create influxdb service

2024-11-22 12:15:38 +00:00 · 2023-12-17 02:02:17 +00:00 · 2023-12-17 02:02:17 +00:00 · fafd56612e
commit fafd56612e
parent 3042a0ac19
7 changed files with 91 additions and 0 deletions
--- a/flake.nix
+++ b/flake.nix
@ -208,6 +208,7 @@
        dotfilesRepo = "https://github.com/nmasur/dotfiles";
        hostnames = {
          git = "git.${baseName}";
+          influxdb = "influxdb.${baseName}";
          metrics = "metrics.${baseName}";
          prometheus = "prom.${baseName}";
          paperless = "paper.${baseName}";
--- a/hosts/flame/default.nix
+++ b/hosts/flame/default.nix
@ -58,6 +58,7 @@ inputs.nixpkgs.lib.nixosSystem {
      services.grafana.enable = true;
      services.openssh.enable = true;
      services.victoriametrics.enable = true;
+      services.influxdb2.enable = true;
      services.gitea.enable = true;
      services.vaultwarden.enable = true;
      services.minecraft-server.enable = true; # Setup Minecraft server
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@ -83,6 +83,10 @@
        type = lib.types.str;
        description = "Hostname for Prometheus server.";
      };
+      influxdb = lib.mkOption {
+        type = lib.types.str;
+        description = "Hostname for InfluxDB2 server.";
+      };
      secrets = lib.mkOption {
        type = lib.types.str;
        description = "Hostname for passwords and secrets (Vaultwarden).";
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@ -13,6 +13,7 @@
    ./gnupg.nix
    ./grafana.nix
    ./honeypot.nix
+    ./influxdb2.nix
    ./jellyfin.nix
    ./keybase.nix
    ./mullvad.nix
--- a/modules/nixos/services/influxdb2.nix
+++ b/modules/nixos/services/influxdb2.nix
@ -0,0 +1,56 @@
+{ config, lib, ... }: {
+
+  config = {
+
+    services.influxdb2 = {
+      provision = {
+        enable = true;
+        initialSetup = {
+          bucket = "default";
+          organization = "main";
+          passwordFile = config.secrets.influxdb2Password.dest;
+          retention = 0; # Keep data forever
+          tokenFile = config.secrets.influxdb2Token.dest;
+          username = "admin";
+        };
+      };
+      settings = { };
+    };
+
+    # Create credentials file for InfluxDB admin
+    secrets.influxdb2Password = lib.mkIf config.services.influxdb2.enable {
+      source = ../../../private/influxdb2-password.age;
+      dest = "${config.secretsDirectory}/influxdb2-password";
+      owner = "influxdb2";
+      group = "influxdb2";
+      permissions = "0440";
+    };
+    systemd.services.influxdb2Password-secret =
+      lib.mkIf config.services.influxdb2.enable {
+        requiredBy = [ "influxdb2.service" ];
+        before = [ "influxdb2.service" ];
+      };
+    secrets.influxdb2Token = lib.mkIf config.services.influxdb2.enable {
+      source = ../../../private/influxdb2-token.age;
+      dest = "${config.secretsDirectory}/influxdb2-token";
+      owner = "influxdb2";
+      group = "influxdb2";
+      permissions = "0440";
+    };
+    systemd.services.influxdb2Token-secret =
+      lib.mkIf config.services.influxdb2.enable {
+        requiredBy = [ "influxdb2.service" ];
+        before = [ "influxdb2.service" ];
+      };
+
+    caddy.routes = lib.mkIf config.services.influxdb2.enable [{
+      match = [{ host = [ config.hostnames.influxdb ]; }];
+      handle = [{
+        handler = "reverse_proxy";
+        upstreams = [{ dial = "localhost:8086"; }];
+      }];
+    }];
+
+  };
+
+}
--- a/private/influxdb2-password.age
+++ b/private/influxdb2-password.age
@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBhUEdQ
+ejFtQWFabkl3YTJmUmRDS2M1elBrMU5yVHhWWlFLMHdOdlNsNEFRCmREU3ZZWlZi
+R1RLQVorT2dDbFRXc2toMExpNWR1WUEvaVlzUFJ5ZUU3azQKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIDY5OGpSWlFTT2EvUzV4ajQwUG5YL3loSWhGbjV6U2J4TkFhQm5Y
+RWhvMXcKbUVpQm5wRmtLRGV2SWYzb2c3dnZYREdRSnRtdjJJcjRKTk0rbnMyZmVB
+cwotPiBzc2gtZWQyNTUxOSBuanZYNUEgd0o4WGhTQnlkVGhhWG44MmQ1UXFVWjFO
+MS9JcVpEOEIvd3ZuNmVmN2d3dwpYNXF5V05WbHRobVlIWVM2VHN1TjcyVG81cHp1
+V0pnWTduZFFWQks2ZFY0Ci0+IHNzaC1lZDI1NTE5IENxSU9VQSBkWXlRejFNdHJk
+azg0aUpzL1JMSWUvWkdXUmpLc3pVUEZTNGFwTG0rRlNrCjMyVTE5c1pjRlowVlJ4
+YmFtRzEzV1dCU0FoeUJPMjQzWHErc0h4RWhLbDgKLS0tIHhzK20vTzFPdVROVW44
+MkNhb2VWZHBqeXY0MWZuTDFUMXdNazMwTG8yZTQK1CrrD2tin/3ZhV2D1XJvkbUN
+2Nw4ASdPdRXaQJw5CMhlrW6rgSnC81j0249F7D7ZfAlo62ANOfLyL9Lv2FVGzg==
+-----END AGE ENCRYPTED FILE-----
--- a/private/influxdb2-token.age
+++ b/private/influxdb2-token.age
@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBmTnVo
+eFlINGttSEZYTlZucVVWemlMMk0reHNKcjF3SmhCQllXdmw5RzBBCnl0NWZVb1ZW
+MWRzc05pNVVWTlRyNzNRaDlYTm5TSVF3ZGNMclhyY0R3bUkKLT4gc3NoLWVkMjU1
+MTkgWXlTVU1RIEppTjJPUmxlamdLY2xxRVBwcFBmTTdOM3dLU3h3YnA2TlhRWXRu
+OGJrR28KMW9JQUFDcXFLOTk4NDVHQmJucEZuOElLaG5Eb1lyK1NGTUJaMkFONit1
+dwotPiBzc2gtZWQyNTUxOSBuanZYNUEgZkF5MVNGK3FRV2JPVDFGMkY5SWxGWVVK
+YThUVFk2VGZZNXN6UWx3eFJ6MAp0d3NGWTRuLzNOb0VxdVUvZ1YwR0lWemc2NDR2
+VFI2eWRjS242SEJrQWx3Ci0+IHNzaC1lZDI1NTE5IENxSU9VQSBpY2JoaGRKY0ZR
+Y2txWFM1ODJyaW03b0xuRGlJMkVidEVZMGdiU1pTZ1hVCk0yeGF6VWU5LzF0Z1dL
+cnlDUCtLL01EWWo2Q0dYcjdtSjRtSnFjUHNWdzAKLS0tIEI4aWpNc0xqU3ZsLzcz
+TThFNXd0YjQ2MEMzc0JOQXZnTnBaTVg0V1hITzgK8GYZG8/fGXk6ELSB6rnLX0ke
+QqiztfVnV/fpgEgJ/K60Ea3aBe3ELpejzFKZfno+jesvnL5DCMGz7QRRpnThLQ==
+-----END AGE ENCRYPTED FILE-----