From cadb3272e9bd0aeedc93142b0b7b161550ea6d4d Mon Sep 17 00:00:00 2001
From: Starbeamrainbowlabs <sbrl@starbeamrainbowlabs.com>
Date: Sun, 19 Jun 2022 17:57:45 +0100
Subject: [PATCH] rsyslog: add

---
 src/configs/rsyslog-client.conf      | 32 +++++++++++++++++++++
 src/steps-config/100-logging.sh      | 43 ++++++++++++++++++++++++++++
 src/steps-postinstall/100-logging.sh | 13 +++++++++
 3 files changed, 88 insertions(+)
 create mode 100644 src/configs/rsyslog-client.conf
 create mode 100755 src/steps-config/100-logging.sh
 create mode 100755 src/steps-postinstall/100-logging.sh

diff --git a/src/configs/rsyslog-client.conf b/src/configs/rsyslog-client.conf
new file mode 100644
index 0000000..00ec4fc
--- /dev/null
+++ b/src/configs/rsyslog-client.conf
@@ -0,0 +1,32 @@
+#################
+#### MODULES ####
+#################
+
+module(load="imuxsock") # provides support for local system logging
+module(load="imklog")   # provides kernel logging support
+#module(load="immark")  # provides --MARK-- message capability
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+# Where to place spool and state files
+$WorkDirectory /var/spool/rsyslog
+
+$IncludeConfig /etc/rsyslog.d/*.conf
+
+
+###############
+#### RULES ####
+###############
+$DefaultNetstreamDriverCAFile	/etc/ssl/isrg-root-x1-cross-signed.pem
+$DefaultNetstreamDriver			gtls
+$ActionSendStreamDriverMode		1		# Require TLS
+$ActionSendStreamDriverAuthMode	anon
+*.* @@(o)logs.mooncarrot.space:514	# Forward everything to our rsyslog server
+
+
+#
+# Emergencies are sent to everybody logged in.
+#
+*.emerg				:omusrmsg:*
diff --git a/src/steps-config/100-logging.sh b/src/steps-config/100-logging.sh
new file mode 100755
index 0000000..51e9bf0
--- /dev/null
+++ b/src/steps-config/100-logging.sh
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+logging_mode="$(ask_multichoice "Logging mode" "rsyslog-client" "ramlog" "none")";
+
+do_ramlog() {
+	if ! grep -q '# ---SBRL-RAMLOG---' /etc/fstab; then
+		echo "# ---SBRL-RAMLOG---" >>/etc/fstab;
+		echo "tmpfs /var/log tmpfs size=50M,noatime,lazytime,nodev,nosuid,noexec,mode=1777" >>/etc/fstab;
+	fi
+	echo "#!/usr/bin/env bash
+rm -rf /var/log/*
+" >/etc/cron.hourly/clear-logs
+	chmod +x /etc/cron.hourly/clear-logs;
+}
+
+case "${logging_mode}" in
+	rsyslog-client )
+		queue_apt_install "rsyslog" "rsyslog-gnutls";
+		
+		do_ramlog
+		;;
+	
+	ramlog )
+		do_ramlog
+		;;
+	
+	none )
+		if ! command_exists logrotate; then
+			task_begin "Installing logrotate";
+			
+			queue_apt_install logrotate;
+			
+			mkdir -p /etc/logrotate.d;
+			touch /etc/logrotate.d/misc;
+			
+			task_end "$?" "Failed to configure installation of logrotate";
+		fi
+		;;
+esac
+
+
+
+# TODO: Finish this off.
diff --git a/src/steps-postinstall/100-logging.sh b/src/steps-postinstall/100-logging.sh
new file mode 100755
index 0000000..8265a27
--- /dev/null
+++ b/src/steps-postinstall/100-logging.sh
@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+#shellcheck disable=2154
+case "${logging_mode}" in
+	rsyslog-client )
+		if [[ -r "/etc/rsyslog.conf" ]]; then
+			mv /etc/rsyslog.conf /etc/rsyslog.conf.dpkg-dist;
+		fi
+		cp configs/rsyslog-client.conf /etc/rsyslog.conf
+		;;
+esac
+
+systemctl restart rsyslog;