From fafd56612efbe81ca8761173d7b96e018cbfdc76 Mon Sep 17 00:00:00 2001 From: Noah Masur <7386960+nmasur@users.noreply.github.com> Date: Sun, 17 Dec 2023 02:02:17 +0000 Subject: [PATCH] create influxdb service --- flake.nix | 1 + hosts/flame/default.nix | 1 + modules/common/default.nix | 4 ++ modules/nixos/services/default.nix | 1 + modules/nixos/services/influxdb2.nix | 56 ++++++++++++++++++++++++++++ private/influxdb2-password.age | 14 +++++++ private/influxdb2-token.age | 14 +++++++ 7 files changed, 91 insertions(+) create mode 100644 modules/nixos/services/influxdb2.nix create mode 100644 private/influxdb2-password.age create mode 100644 private/influxdb2-token.age diff --git a/flake.nix b/flake.nix index 0bc5bd1..e411e1b 100644 --- a/flake.nix +++ b/flake.nix @@ -208,6 +208,7 @@ dotfilesRepo = "https://github.com/nmasur/dotfiles"; hostnames = { git = "git.${baseName}"; + influxdb = "influxdb.${baseName}"; metrics = "metrics.${baseName}"; prometheus = "prom.${baseName}"; paperless = "paper.${baseName}"; diff --git a/hosts/flame/default.nix b/hosts/flame/default.nix index d449e54..1e216af 100644 --- a/hosts/flame/default.nix +++ b/hosts/flame/default.nix @@ -58,6 +58,7 @@ inputs.nixpkgs.lib.nixosSystem { services.grafana.enable = true; services.openssh.enable = true; services.victoriametrics.enable = true; + services.influxdb2.enable = true; services.gitea.enable = true; services.vaultwarden.enable = true; services.minecraft-server.enable = true; # Setup Minecraft server diff --git a/modules/common/default.nix b/modules/common/default.nix index 9086c2c..1d944af 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -83,6 +83,10 @@ type = lib.types.str; description = "Hostname for Prometheus server."; }; + influxdb = lib.mkOption { + type = lib.types.str; + description = "Hostname for InfluxDB2 server."; + }; secrets = lib.mkOption { type = lib.types.str; description = "Hostname for passwords and secrets (Vaultwarden)."; diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix index f42ae39..7dee817 100644 --- a/modules/nixos/services/default.nix +++ b/modules/nixos/services/default.nix @@ -13,6 +13,7 @@ ./gnupg.nix ./grafana.nix ./honeypot.nix + ./influxdb2.nix ./jellyfin.nix ./keybase.nix ./mullvad.nix diff --git a/modules/nixos/services/influxdb2.nix b/modules/nixos/services/influxdb2.nix new file mode 100644 index 0000000..4d5598f --- /dev/null +++ b/modules/nixos/services/influxdb2.nix @@ -0,0 +1,56 @@ +{ config, lib, ... }: { + + config = { + + services.influxdb2 = { + provision = { + enable = true; + initialSetup = { + bucket = "default"; + organization = "main"; + passwordFile = config.secrets.influxdb2Password.dest; + retention = 0; # Keep data forever + tokenFile = config.secrets.influxdb2Token.dest; + username = "admin"; + }; + }; + settings = { }; + }; + + # Create credentials file for InfluxDB admin + secrets.influxdb2Password = lib.mkIf config.services.influxdb2.enable { + source = ../../../private/influxdb2-password.age; + dest = "${config.secretsDirectory}/influxdb2-password"; + owner = "influxdb2"; + group = "influxdb2"; + permissions = "0440"; + }; + systemd.services.influxdb2Password-secret = + lib.mkIf config.services.influxdb2.enable { + requiredBy = [ "influxdb2.service" ]; + before = [ "influxdb2.service" ]; + }; + secrets.influxdb2Token = lib.mkIf config.services.influxdb2.enable { + source = ../../../private/influxdb2-token.age; + dest = "${config.secretsDirectory}/influxdb2-token"; + owner = "influxdb2"; + group = "influxdb2"; + permissions = "0440"; + }; + systemd.services.influxdb2Token-secret = + lib.mkIf config.services.influxdb2.enable { + requiredBy = [ "influxdb2.service" ]; + before = [ "influxdb2.service" ]; + }; + + caddy.routes = lib.mkIf config.services.influxdb2.enable [{ + match = [{ host = [ config.hostnames.influxdb ]; }]; + handle = [{ + handler = "reverse_proxy"; + upstreams = [{ dial = "localhost:8086"; }]; + }]; + }]; + + }; + +} diff --git a/private/influxdb2-password.age b/private/influxdb2-password.age new file mode 100644 index 0000000..c97549d --- /dev/null +++ b/private/influxdb2-password.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBhUEdQ +ejFtQWFabkl3YTJmUmRDS2M1elBrMU5yVHhWWlFLMHdOdlNsNEFRCmREU3ZZWlZi +R1RLQVorT2dDbFRXc2toMExpNWR1WUEvaVlzUFJ5ZUU3azQKLT4gc3NoLWVkMjU1 +MTkgWXlTVU1RIDY5OGpSWlFTT2EvUzV4ajQwUG5YL3loSWhGbjV6U2J4TkFhQm5Y +RWhvMXcKbUVpQm5wRmtLRGV2SWYzb2c3dnZYREdRSnRtdjJJcjRKTk0rbnMyZmVB +cwotPiBzc2gtZWQyNTUxOSBuanZYNUEgd0o4WGhTQnlkVGhhWG44MmQ1UXFVWjFO +MS9JcVpEOEIvd3ZuNmVmN2d3dwpYNXF5V05WbHRobVlIWVM2VHN1TjcyVG81cHp1 +V0pnWTduZFFWQks2ZFY0Ci0+IHNzaC1lZDI1NTE5IENxSU9VQSBkWXlRejFNdHJk +azg0aUpzL1JMSWUvWkdXUmpLc3pVUEZTNGFwTG0rRlNrCjMyVTE5c1pjRlowVlJ4 +YmFtRzEzV1dCU0FoeUJPMjQzWHErc0h4RWhLbDgKLS0tIHhzK20vTzFPdVROVW44 +MkNhb2VWZHBqeXY0MWZuTDFUMXdNazMwTG8yZTQK1CrrD2tin/3ZhV2D1XJvkbUN +2Nw4ASdPdRXaQJw5CMhlrW6rgSnC81j0249F7D7ZfAlo62ANOfLyL9Lv2FVGzg== +-----END AGE ENCRYPTED FILE----- diff --git a/private/influxdb2-token.age b/private/influxdb2-token.age new file mode 100644 index 0000000..1e4447d --- /dev/null +++ b/private/influxdb2-token.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBmTnVo +eFlINGttSEZYTlZucVVWemlMMk0reHNKcjF3SmhCQllXdmw5RzBBCnl0NWZVb1ZW +MWRzc05pNVVWTlRyNzNRaDlYTm5TSVF3ZGNMclhyY0R3bUkKLT4gc3NoLWVkMjU1 +MTkgWXlTVU1RIEppTjJPUmxlamdLY2xxRVBwcFBmTTdOM3dLU3h3YnA2TlhRWXRu +OGJrR28KMW9JQUFDcXFLOTk4NDVHQmJucEZuOElLaG5Eb1lyK1NGTUJaMkFONit1 +dwotPiBzc2gtZWQyNTUxOSBuanZYNUEgZkF5MVNGK3FRV2JPVDFGMkY5SWxGWVVK +YThUVFk2VGZZNXN6UWx3eFJ6MAp0d3NGWTRuLzNOb0VxdVUvZ1YwR0lWemc2NDR2 +VFI2eWRjS242SEJrQWx3Ci0+IHNzaC1lZDI1NTE5IENxSU9VQSBpY2JoaGRKY0ZR +Y2txWFM1ODJyaW03b0xuRGlJMkVidEVZMGdiU1pTZ1hVCk0yeGF6VWU5LzF0Z1dL +cnlDUCtLL01EWWo2Q0dYcjdtSjRtSnFjUHNWdzAKLS0tIEI4aWpNc0xqU3ZsLzcz +TThFNXd0YjQ2MEMzc0JOQXZnTnBaTVg0V1hITzgK8GYZG8/fGXk6ELSB6rnLX0ke +QqiztfVnV/fpgEgJ/K60Ea3aBe3ELpejzFKZfno+jesvnL5DCMGz7QRRpnThLQ== +-----END AGE ENCRYPTED FILE-----