{
  povSelf,
  pkgs,
  lib,
  config,
  hostConfig,
  ...
}:
let
  inherit (lib) types;
  cfg = lib.getAttrFromPath povSelf config;

in
{

  option = {
    type = types.bool;
    default = false;
  };

  config = lib.mkIf cfg {
    dns.zones."zaphyra.eu".subdomains."influx.home.infra".AAAA = [ hostConfig.networking.ip6Address ];

    modules.filesystem.impermanence.system.dirs = [
      {
        directory = "/var/lib/influxdb2";
        mode = "0770";
        user = "influxdb2";
        group = "influxdb2";
      }
    ];

    sops.secrets = {
      "resticPasswords/influxdb2" = { };
      "environments/influxdb2" = { };
    };

    modules.services.resticBackup.paths.mail = {
      environmentFile = config.sops.secrets."environments/influxdb2".path;
      passwordFile = config.sops.secrets."resticPasswords/influxdb2".path;
      user = "influxdb2";
      influxBuckets = [ "mqttData" ];
    };

    systemd.services.influxdb2 =
      let
        port = lib.last (builtins.split "]:" config.services.influxdb2.settings.http-bind-address);
      in
      {
        serviceConfig.ExecStartPost = "${pkgs.bash}/bin/bash -c 'until ${pkgs.netcat}/bin/nc -z ::1 ${port}; do sleep 0.2; done'";
      };

    services = {
      influxdb2.enable = true;
      influxdb2.settings.http-bind-address = "[::1]:8086";

      nginx.enable = true;
      nginx.virtualHosts."influx.${config.networking.domain}" = {
        useACMEHost = config.networking.fqdn;
        forceSSL = true;
        kTLS = true;
        locations."/".proxyPass =
          "http://${toString config.services.influxdb2.settings.http-bind-address}/";
      };
    };
  };

}