mdebray/tvl-depot
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tvl-depot/ops/modules/journaldriver.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

27 lines
847 B
Nix
Raw Normal View History

refactor(ops/modules): Move journaldriver configuration into module This makes the journaldriver configuration machine-independent. The secret is loaded from agenix instead of being persisted on disk. Change-Id: I592ae7f5726fcb7f37a406f69dcf5ac498eeb1b7 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5302 Autosubmit: tazjin <tazjin@tvl.su> Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org>
2022-02-17 11:36:57 +01:00
# Configures journaldriver to forward to the tvl-fyi GCP project from
# TVL machines.
{ config, depot, lib, pkgs, ... }:
{
imports = [
(depot.third_party.agenix.src + "/modules/age.nix")
];
age.secrets.journaldriver.file = depot.ops.secrets."journaldriver.age";
services.journaldriver = {
enable = true;
googleCloudProject = "tvl-fyi";
logStream = config.networking.hostName;
};
# Override the systemd service defined in the nixpkgs module to use
# the credentials provided by agenix.
systemd.services.journaldriver = {
serviceConfig = {
LoadCredential = "journaldriver.json:/run/agenix/journaldriver";
ExecStart = lib.mkForce "${pkgs.coreutils}/bin/env GOOGLE_APPLICATION_CREDENTIALS=\"\${CREDENTIALS_DIRECTORY}/journaldriver.json\" ${depot.ops.journaldriver}/bin/journaldriver";
};
};
}
Reference in a new issue Copy permalink