influxdb2.nix - nixfiles

1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
{
  povSelf,
  pkgs,
  lib,
  config,
  hostConfig,
  ...
}:
let
  inherit (lib) types;
  cfg = lib.getAttrFromPath povSelf config;

in
{

  option = {
    type = types.bool;
    default = false;
  };

  config = lib.mkIf cfg {
    dns.zones."zaphyra.eu".subdomains."influx.home.infra".AAAA = [ hostConfig.networking.ip6Address ];

    modules.filesystem.impermanence.system.dirs = [
      {
        directory = "/var/lib/influxdb2";
        mode = "0770";
        user = "influxdb2";
        group = "influxdb2";
      }
    ];

    sops.secrets = {
      "resticPasswords/influxdb2" = { };
      "environments/influxdb2" = { };
    };

    modules.services.resticBackup.paths.mail = {
      environmentFile = config.sops.secrets."environments/influxdb2".path;
      passwordFile = config.sops.secrets."resticPasswords/influxdb2".path;
      user = "influxdb2";
      influxBuckets = [ "mqttData" ];
    };

    systemd.services.influxdb2 =
      let
        port = lib.last (builtins.split "]:" config.services.influxdb2.settings.http-bind-address);
      in
      {
        serviceConfig.ExecStartPost = "${pkgs.bash}/bin/bash -c 'until ${pkgs.netcat}/bin/nc -z ::1 ${port}; do sleep 0.2; done'";
      };

    services = {
      influxdb2.enable = true;
      influxdb2.settings.http-bind-address = "[::1]:8086";

      nginx.enable = true;
      nginx.virtualHosts."influx.${config.networking.domain}" = {
        useACMEHost = config.networking.fqdn;
        forceSSL = true;
        kTLS = true;
        locations."/".proxyPass =
          "http://${toString config.services.influxdb2.settings.http-bind-address}/";
      };
    };
  };

}