice = "system-monitoring.slice"; + }; } diff --git a/base/services/rsyslogd.nix b/base/services/rsyslogd.nix index a7a496c..0a288f9 100644 --- a/base/services/rsyslogd.nix +++ b/base/services/rsyslogd.nix @@ -1,13 +1,20 @@ -{ ... }: +{ config, lib, ... }: +let + cfg = config.services.rsyslogd; +in { services.rsyslogd = { - enable = true; + enable = lib.mkDefault true; defaultConfig = '' *.* @loghost.pvv.ntnu.no ''; }; - services.journald.extraConfig = '' + services.journald.extraConfig = lib.mkIf cfg.enable '' ForwardToSyslog=yes ''; + + systemd.services = lib.mkIf cfg.enable { + "syslog".serviceConfig.Slice = "system-monitoring.slice"; + }; } diff --git a/base/services/uptimed.nix b/base/services/uptimed.nix index 9bc192c..5cd6c0a 100644 --- a/base/services/uptimed.nix +++ b/base/services/uptimed.nix @@ -23,7 +23,7 @@ in }; }; - systemd.services.uptimed = lib.mkIf (cfg.enable) { + systemd.services.uptimed = lib.mkIf cfg.enable { serviceConfig = let uptimed = pkgs.uptimed.overrideAttrs (prev: { postPatch = '' @@ -35,6 +35,8 @@ in }); in { + Slice = "system-monitoring.slice"; + Type = "notify"; ExecStart = lib.mkForce "${uptimed}/sbin/uptimed -f";