base/various: add to slice system-monitoring

base/default.nix

@@ -95,6 +95,10 @@
     AllowHibernation = lib.mkDefault false;
   };
 
+  systemd.slices."system-monitoring" = {
+    description = "Monitoring related services";
+  };
+
   # users.mutableUsers = lib.mkDefault false;
 
   users.groups."drift".name = "drift";

base/services/fluentbit.nix

@@ -88,6 +88,7 @@ in
 
   systemd.services.fluent-bit = lib.mkIf cfg.enable {
     serviceConfig = {
+      Slice = "system-monitoring.slice";
       StateDirectory = "fluent-bit";
 
       # NOTE: This hardening might be way too strong for general purpose use, don't upstream this.

base/services/journald-upload.nix

@@ -14,6 +14,7 @@ in
   };
 
   systemd.services."systemd-journal-upload".serviceConfig = lib.mkIf cfg.enable {
+    Slice = "system-monitoring.slice";
     IPAddressDeny = "any";
     IPAddressAllow = [
       values.hosts.ildkule.ipv4

base/services/prometheus-node-exporter.nix

@@ -10,7 +10,7 @@ in
     enabledCollectors = [ "systemd" ];
   };
 
-  services.nginx = {
+  services.nginx = lib.mkIf cfg.enable {
     enable = lib.mkDefault true;
 
     virtualHosts.${config.networking.fqdn} = lib.mkIf config.services.nginx.enable {
@@ -31,4 +31,8 @@ in
       };
     };
   };
+
+  systemd.services = lib.mkIf cfg.enable {
+    "prometheus-node-exporter".serviceConfig.Slice = "system-monitoring.slice";
+  };
 }

base/services/prometheus-systemd-exporter.nix

@@ -13,7 +13,7 @@ in
     ];
   };
 
-  services.nginx = {
+  services.nginx = lib.mkIf cfg.enable {
     enable = lib.mkDefault true;
 
     virtualHosts.${config.networking.fqdn} = lib.mkIf config.services.nginx.enable {
@@ -34,4 +34,8 @@ in
       };
     };
   };
+
+  systemd.services = lib.mkIf cfg.enable {
+    "prometheus-systemd-exporter".serviceConfig.Slice = "system-monitoring.slice";
+  };
 }

base/services/rsyslogd.nix

@@ -1,13 +1,20 @@
-{ ... }:
+{ config, lib, ... }:
+let
+  cfg = config.services.rsyslogd;
+in
 {
   services.rsyslogd = {
-    enable = true;
+    enable = lib.mkDefault true;
     defaultConfig = ''
       *.* @loghost.pvv.ntnu.no
     '';
   };
 
-  services.journald.extraConfig = ''
+  services.journald.extraConfig = lib.mkIf cfg.enable ''
     ForwardToSyslog=yes
   '';
+
+  systemd.services = lib.mkIf cfg.enable {
+    "syslog".serviceConfig.Slice = "system-monitoring.slice";
+  };
 }

base/services/uptimed.nix

@@ -23,7 +23,7 @@ in
       };
     };
 
-    systemd.services.uptimed = lib.mkIf (cfg.enable) {
+    systemd.services.uptimed = lib.mkIf cfg.enable {
       serviceConfig = let
         uptimed = pkgs.uptimed.overrideAttrs (prev: {
           postPatch = ''
@@ -35,6 +35,8 @@ in
         });
 
       in {
+        Slice = "system-monitoring.slice";
+
         Type = "notify";
 
         ExecStart = lib.mkForce "${uptimed}/sbin/uptimed -f";