Add storage override for journald

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2024-08-29 00:23:18 +02:00
parent a9fbe7d2f5
commit 8a6a1d81c1
Signed by: luzifer
SSH key fingerprint: SHA256:/xtE5lCgiRDQr8SLxHMS92ZBlACmATUmF1crK16Ks4E
4 changed files with 22 additions and 1 deletions

View file

@ -3,6 +3,7 @@ default:
apply-playbook: apply-playbook:
ansible-playbook \ ansible-playbook \
--diff \ --diff \
--extra-vars "pacman_action=test" \
--inventory base/usr/share/luzifer/base-setup/inventory \ --inventory base/usr/share/luzifer/base-setup/inventory \
base/usr/share/luzifer/base-setup/playbook.yaml base/usr/share/luzifer/base-setup/playbook.yaml
@ -10,5 +11,6 @@ test-playbook:
ansible-playbook \ ansible-playbook \
--check \ --check \
--diff \ --diff \
--extra-vars "pacman_action=test" \
--inventory base/usr/share/luzifer/base-setup/inventory \ --inventory base/usr/share/luzifer/base-setup/inventory \
base/usr/share/luzifer/base-setup/playbook.yaml base/usr/share/luzifer/base-setup/playbook.yaml

View file

@ -7,7 +7,7 @@ pkgname=(
luzifer-gui luzifer-gui
luzifer-lenovo-gui luzifer-lenovo-gui
) )
pkgver=0.13.0 pkgver=0.13.1
pkgrel=1 pkgrel=1
pkgdesc='System configuration for @luzifer systems' pkgdesc='System configuration for @luzifer systems'
arch=(any) arch=(any)

View file

@ -18,3 +18,7 @@ net.ipv6.conf.default.accept_redirects = 0
# CNSPEC: Ensure secure ICMP redirects are not accepted # CNSPEC: Ensure secure ICMP redirects are not accepted
net.ipv4.conf.all.secure_redirects = 0 net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0 net.ipv4.conf.default.secure_redirects = 0
# CNSPEC: Ensure packet redirect sending is disabled
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0

View file

@ -57,4 +57,19 @@
mode: '0640' mode: '0640'
owner: root owner: root
- name: Create journald override dir
file:
dest: /etc/systemd/journald.conf.d
state: directory
- name: Configure journald to store persistent logs
copy:
content: |
[Journal]
# CSPEC: Ensure journald is configured to write logfiles to persistent disk
Storage=persistent
dest: /etc/systemd/journald.conf.d/10-luzifer-base-store-persistent.conf
mode: '0644'
owner: root
... ...