pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / system / boot / systemd / journald-upload.nix
at 25.11-pre 3.7 kB view raw
1{ 2 config, 3 lib, 4 pkgs, 5 ... 6}: 7 8let 9 cfg = config.services.journald.upload; 10 format = pkgs.formats.systemd; 11in 12{ 13 meta.maintainers = [ lib.maintainers.raitobezarius ]; 14 options.services.journald.upload = { 15 enable = lib.mkEnableOption "uploading the systemd journal to a remote server"; 16 17 settings = lib.mkOption { 18 default = { }; 19 20 description = '' 21 Configuration for journal-upload. See {manpage}`journal-upload.conf(5)` 22 for available options. 23 ''; 24 25 type = lib.types.submodule { 26 freeformType = format.type; 27 28 options.Upload = { 29 URL = lib.mkOption { 30 type = lib.types.str; 31 example = "https://192.168.1.1"; 32 description = '' 33 The URL to upload the journal entries to. 34 35 See the description of `--url=` option in 36 {manpage}`systemd-journal-upload(8)` for the description of 37 possible values. 38 ''; 39 }; 40 41 ServerKeyFile = lib.mkOption { 42 type = with lib.types; nullOr str; 43 example = lib.literalExpression "./server-key.pem"; 44 # Since systemd-journal-upload uses a DynamicUser, permissions must 45 # be done using groups 46 description = '' 47 SSL key in PEM format. 48 49 In contrary to what the name suggests, this option configures the 50 client private key sent to the remote journal server. 51 52 This key should not be world-readable, and must be readably by 53 the `systemd-journal` group. 54 ''; 55 default = null; 56 }; 57 58 ServerCertificateFile = lib.mkOption { 59 type = with lib.types; nullOr str; 60 example = lib.literalExpression "./server-ca.pem"; 61 description = '' 62 SSL CA certificate in PEM format. 63 64 In contrary to what the name suggests, this option configures the 65 client certificate sent to the remote journal server. 66 ''; 67 default = null; 68 }; 69 70 TrustedCertificateFile = lib.mkOption { 71 type = with lib.types; nullOr str; 72 example = lib.literalExpression "./ca"; 73 description = '' 74 SSL CA certificate. 75 76 This certificate will be used to check the remote journal HTTPS 77 server certificate. 78 ''; 79 default = null; 80 }; 81 82 NetworkTimeoutSec = lib.mkOption { 83 type = with lib.types; nullOr str; 84 example = "1s"; 85 description = '' 86 When network connectivity to the server is lost, this option 87 configures the time to wait for the connectivity to get restored. 88 89 If the server is not reachable over the network for the 90 configured time, `systemd-journal-upload` exits. Takes a value in 91 seconds (or in other time units if suffixed with "ms", "min", 92 "h", etc). For details, see {manpage}`systemd.time(5)`. 93 ''; 94 default = null; 95 }; 96 }; 97 }; 98 }; 99 }; 100 101 config = lib.mkIf cfg.enable { 102 systemd.additionalUpstreamSystemUnits = [ "systemd-journal-upload.service" ]; 103 104 systemd.services."systemd-journal-upload" = { 105 wantedBy = [ "multi-user.target" ]; 106 serviceConfig = { 107 Restart = "always"; 108 # To prevent flooding the server in case the server is struggling 109 RestartSec = "3sec"; 110 }; 111 }; 112 113 environment.etc."systemd/journal-upload.conf".source = 114 format.generate "journal-upload.conf" cfg.settings; 115 }; 116}