treewide: add journald-remote

2024-08-27 22:13:04 +02:00 · 2024-08-27 22:13:04 +02:00 · 112a95c050
parent bd42412b94
commit 112a95c050
3 changed files with 31 additions and 0 deletions
--- a/base.nix
+++ b/base.nix
@ -173,6 +173,16 @@
    };
  };

+  services.journald.upload = {
+    enable =  values.services.logcollector.ipv4;
+    settings.Upload = {
+      URL = "https://logcollector.pvv.ntnu.no:19532";
+      ServerKeyFile = "-";
+      ServerCertificateFile = "-";
+      TrustedCertificateFile = "-";
+    };
+  };
+
  networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ];

  security.acme = {
--- a/hosts/ildkule/services/journald-remote.nix
+++ b/hosts/ildkule/services/journald-remote.nix
@ -0,0 +1,18 @@
+{ ... }:
+{
+  services.journald.remote = {
+    enable = true;
+    settings.Remote = {
+      # ServerKeyFile = "/run/credentials/systemd-journald-remote.service/key.pem";
+      # ServerCertificateFile = "/run/credentials/systemd-journald-remote.service/.pem";
+      ServerKeyFile = "/etc/journald-remote-certs/key.pem";
+      ServerCertificateFile = "/etc/journald-remote-certs/cert.pem";
+      TrustedCertificateFile = "-";
+    };
+  };
+
+  # systemd.services.systemd-journal-remote.serviceConfig.LoadCredential = [
+  #   "key.pem:/etc/journald-remote-certs/key.pem"
+  #   "cert.pem:/etc/journald-remote-certs/cert.pem"
+  # ];
+}
--- a/values.nix
+++ b/values.nix
@ -21,6 +21,9 @@ in rec {
      ipv4 = pvv-ipv4 213;
      ipv6 = pvv-ipv6 213;
    };
+    log-collector = {
+      inherit (hosts.ildkule) ipv4 ipv6;
+    };
  };

  hosts = {