diff options
Diffstat (limited to 'ops/modules')
-rw-r--r-- | ops/modules/journaldriver.nix | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/ops/modules/journaldriver.nix b/ops/modules/journaldriver.nix new file mode 100644 index 000000000000..0d6b0bcc7f63 --- /dev/null +++ b/ops/modules/journaldriver.nix @@ -0,0 +1,26 @@ +# Configures journaldriver to forward to the tvl-fyi GCP project from +# TVL machines. +{ config, depot, lib, pkgs, ... }: + +{ + imports = [ + (depot.third_party.agenix.src + "/modules/age.nix") + ]; + + age.secrets.journaldriver.file = depot.ops.secrets."journaldriver.age"; + + services.journaldriver = { + enable = true; + googleCloudProject = "tvl-fyi"; + logStream = config.networking.hostName; + }; + + # Override the systemd service defined in the nixpkgs module to use + # the credentials provided by agenix. + systemd.services.journaldriver = { + serviceConfig = { + LoadCredential = "journaldriver.json:/run/agenix/journaldriver"; + ExecStart = lib.mkForce "${pkgs.coreutils}/bin/env GOOGLE_APPLICATION_CREDENTIALS=\"\${CREDENTIALS_DIRECTORY}/journaldriver.json\" ${depot.ops.journaldriver}/bin/journaldriver"; + }; + }; +} |