20 lines
662 B
Nix
20 lines
662 B
Nix
{ ... }:
|
|
{
|
|
# TODO: Reproducible certificates
|
|
services.journald.remote = {
|
|
enable = true;
|
|
settings.Remote = {
|
|
# ServerKeyFile = "/run/credentials/systemd-journald-remote.service/key.pem";
|
|
# ServerCertificateFile = "/run/credentials/systemd-journald-remote.service/.pem";
|
|
ServerKeyFile = "/etc/journald-remote-certs/key.pem";
|
|
ServerCertificateFile = "/etc/journald-remote-certs/cert.pem";
|
|
TrustedCertificateFile = "-";
|
|
};
|
|
};
|
|
|
|
# systemd.services.systemd-journal-remote.serviceConfig.LoadCredential = [
|
|
# "key.pem:/etc/journald-remote-certs/key.pem"
|
|
# "cert.pem:/etc/journald-remote-certs/cert.pem"
|
|
# ];
|
|
}
|