journald-{remote,upload}: init

base/default.nix

@@ -20,6 +20,7 @@
     ./services/dbus.nix
     ./services/fwupd.nix
     ./services/irqbalance.nix
+    ./services/journald-upload.nix
     ./services/logrotate.nix
     ./services/nginx.nix
     ./services/openssh.nix

base/services/journald-upload.nix

@@ -0,0 +1,25 @@
+{ config, lib, values, ... }:
+let
+  cfg = config.services.journald.upload;
+in
+{
+  services.journald.upload = {
+    enable = lib.mkDefault true;
+    settings.Upload = {
+      URL = "https://journald.pvv.ntnu.no:${toString config.services.journald.remote.port}";
+      ServerKeyFile = "-";
+      ServerCertificateFile = "-";
+      TrustedCertificateFile = "-";
+    };
+  };
+
+  systemd.services."systemd-journal-upload".serviceConfig = lib.mkIf cfg.enable {
+    IPAddressDeny = "any";
+    IPAddressAllow = [
+      "127.0.0.1"
+      "::1"
+      values.ipv4-space
+      values.ipv6-space
+    ];
+  };
+}