treewide: add journald-remote

base.nix

@@ -173,6 +173,16 @@
     };
   };
 
+  services.journald.upload = {
+    enable =  values.services.logcollector.ipv4;
+    settings.Upload = {
+      URL = "https://logcollector.pvv.ntnu.no:19532";
+      ServerKeyFile = "-";
+      ServerCertificateFile = "-";
+      TrustedCertificateFile = "-";
+    };
+  };
+
   networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ];
 
   security.acme = {

hosts/ildkule/services/journald-remote.nix

@@ -0,0 +1,18 @@
+{ ... }:
+{
+  services.journald.remote = {
+    enable = true;
+    settings.Remote = {
+      # ServerKeyFile = "/run/credentials/systemd-journald-remote.service/key.pem";
+      # ServerCertificateFile = "/run/credentials/systemd-journald-remote.service/.pem";
+      ServerKeyFile = "/etc/journald-remote-certs/key.pem";
+      ServerCertificateFile = "/etc/journald-remote-certs/cert.pem";
+      TrustedCertificateFile = "-";
+    };
+  };
+
+  # systemd.services.systemd-journal-remote.serviceConfig.LoadCredential = [
+  #   "key.pem:/etc/journald-remote-certs/key.pem"
+  #   "cert.pem:/etc/journald-remote-certs/cert.pem"
+  # ];
+}

values.nix

@@ -21,6 +21,9 @@ in rec {
       ipv4 = pvv-ipv4 213;
       ipv6 = pvv-ipv6 213;
     };
+    log-collector = {
+      inherit (hosts.ildkule) ipv4 ipv6;
+    };
   };
 
   hosts = {