From cc613ba7b9cb356aa9742cf570627be182930f55 Mon Sep 17 00:00:00 2001
From: Tom Hubrecht <tom.hubrecht@dgnum.eu>
Date: Tue, 20 Feb 2024 16:33:35 +0100
Subject: [PATCH] feat(storage01): Deploy influxdb2 on influx.dgnum.eu

---
 machines/storage01/_configuration.nix         |   1 +
 machines/storage01/influxdb.nix               |  47 ++++++++++++++++++
 .../secrets/influxdb2-initial_password_file   |  29 +++++++++++
 .../secrets/influxdb2-initial_token_file      |  28 +++++++++++
 .../secrets/influxdb2-telegraf_token_file     | Bin 0 -> 1547 bytes
 machines/storage01/secrets/secrets.nix        |   3 ++
 6 files changed, 108 insertions(+)
 create mode 100644 machines/storage01/influxdb.nix
 create mode 100644 machines/storage01/secrets/influxdb2-initial_password_file
 create mode 100644 machines/storage01/secrets/influxdb2-initial_token_file
 create mode 100644 machines/storage01/secrets/influxdb2-telegraf_token_file

diff --git a/machines/storage01/_configuration.nix b/machines/storage01/_configuration.nix
index 429bd13..241238b 100644
--- a/machines/storage01/_configuration.nix
+++ b/machines/storage01/_configuration.nix
@@ -13,6 +13,7 @@ lib.extra.mkConfig {
     "forgejo"
     "forgejo-runners"
     "garage"
+    "influxdb"
     "netbird"
     "peertube"
     "prometheus"
diff --git a/machines/storage01/influxdb.nix b/machines/storage01/influxdb.nix
new file mode 100644
index 0000000..cb80ad5
--- /dev/null
+++ b/machines/storage01/influxdb.nix
@@ -0,0 +1,47 @@
+{ config, ... }:
+
+let
+  secret = name: config.age.secrets."influxdb2-${name}".path;
+  token = user: secret "${user}_token_file";
+
+  host = "influx.dgnum.eu";
+in
+
+{
+  services.influxdb2 = {
+    enable = true;
+
+    provision = {
+      enable = true;
+
+      organizations = {
+        dgnum = {
+          description = "DGNum org";
+          buckets.telegraf.description = "Telegraf bucket";
+          auths.telegraf = {
+            writeBuckets = [ "telegraf" ];
+            tokenFile = token "telegraf";
+          };
+        };
+      };
+
+      initialSetup = {
+        tokenFile = token "initial";
+        passwordFile = secret "initial_password_file";
+        organization = "main";
+        bucket = "main";
+      };
+    };
+  };
+
+  services.nginx.virtualHosts.${host} = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8086";
+    };
+  };
+
+  age-secrets.autoMatch = [ "influxdb2" ];
+}
diff --git a/machines/storage01/secrets/influxdb2-initial_password_file b/machines/storage01/secrets/influxdb2-initial_password_file
new file mode 100644
index 0000000..a9d12ed
--- /dev/null
