diff --git a/nixos/modules/services/logging/logrotate.nix b/nixos/modules/services/logging/logrotate.nix
index ba5d6e29d0bd3..8cef4e8c083a9 100644
--- a/nixos/modules/services/logging/logrotate.nix
+++ b/nixos/modules/services/logging/logrotate.nix
@@ -4,8 +4,9 @@ with lib;
 
 let
   cfg = config.services.logrotate;
+  inherit (config.users) groups;
 
-  pathOpts = {
+  pathOpts = { name, ... }:  {
     options = {
       enable = mkOption {
         type = types.bool;
@@ -16,10 +17,19 @@ let
         '';
       };
 
-      path = mkOption {
+      name = mkOption {
         type = types.str;
+        internal = true;
+      };
+
+      path = mkOption {
+        type = with types; either str (listOf str);
+        default = name;
+        defaultText = "attribute name";
         description = ''
           The path to log files to be rotated.
+          Spaces are allowed and normal shell quoting rules apply,
+          with ', ", and \ characters supported.
         '';
       };
 
@@ -74,6 +84,7 @@ let
       };
     };
 
+    config.name = name;
     config.extraConfig = ''
       missingok
       notifempty
@@ -82,7 +93,7 @@ let
 
   mkConf = pathOpts: ''
     # generated by NixOS using the `services.logrotate.paths.${pathOpts.name}` attribute set
-    "${pathOpts.path}" {
+    ${concatMapStringsSep " " (path: ''"${path}"'') (toList pathOpts.path)} {
       ${optionalString (pathOpts.user != null || pathOpts.group != null) "su ${pathOpts.user} ${pathOpts.group}"}
       ${pathOpts.frequency}
       rotate ${toString pathOpts.keep}
@@ -90,7 +101,7 @@ let
     }
   '';
 
-  paths = sortProperties (mapAttrsToList (name: pathOpts: pathOpts // { name = name; }) (filterAttrs (_: pathOpts: pathOpts.enable) cfg.paths));
+  paths = sortProperties (attrValues (filterAttrs (_: pathOpts: pathOpts.enable) cfg.paths));
   configFile = pkgs.writeText "logrotate.conf" (concatStringsSep "\n" ((map mkConf paths) ++ [ cfg.extraConfig ]));
 
 in
@@ -152,17 +163,34 @@ in
       }
     ) cfg.paths;
 
+    services.logrotate = {
+      paths = {
+        "/var/log/btmp" = {
+          frequency = mkDefault "monthly";
+          keep = mkDefault 1;
+          extraConfig = ''
+            create 0660 root ${groups.utmp.name}
+          '';
+        };
+        "/var/log/wtmp" = {
+          frequency = mkDefault "monthly";
+          keep = mkDefault 1;
+          extraConfig = ''
+            create 0664 root ${groups.utmp.name}
+          '';
+        };
+      };
+    };
+
     systemd.services.logrotate = {
       description = "Logrotate Service";
       wantedBy = [ "multi-user.target" ];
       startAt = "hourly";
-      script = ''
-        exec ${pkgs.logrotate}/sbin/logrotate ${configFile}
-      '';
 
       serviceConfig = {
         Restart = "no";
         User = "root";
+        ExecStart = "${pkgs.logrotate}/sbin/logrotate ${configFile}";
       };
     };
   };