From ee99a03a45605adbc9291804e4a759e902475178 Mon Sep 17 00:00:00 2001
From: Someone <someone@somenet.org>
Date: Thu, 8 Jan 2026 21:27:49 +0100
Subject: [PATCH] [roles/base/logrotate] install + update logrotate

---
 roles/base/logrotate/files/default/d.rsyslog  | 38 +++++++++++
 .../logrotate/files/default/logrotate.conf    | 19 ++++++
 .../logrotate/files/default/logrotate.timer   | 11 ++++
 roles/base/logrotate/tasks/main.yml           | 63 +++++++++++++++++++
 4 files changed, 131 insertions(+)
 create mode 100644 roles/base/logrotate/files/default/d.rsyslog
 create mode 100644 roles/base/logrotate/files/default/logrotate.conf
 create mode 100644 roles/base/logrotate/files/default/logrotate.timer
 create mode 100644 roles/base/logrotate/tasks/main.yml

diff --git a/roles/base/logrotate/files/default/d.rsyslog b/roles/base/logrotate/files/default/d.rsyslog
new file mode 100644
index 0000000..83f5829
--- /dev/null
+++ b/roles/base/logrotate/files/default/d.rsyslog
@@ -0,0 +1,38 @@
+#
+################################################
+### Managed by someone's ansible provisioner ###
+################################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2026 by someone <someone@somenet.org>
+#
+/var/log/syslog
+{
+	rotate 31
+	daily
+	missingok
+	notifempty
+	compress
+	delaycompress
+	sharedscripts
+	postrotate
+		/usr/lib/rsyslog/rsyslog-rotate
+	endscript
+}
+
+/var/log/mail.log
+/var/log/kern.log
+/var/log/auth.log
+/var/log/user.log
+/var/log/cron.log
+{
+	rotate 1
+	daily
+	missingok
+	notifempty
+	compress
+	delaycompress
+	sharedscripts
+	postrotate
+		/usr/lib/rsyslog/rsyslog-rotate
+	endscript
+}
diff --git a/roles/base/logrotate/files/default/logrotate.conf b/roles/base/logrotate/files/default/logrotate.conf
new file mode 100644
index 0000000..17e8c88
--- /dev/null
+++ b/roles/base/logrotate/files/default/logrotate.conf
@@ -0,0 +1,19 @@
+#
+################################################
+### Managed by someone's ansible provisioner ###
+################################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2026 by someone <someone@somenet.org>
+#
+# see "man logrotate" for details
+# rotate log files weekly
+daily
+rotate 31
+dateext
+dateyesterday
+copytruncate
+compress
+missingok
+
+# packages drop log rotation information into this directory
+include /etc/logrotate.d
diff --git a/roles/base/logrotate/files/default/logrotate.timer b/roles/base/logrotate/files/default/logrotate.timer
new file mode 100644
index 0000000..ab70976
--- /dev/null
+++ b/roles/base/logrotate/files/default/logrotate.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=Daily rotation of log files
+Documentation=man:logrotate(8) man:logrotate.conf(5)
+
+[Timer]
+OnCalendar=daily
+#RandomizedDelaySec=1h
+Persistent=true
+
+[Install]
+WantedBy=timers.target
diff --git a/roles/base/logrotate/tasks/main.yml b/roles/base/logrotate/tasks/main.yml
new file mode 100644
index 0000000..54824cd
--- /dev/null
+++ b/roles/base/logrotate/tasks/main.yml
@@ -0,0 +1,63 @@
+#####################################
+### someone's ansible provisioner ###
+#####################################
+# Part of: https://git.somenet.org/root/pub/somesible.git
+# 2017-2026 by someone <someone@somenet.org>
+#
+---
+- name: install logrotate
+  apt:
+    pkg:
+    - logrotate
+    state: present
+    policy_rc_d: 101
+  tags: "online"
+  ignore_errors: "{{ignore_online_errors | bool}}"
+
+
+- name: copy logrotate config
+  copy:
+    src: "{{item}}"
+    dest: "/etc/logrotate.conf"
+    mode: 0644
+    owner: "root"
+    group: "root"
+  with_first_found:
+    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/logrotate.conf"
+    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/logrotate.conf"
+    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/logrotate.conf"
+    - "default/logrotate.conf"
+
+
+- name: copy syslog logrotate config
+  copy:
+    src: "{{item}}"
+    dest: "/etc/logrotate.d/rsyslog"
+    mode: 0644
+    owner: "root"
+    group: "root"
+  with_first_found:
+    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/d.rsyslog"
+    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/d.rsyslog"
+    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/d.rsyslog"
+    - "default/d.rsyslog"
+
+
+- name: copy logrotate timer
+  copy:
+    src: "{{item}}"
+    dest: "/etc/systemd/system/logrotate.timer"
+    mode: 0644
+    owner: "root"
+    group: "root"
+  with_first_found:
+    - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/logrotate.timer"
+    - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/logrotate.timer"
+    - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/logrotate.timer"
+    - "default/logrotate.timer"
+
+
+- name: enable and start logrotate.timer
+  include_role: name="base/systemd/enable-and-start"
+  vars:
+    service_name: logrotate.timer
-- 
2.47.3