+++ b/machines/storage01/secrets/influxdb2-initial_password_file
@@ -0,0 +1,29 @@
+age-encryption.org/v1
+-> ssh-ed25519 rHotTw aUhvFpB9QDL+oohGVVj/Pz+GEIJ3t37mdeev+qtZ9wI
+f9qJ4kuwgZSx/1RDGUEXFkxSuxmNHc52hHf3Dhb7GYA
+-> ssh-ed25519 jIXfPA JFzockRIF7T73pJDbcRDnNqE0AdRIg3VJMNDrAtVW3U
++tKWVsdtT9I+XOTo4So+h+YA7BBAh+FSZme3d8Yz6Po
+-> ssh-ed25519 QlRB9Q sMwPcrwBSF762n8y8v1sKI1olReLPPSMywwCVtlyBCs
+BxCK6wePrK6zA8IlJfmFYvlcsDdvY4D1tOLytlUZ8g8
+-> ssh-ed25519 r+nK/Q S57xzI2QbZ0UlFAbRDHzZZLRjH6oFQOodkwAyJ5TG0M
+0HCA4xsM4XlLrTxdb2JmcGUadaI+oCvJ3FOUK2FBf7E
+-> ssh-rsa krWCLQ
+wiIUWtOR0SgpCtZqZpeP1B+yAYyeeENBhzxG0UrmPrQXAmqoHGw0Q+HWUN/WO17O
+oeBmHlmwDG4n5dpa0AXuKTHgGHa799UpguAtMoAmiQN3Q4WY/karVMMHeng+hsT0
+x5t+2yJmWyoNjVMrWFpgQknHL+pvAhuianVVSerDutEArjOMZAB6VrNdIw3gSiDu
+ivQt4unOlWsv3JSeQB2TqXj3QAHLwXO1FnttWtGOp0XZXSiR395xA1MvkK9baaw8
+OGSqco1nZfZA7U4Eays0cKgKFvr52LCPfYNmFMp5Xoa58Cl/k2YVBkNao6SEVSJK
+9IjeSqYTxqd3mCYszr6gAQ
+-> ssh-ed25519 /vwQcQ 8jp5DvR1TKerKA1KRWjYVjh44OzT77hvxl24YGeHF0g
+FNxMHUWdP/qWixbTSMZmHPLgLM2uekEoomUqqYSNYaw
+-> ssh-ed25519 0R97PA QelvpAYX68iL0N5Hf6eHEidmTBkvnO6pHlYweMWU1U0
+S9S9kIovk3Hyq5t1wZb2D2EhpagfwsN+K2jEK/TEJEM
+-> ssh-ed25519 JGx7Ng krXmiDkx9ZcaG2VWasNuyVzZQhd3pfevwrVY6eBBIAM
+ZvZf0ZUTpw35GwTRTSLn07hioTW0iGiCGdYnqxFoSVw
+-> ssh-ed25519 5SY7Kg OdYEnGDmEYfQ76PSsbA6p+3AZwkh5rDSRX+ce8uVvUE
+sTzuWRNS6shGNkfy2Ke6rE3AT8iujYJ73Ub3I1LpFMQ
+-> ssh-ed25519 p/Mg4Q TagIdFQ3SLwOrHbM/VO49OtYz2b1WE8ddJhuMO9IKlw
+IXcm5zj1xaB0cVzKJSDeLoJ5rrqJseDK6A9uVvWWeiQ
+--- CgZCjEubWqtTR4ub9uFx3ATyZsZld6QyAtgUltiSOVc
+
+`Dó5Ô°âÔ¶Í“‡“ÃEY4òLCÊd¡KÜµ4î!ŽÑ¸w”ñ>+¦@"'ïñïÁCAn’
\ No newline at end of file
diff --git a/machines/storage01/secrets/influxdb2-initial_token_file b/machines/storage01/secrets/influxdb2-initial_token_file
new file mode 100644
index 0000000..e6f352f
--- /dev/null
+++ b/machines/storage01/secrets/influxdb2-initial_token_file
@@ -0,0 +1,28 @@
+age-encryption.org/v1
+-> ssh-ed25519 rHotTw 30ZnanGXmCGVx2Xu39wpdQuBo7F3B895713GnghoRhc
+mgtElQ/7WD7nllSmEhamZdWsLl556x9RXatR+2Kv+/0
+-> ssh-ed25519 jIXfPA 1PRfVY+DaTCy9AsXO+PrNE+BVUB0ZFnkDESMXzYNqjo
+j0uOs5MJHZ9kHGuQcu1jHuS51SivMFwLWL+7PGxENz0
+-> ssh-ed25519 QlRB9Q YZq7XswQpqtgrc+d1pTrAWWsN22QRf11Othe76HonGs
+fS2EEsG8B5MjB1ncaFq16DWumnitVyYIcOP5UlifwbE
+-> ssh-ed25519 r+nK/Q md6ylkhr1hR0/177il/thBy83LfnWJFxZgFYRvnNrws
+kgLLVOCjmGTCg7cv+YFN70J2c9Lx9c6U7C2XYF8+mqI
+-> ssh-rsa krWCLQ
+SB3osxnaWetVEvfFxDeqOl0OqG0JcPthxooSCp4VfU4sn1LeFvUi/+pI8y5hLwfr
+YkmY/V8xUR3c08Ar5u23whEv/3P0Q/Lz8vDAW0if3Xtl2oiggs4ZpKNsOdHIBasW
+pEZ21VaG1nzBlFw8l+QqLmNy99vyxVm7JGYeD4gjJawrt4CJp9W62idulyEiV4cO
+lzXUOngjVGDqUEqzrkmbm5qE58eVVvjKhufBxG7bk4w7XfMQIQbqFCrDLEOipvjS
