From 8977e6407d094a9b75bb710d12f29dd930e60f3f Mon Sep 17 00:00:00 2001
From: ale <ale@incal.net>
Date: Wed, 14 Aug 2024 11:41:48 +0100
Subject: [PATCH] Optimize journald for high throughput

Disable compression and sealing, disable rate limits.

Run a separate journald instance for nginx only, to allow scaling
to multiple cores (in case of DDoS).
---
 roles/float-base/files/journald.conf               | 4 ++++
 roles/float-infra-nginx/templates/nginx.service.j2 | 2 ++
 2 files changed, 6 insertions(+)

diff --git a/roles/float-base/files/journald.conf b/roles/float-base/files/journald.conf
index b69850df..700ceca3 100644
--- a/roles/float-base/files/journald.conf
+++ b/roles/float-base/files/journald.conf
@@ -1,2 +1,6 @@
 [Journal]
 Storage=volatile
+RateLimitIntervalSec=0
+RateLimitBurst=0
+Compress=no
+Seal=no
diff --git a/roles/float-infra-nginx/templates/nginx.service.j2 b/roles/float-infra-nginx/templates/nginx.service.j2
index 5bec7510..ad0a7fcc 100644
--- a/roles/float-infra-nginx/templates/nginx.service.j2
+++ b/roles/float-infra-nginx/templates/nginx.service.j2
@@ -36,5 +36,7 @@ AmbientCapabilities=CAP_NET_BIND_SERVICE
 RuntimeDirectory=nginx
 RuntimeDirectoryMode=750
 
+JournalNamespace=nginx
+
 [Install]
 WantedBy=multi-user.target
-- 
GitLab