treewide: add journald-remote

This commit is contained in:
Oystein Kristoffer Tveit 2024-08-27 22:13:04 +02:00
parent bd42412b94
commit 112a95c050
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146
3 changed files with 31 additions and 0 deletions

View File

@ -173,6 +173,16 @@
};
};
services.journald.upload = {
enable = values.services.logcollector.ipv4;
settings.Upload = {
URL = "https://logcollector.pvv.ntnu.no:19532";
ServerKeyFile = "-";
ServerCertificateFile = "-";
TrustedCertificateFile = "-";
};
};
networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ];
security.acme = {

View File

@ -0,0 +1,18 @@
{ ... }:
{
services.journald.remote = {
enable = true;
settings.Remote = {
# ServerKeyFile = "/run/credentials/systemd-journald-remote.service/key.pem";
# ServerCertificateFile = "/run/credentials/systemd-journald-remote.service/.pem";
ServerKeyFile = "/etc/journald-remote-certs/key.pem";
ServerCertificateFile = "/etc/journald-remote-certs/cert.pem";
TrustedCertificateFile = "-";
};
};
# systemd.services.systemd-journal-remote.serviceConfig.LoadCredential = [
# "key.pem:/etc/journald-remote-certs/key.pem"
# "cert.pem:/etc/journald-remote-certs/cert.pem"
# ];
}

View File

@ -21,6 +21,9 @@ in rec {
ipv4 = pvv-ipv4 213;
ipv6 = pvv-ipv6 213;
};
log-collector = {
inherit (hosts.ildkule) ipv4 ipv6;
};
};
hosts = {