From d1cb03f213870fb9c2cc07bfc1929da10c5c479d Mon Sep 17 00:00:00 2001
From: eyjhb <eyjhbb@gmail.com>
Date: Wed, 18 Dec 2024 15:20:38 +0100
Subject: [PATCH 1/2] server.nginx: disables access logging

---
 shared/applications/server/nginx.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/shared/applications/server/nginx.nix b/shared/applications/server/nginx.nix
index e5c281f..0d837d5 100644
--- a/shared/applications/server/nginx.nix
+++ b/shared/applications/server/nginx.nix
@@ -22,6 +22,11 @@ in {
     # only allow PFS-enabled ciphers with AES256
     sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
 
+    # disable access logs
+    commonHttpConfig= ''
+      access_log off;
+    '';
+
     # setup a default site
     virtualHosts.default = {
       default = lib.mkDefault true;

From 629f8f02d7e7c662d95d7bff415ee18d02fe4490 Mon Sep 17 00:00:00 2001
From: eyjhb <eyjhbb@gmail.com>
Date: Wed, 18 Dec 2024 15:20:56 +0100
Subject: [PATCH 2/2] common-config.journald: only store in-memory, max 100MB,
 maximum 1d

Clears all logs on reboot, clears data after 100MB or after 1day,
whatever comes first.
---
 shared/base/common-config.nix | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/shared/base/common-config.nix b/shared/base/common-config.nix
index 814dc4b..7c6f8f2 100644
--- a/shared/base/common-config.nix
+++ b/shared/base/common-config.nix
@@ -6,7 +6,13 @@
       settings.PasswordAuthentication = false;
     };
 
-    journald.extraConfig = "SystemMaxUse=100M";
+    journald = {
+      storage = "volatile";
+      extraConfig = ''
+        SystemMaxUse=100M
+        MaxRetentionSec=1d
+      '';
+    };
   };
 
   nix = {