refactor(systemd-log): move systemd log config

Unify systemd log level configuration. Signed-off-by: Manuel Bluhm <[email protected]>
tiiuae · Feb 1, 2025 · 47bc804 · 47bc804
1 parent ef396c1
commit 47bc804
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 30 deletions.
diff --git a/modules/common/systemd/base.nix b/modules/common/systemd/base.nix
@@ -341,10 +341,22 @@ in
       default = false;
     };
 
-    verboseLogs = mkOption {
-      description = "Increase systemd log verbosity.";
-      type = types.bool;
-      default = false;
+    logLevel = mkOption {
+      description = ''
+        Systemd log verbosity. Must be one of 'debug', 'info', 'notice', 'warning', 'err',
+        'crit', 'alert', 'emerg'. Defaults to 'info'.
+      '';
+      type = types.enum [
+        "debug"
+        "info"
+        "notice"
+        "warning"
+        "err"
+        "crit"
+        "alert"
+        "emerg"
+      ];
+      default = "info";
     };
   };
 
@@ -358,9 +370,8 @@ in
       # Misc. configurations
       enableEmergencyMode = cfg.withDebug;
       coredump.enable = cfg.withDebug || cfg.withMachines;
-      managerEnvironment = optionalAttrs cfg.verboseLogs {
-        SYSTEMD_LOG_LEVEL = "debug";
-      };
+      managerEnvironment.SYSTEMD_LOG_LEVEL = cfg.logLevel;
+      globalEnvironment.SYSTEMD_LOG_LEVEL = cfg.logLevel;
 
       # Service startup optimization
       services.systemd-networkd-wait-online.enable = mkForce false;

diff --git a/modules/common/systemd/boot.nix b/modules/common/systemd/boot.nix
@@ -67,7 +67,6 @@ in
 
   config = mkIf cfg.enable {
     boot.initrd = {
-      verbose = cfgBase.verboseLogs;
       services.lvm.enable = true;
       systemd = {
         enable = true;
@@ -79,9 +78,7 @@ in
           pkgs.lvm2
           pkgs.util-linux
         ];
-        managerEnvironment = optionalAttrs cfgBase.verboseLogs {
-          SYSTEMD_LOG_LEVEL = "debug";
-        };
+        managerEnvironment.SYSTEMD_LOG_LEVEL = cfgBase.logLevel;
       };
     };
   };

diff --git a/modules/common/systemd/harden.nix b/modules/common/systemd/harden.nix
@@ -4,32 +4,19 @@
 let
   # Ghaf systemd config
   cfg = config.ghaf.systemd;
+  inherit (lib) mkIf mkOption types;
 in
 {
   options.ghaf.systemd = {
-    withHardenedConfigs = lib.mkOption {
+    withHardenedConfigs = mkOption {
       description = "Enable common hardened configs.";
-      type = lib.types.bool;
+      type = types.bool;
       default = false;
     };
-
-    logLevel = lib.mkOption {
-      description = ''
-        Log Level for systemd services.
-                  Available options: "emerg", "alert", "crit", "err", "warning", "info", "debug"
-      '';
-      type = lib.types.str;
-      default = "info";
-    };
   };
 
-  config = {
-    systemd = lib.mkMerge [
-      # Apply hardened systemd service configurations
-      (lib.mkIf cfg.withHardenedConfigs (import ./hardened-configs))
-
-      # Set systemd log level
-      { services."_global_".environment.SYSTEMD_LOG_LEVEL = cfg.logLevel; }
-    ];
+  config = mkIf cfg.withHardenedConfigs {
+    # Apply hardened systemd service configurations
+    systemd = import ./hardened-configs;
   };
 }