forked from alexoundos/articles
useful commands for diagnostics
parent
069f98ce34
commit
57daae7466
25
article.md
25
article.md
|
@ -12,14 +12,14 @@ What NixOS does - it generates systemd configuration files in accordance to NixO
|
|||
|
||||
## overview of systemd services integration within NixOS configuration
|
||||
|
||||
NixOS features lots of systemd services, which are ready to use (without even knowing what systemd is) just by setting appropriate options in `configuration.nix`. For example, write `services.netdata.enable = true;` to enable [Netdata](https://www.netdata.cloud/) monitoring service. Documentation for all related options can be found on the [website](https://search.nixos.org/options?channel=unstable&from=0&size=50&sort=relevance&type=packages&query=services.) or in `man configuration.nix` (also in `man home-configuration.nix` for [managing desktop](https://github.com/nix-community/home-manager) user services). Often many useful high-level tunables are available as `services.<name>.*` options.
|
||||
NixOS features lots of systemd services, which are ready to use (without even knowing what systemd is) just by setting appropriate options in `configuration.nix`. For example, write `services.netdata.enable = true;` to enable [Netdata](https://www.netdata.cloud/) monitoring service. Documentation for all related options can be found on the [website](https://search.nixos.org/options?channel=unstable&from=0&size=50&sort=relevance&type=packages&query=services.) or in `man configuration.nix` _(also in `man home-configuration.nix` for [managing desktop](https://github.com/nix-community/home-manager) user services)_. Often many useful high-level tunables are available as `services.<name>.*` options.
|
||||
|
||||
When services, provided by NixOS, are insufficient or additional tuning is demanded, `systemd.services.<name>.*` set of options comes into play. They allow to define custom systemd services or modify existing ones. Regardless of the origin of a systemd service (provided by NixOS or written by yourself), `systemd` native directives for sections such as `[Unit]` and `[Service]` can be specified accordingly in the following [nix attribute sets](https://nixos.org/manual/nix/stable/language/values.html#attribute-set):
|
||||
|
||||
* `[Unix]`: `systemd.services.<name>.unitConfig = { SYSTEMD_DIRECTIVE = VALUE; ... }`
|
||||
* `[Service]`: `systemd.services.<name>.serviceConfig = { SYSTEMD_DIRECTIVE = VALUE; ... }`
|
||||
|
||||
String values must be enclosed in double quotes. Boolean values are written as `true` and `false`. This is just [Nix syntax](https://nixos.org/manual/nix/stable/language/index.html#overview).
|
||||
String values must be enclosed in double quotes. Boolean values are written as `true` and `false`. This is just [Nix language syntax](https://nixos.org/manual/nix/stable/language/index.html#overview).
|
||||
|
||||
`[Install]` section directives such as `Alias`, `WantedBy` and `RequiredBy` can be specified as [nix lists](https://learnxinyminutes.com/docs/nix/) in:
|
||||
|
||||
|
@ -180,15 +180,20 @@ _By specifying `1`, we're instructing `iptables` to insert the rule at the begin
|
|||
|
||||
## testing, monitoring, analyzing
|
||||
|
||||
### basic systemd commands for diagnostics
|
||||
### some useful commands for diagnostics of systemd services
|
||||
|
||||
- `systemctl status`, `systemctl restart`, `systemctl cat`, `htop` tree
|
||||
|
||||
`systemd-analyze`'s words "`SAFE`", "`EXPOSED`" and "`UNSAFE`" do not mean the factual situation, rather whether various systemd hardedning features are in use or not.
|
||||
|
||||
To monitor systemd service output in real time, you can use `journalctl -u nginx -f` (by analogy with `tail -f`).
|
||||
|
||||
In case you want to see logs only for previous boot, use `-1`, like here `journalctl -b-1 -u nginx`.
|
||||
- `systemctl list-unit-files` - list of all units with their current status
|
||||
- `systemctl start <name>`
|
||||
- `systemctl restart <name>`
|
||||
- `systemctl stop <name>`
|
||||
- `systemctl status <name>` - unit state, started/stopped timestamps , running processes, etc
|
||||
- `systemctl cat <name>` - contents of a systemd unit file, generated by NixOS
|
||||
- `systemctl show <name>` - actual properties of a systemd unit in effect
|
||||
- `journalctl -u <name> -f` - to monitor systemd service output in real time (by analogy with `tail -f`)
|
||||
- `journalctl -b-1 -u <name>` - in case you want to see logs only for previous boot
|
||||
- `systemd-analyze security` - show security summary for all running services ("`SAFE`", "`EXPOSED`" and "`UNSAFE`" do not mean the factual situation, rather whether various systemd hardedning features are in use or not)
|
||||
- `systemd-analyze security <name>` - show more detailed analysis for the specified service
|
||||
- `htop` using tree view (`F5`) - to inspect the whole tree of processes/threads
|
||||
|
||||
### cgroups
|
||||
|
||||
|
|
Loading…
Reference in New Issue