add bundle:rsyslogd

bundles/rsyslogd/files/logrotate.conf

@@ -0,0 +1,10 @@
+/var/log/rsyslog/*/*.log
+{
+    rotate 4
+    daily
+    missingok
+    notifempty
+    compress
+    delaycompress
+    copytruncate
+}

bundles/rsyslogd/files/rsyslog.conf

@@ -0,0 +1,18 @@
+# provides UDP syslog reception
+module(load="imudp")
+input(type="imudp" port="514")
+
+# provides TCP syslog reception
+module(load="imtcp")
+input(type="imtcp" port="514")
+
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+$WorkDirectory /var/spool/rsyslog
+
+$template remote-incoming-logs,"/var/log/rsyslog/%HOSTNAME%/%PROGRAMNAME%.log"
+*.* ?remote-incoming-logs

bundles/rsyslogd/items.py

@@ -0,0 +1,18 @@
+files['/etc/logrotate.d/rsyslog'] = {
+    'source': 'logrotate.conf',
+}
+
+files['/etc/rsyslog.conf'] = {
+    'triggers': {
+        'svc_systemd:rsyslog:restart',
+    },
+}
+
+svc_systemd['rsyslog'] = {
+    'needs': {
+        'pkg_apt:rsyslog',
+    },
+    'after': {
+        'file:/etc/rsyslog.conf',
+    },
+}

bundles/rsyslogd/metadata.py

@@ -0,0 +1,32 @@
+from bundlewrap.metadata import atomic
+
+defaults = {
+    'apt': {
+        'packages': {
+            'rsyslog': {},
+        },
+    },
+    'icinga2_api': {
+        'rsyslog': {
+            'services': {
+                'RSYSLOGD PROCESS': {
+                    'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_systemd_unit rsyslog',
+                },
+            },
+        },
+    },
+}
+
+
+@metadata_reactor.provides(
+    'firewall/port_rules',
+)
+def firewall(metadata):
+    return {
+        'firewall': {
+            'port_rules': {
+                '514': atomic(metadata.get('rsyslogd/restrict-to', set())),
+                '514/udp': atomic(metadata.get('rsyslogd/restrict-to', set())),
+            },
+        },
+    }

bundles/systemd/metadata.py

@@ -7,9 +7,6 @@ defaults = {
             'ntp': {
                 'installed': False,
             },
-            'rsyslog': {
-                'installed': False,
-            },
         },
     },
     'icinga2_api': {
@@ -26,6 +23,11 @@ defaults = {
     },
 }
 
+if not node.has_bundle('rsyslogd'):
+    defaults['apt']['packages']['rsyslog'] = {
+        'installed': False,
+    }
+
 if node.has_bundle('apt') and node.os_version[0] > 10:
     defaults['apt']['packages']['systemd-timesyncd'] = {
         'after': {

nodes/home/nas.py

@@ -8,6 +8,7 @@ nodes['home.nas'] = {
         'mixcloud-downloader',
         'mosquitto',
         'nfs-server',
+        'rsyslogd',
         'scansnap',
         'smartd',
         'vmhost',
@@ -133,6 +134,11 @@ nodes['home.nas'] = {
                 },
             },
         },
+        'rsyslogd': {
+            'restrict-to': {
+                'home',
+            },
+        },
         'smartd': {
             'disks': {
                 '/dev/nvme0',