feat: add logrotate in the base container image

[alehostert]

Logrotate is a system-level utility. On minideb, installing the logrotate package already drops a daily cron job at /etc/cron.daily/logrotate, which handles execution automatically.

Proposed Change

Add logrotate to the system packages installed in the Containerfile:

RUN apt-get update && apt-get upgrade -y \
	&& install_packages bind9-dnsutils build-essential ca-certificates certbot cron \
	curl debian-archive-keyring git gnupg2 haveged logrotate lsb-release procps rsync supervisor \
	tar unzip vim wget zip unattended-upgrades

Log Rotation Strategy

With logrotate baked into the image, the responsibility for log rotation configs shifts to each individual service manifest in os-services. When a service is installed, its manifest could place its own logrotate config into /etc/logrotate.d/ (and clean it up on uninstall).

Example

The php-webservice service manifest could include:

cat >/etc/logrotate.d/php-webserver <<'EOF'
/usr/local/lsws/logs/access.log {
    daily
    rotate 7
    compress
    delaycompress
    missingok
    notifempty
    create 644 nobody nogroup
    sharedscripts
    postrotate
        /bin/kill -USR1 $(cat /run/openlitespeed.pid) 2>/dev/null || true
    endscript
}
EOF

This keeps logrotate configs co-located with the services that own the logs.

Acceptance Criteria

• logrotate package is installed in the base OS image.
• /etc/cron.daily/logrotate is present and executable.
• nginx logrotate config probably will need reviewing.