From 112a95c0506d57530ce37e7e20d2dac083338aa8 Mon Sep 17 00:00:00 2001 From: h7x4 Date: Tue, 27 Aug 2024 22:13:04 +0200 Subject: [PATCH] treewide: add journald-remote --- base.nix | 10 ++++++++++ hosts/ildkule/services/journald-remote.nix | 18 ++++++++++++++++++ values.nix | 3 +++ 3 files changed, 31 insertions(+) create mode 100644 hosts/ildkule/services/journald-remote.nix diff --git a/base.nix b/base.nix index 9733a7f..d729d6e 100644 --- a/base.nix +++ b/base.nix @@ -173,6 +173,16 @@ }; }; + services.journald.upload = { + enable = values.services.logcollector.ipv4; + settings.Upload = { + URL = "https://logcollector.pvv.ntnu.no:19532"; + ServerKeyFile = "-"; + ServerCertificateFile = "-"; + TrustedCertificateFile = "-"; + }; + }; + networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ]; security.acme = { diff --git a/hosts/ildkule/services/journald-remote.nix b/hosts/ildkule/services/journald-remote.nix new file mode 100644 index 0000000..39cad4a --- /dev/null +++ b/hosts/ildkule/services/journald-remote.nix @@ -0,0 +1,18 @@ +{ ... }: +{ + services.journald.remote = { + enable = true; + settings.Remote = { + # ServerKeyFile = "/run/credentials/systemd-journald-remote.service/key.pem"; + # ServerCertificateFile = "/run/credentials/systemd-journald-remote.service/.pem"; + ServerKeyFile = "/etc/journald-remote-certs/key.pem"; + ServerCertificateFile = "/etc/journald-remote-certs/cert.pem"; + TrustedCertificateFile = "-"; + }; + }; + + # systemd.services.systemd-journal-remote.serviceConfig.LoadCredential = [ + # "key.pem:/etc/journald-remote-certs/key.pem" + # "cert.pem:/etc/journald-remote-certs/cert.pem" + # ]; +} diff --git a/values.nix b/values.nix index 2e11f4f..144251a 100644 --- a/values.nix +++ b/values.nix @@ -21,6 +21,9 @@ in rec { ipv4 = pvv-ipv4 213; ipv6 = pvv-ipv6 213; }; + log-collector = { + inherit (hosts.ildkule) ipv4 ipv6; + }; }; hosts = {