1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
{ node, secrets, config, pkgs, lib, ... }:
{
dns.zones."ctu.cx".subdomains."influx.home".AAAA = [ node.ip6Address ];
age.secrets.resticInfluxDB.file = secrets."${config.networking.hostName}".restic.influxdb;
age.secrets.influxBackupEnv.file = secrets."${config.networking.hostName}".influx.backupEnv;
systemd.services.restic-backup-influxdb.serviceConfig.EnvironmentFile = config.age.secrets.influxBackupEnv.path;
restic-backups.influxdb = {
user = "influxdb2";
passwordFile = config.age.secrets.resticInfluxDB.path;
influxBuckets = [ "mqttData" ];
};
systemd.services.influxdb2 = {
serviceConfig.ExecStartPost = "${pkgs.bash}/bin/bash -c 'until ${pkgs.netcat}/bin/nc -z ::1 8086; do sleep 0.2; done'";
onFailure = [ "email-notify@%i.service" ];
};
services.influxdb2.enable = true;
services.influxdb2.settings.http-bind-address = "[::1]:8086";
services.nginx.enable = true;
services.nginx.virtualHosts."influx.${config.networking.domain}" = {
useACMEHost = "${config.networking.fqdn}";
forceSSL = true;
kTLS = true;
locations."/".proxyPass = "http://${toString config.services.influxdb2.settings.http-bind-address}/";
};
}