nix-dotfiles/hosts/dosei/services/journald-remote.nix

{ ... }:
{
  # TODO: Reproducible certificates
  services.journald.remote = {
    enable = true;
    settings.Remote = {
      # ServerKeyFile = "/run/credentials/systemd-journald-remote.service/key.pem";
      # ServerCertificateFile = "/run/credentials/systemd-journald-remote.service/.pem";
      ServerKeyFile = "/etc/journald-remote-certs/key.pem";
      ServerCertificateFile = "/etc/journald-remote-certs/cert.pem";
      TrustedCertificateFile = "-";
    };
  };

  # systemd.services.systemd-journal-remote.serviceConfig.LoadCredential = [
  #   "key.pem:/etc/journald-remote-certs/key.pem"
  #   "cert.pem:/etc/journald-remote-certs/cert.pem"
  # ];
}
dosei: enable journald-remote 2024-09-04 10:33:16 +02:00			`{ ... }:`
			`{`
			`# TODO: Reproducible certificates`
			`services.journald.remote = {`
			`enable = true;`
			`settings.Remote = {`
			`# ServerKeyFile = "/run/credentials/systemd-journald-remote.service/key.pem";`
			`# ServerCertificateFile = "/run/credentials/systemd-journald-remote.service/.pem";`
			`ServerKeyFile = "/etc/journald-remote-certs/key.pem";`
			`ServerCertificateFile = "/etc/journald-remote-certs/cert.pem";`
			`TrustedCertificateFile = "-";`
			`};`
			`};`

			`# systemd.services.systemd-journal-remote.serviceConfig.LoadCredential = [`
			`# "key.pem:/etc/journald-remote-certs/key.pem"`
			`# "cert.pem:/etc/journald-remote-certs/cert.pem"`
			`# ];`
			`}`