felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-01-19 09:29:13 +01:00
Code Issues Projects Releases Wiki Activity

journald-upload: use ipv4 temporarily, restrict firewall to ildkule

Browse Source
This commit is contained in:
h7x4
2026-01-15 17:38:22 +09:00
parent 024dae4226
commit d93bdd8493
1 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
base/services/journald-upload.nix
View File

@@ -6,7 +6,8 @@ in
services.journald.upload = { services.journald.upload = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
settings.Upload = { settings.Upload = {
URL = "https://journald.pvv.ntnu.no:${toString config.services.journald.remote.port}"; # URL = "https://journald.pvv.ntnu.no:${toString config.services.journald.remote.port}";
URL = "https://${values.hosts.ildkule.ipv4}:${toString config.services.journald.remote.port}";
ServerKeyFile = "-"; ServerKeyFile = "-";
ServerCertificateFile = "-"; ServerCertificateFile = "-";
TrustedCertificateFile = "-"; TrustedCertificateFile = "-";
@@ -16,10 +17,8 @@ in
systemd.services."systemd-journal-upload".serviceConfig = lib.mkIf cfg.enable { systemd.services."systemd-journal-upload".serviceConfig = lib.mkIf cfg.enable {
IPAddressDeny = "any"; IPAddressDeny = "any";
IPAddressAllow = [ IPAddressAllow = [
"127.0.0.1" values.hosts.ildkule.ipv4
"::1" values.hosts.ildkule.ipv6
values.ipv4-space
values.ipv6-space
]; ];
}; };
} }