+/qQNSSj772bk41L8LB156e5ERTv/kOhKN5TdnT24EIBozUCB0QN+S1GZzH7SKpBo
+KUf2p5gmlx4CTZIZHEKW/A
+-> ssh-ed25519 /vwQcQ 4UTrjMxMdI2X/UUCBzrjM08Azka9b50fpw7R/uivgS8
+WUuK8fvb6GbQOWLGPi//wAT0nSfoYUEX+hMKN29JCYg
+-> ssh-ed25519 0R97PA kOJgEyMCDyQePy8oOx5uj2Izh35bLZdVmXvAkaX5O00
+B5GhEZ500tATZ9RcpfcEW2zU7hPMFqQWh5glXiJnLjE
+-> ssh-ed25519 JGx7Ng Z+3k/vgNlaFJyVNwSQfTjg9NtGJsx++lAMFLxmn9A1Q
+ROsuZKcz1MWGppOrBi6Z9fwLOVKBqotuxqTCmZVWzQ8
+-> ssh-ed25519 5SY7Kg Wq/okHjlaeN1zlrl7VLVoZqaM3nloOgkR+lAhRpvsT4
+0UI7eyMn8hYE5uXoKK6Y6hzqApzrkQqlEM8eY6m/R7s
+-> ssh-ed25519 p/Mg4Q kBlUYfDMoD14MES+2Q1FS/IdAY5Dzl1OrmZNRaraYSU
+1BjiKx15ap6DnpWFcCBBIQ/0pZkfnKWKq+iTbnFhdzI
+--- 1MVECrIvFCrdG/atZNtlqSMCATqcHTS57xXYeQ6ekNY
+F®o4xïÇ*Åù3ê	}ÌÔÛäÍ4½><S$W&b`Eýƒ7Ú»:èa\ÿÏ¡:œ€?J ¼]úæN{gÇiM¼5%U±þéª	[©½–À•”iV0¸-1¨Í:œúÂµÙ‘mù	ß®½ú3
\ No newline at end of file
diff --git a/machines/storage01/secrets/influxdb2-telegraf_token_file b/machines/storage01/secrets/influxdb2-telegraf_token_file
new file mode 100644
index 0000000000000000000000000000000000000000..e2440090a1fd4014f0075c0f7cd939a5f5d236fb
GIT binary patch
literal 1547
zcmZXTJFDb$7>8HvQVBK|7PH_D;xU&=CW(bGxlA&-P5#Mbl8nNV$!#)|%j7c2B+G6k
zvX!MG*r?w?a7D4%La<OjfMB78f{kJ!q9UGVo8u>Vc%S$8_(^mX6+u0m+O#ZQDeDC3
zFzD*FNz?4Fq7WxZjG5F@*{=JEAGBC%Y?HE4jJ!$~HZ?Z~wB}C;!qZ2316(YQxNV-|
zM@S*hO|htUo=xWZWxDb@;w+R@R>&=yHI*IiaC14HEpwdTq#c%SY|JO9WSQHoF3!y`
z<EK#%SXnhof6-Osh6~nJG+oY3C+Jrf8ak1(9UK$1L{mXR;6=!uVw>L|SC?hPrK-|z
z(>idDF1HA7(m-ai444FaBbC+M)MB)aDR&G-I5*TCwm7Zf3x&3NNpAAmP^M!78DN}|
z6vL@AD@h0eNlua69c_*`Q(|RZ+zYE$oi#_bj<`vy;X*;cBpmc3u2tvoSR@n(+7KKz
zmvp<SJcYT?Qz3`xegTWYDy1Q2p;Pq=&jV#Cn5%@J536Y1TZ`N%7F?(EPAzxvwdpm|
zJf_u+KRMP8rvgaZE!fCA1P4pDkBLK$DFq@#8N3e7vun40>KswS_q1}uSo>lJYSupc
zg3>z`@9m8Qvha!x_`%0;X-avxAPGCs-w^GZ+fmi%GGwpCL7}Y6Inv0T9#}jMOQYpu
zOcm*dOF<l4TZ}DY&5jA3z0<Y(;!McB(_@|FmL+FrLPdHoXVCqb-0VG<0SArcGp^BX
zeV(BZU}sC6w89bF`VFCn*mNf;4aX6_hL6J9R<T`QiZbjX^^zOH)1Fo=qT(6HCdI-M
za_DSICl?OzZpEyGV&<tErSW{_BwI&o(Hb)7i`7vFFu$E5MK5LYX}eNa=M*o(a46yu
z;v@wuDXjO3ru3A?7|slk|F>JD>p=h}jZ{PfpkX6%jAL3M2G>#m%xh6ArV1;G*M8?_
zs^USOK<aus%I!S1nlZ#_y;F<moJ?^SGk5a2jMr2>7px4|t}lH2+s93!CPQ6UA`=`a
z)Y<Y<<HSq_qnAmQNzt5`B)X7Y?7%$Z^HgW(yoY4Z60OWGmFqc}7=c+Os%o%4L;M{W
zPc+NUcp~EHP|Uzhnk-%@J(<YYjnBkguMz8d1=tX#VtZJPYC-Sg<p5W`$5EIxJC;HN
z1?w4wlCkDnd*9dUb-$MO?y5pXC2vY1@{z`8wv-cKq<xb{S{|h&6Z@dW+k&v11x^t0
zAc(UWZ6Xr7(A3yP6_hRMo+ZFczBZXT0~^x~AgIx90|Hj~eK;dZb&xR-B}#(3`nae@
z)RF0%v=gEw1ej!T6$5;OH4U<G2Ycwx-dq_Z4EN+T_LnY(33|cHm-!Juc5ZhKVdg@S
zT6?5FFApYi@L8*}sr1Yu>`A^f`5{C!ZwXypT}?bDYcj`fEH0D^so$7VuWh#gN2+4r
zw6=9o!Dd=<bJ0DBeXhM-J-GL5_rX&i-g){v@%7K|<dyNlXP4Wr-hb=K*S>k?xo<z=
z@BaGxOS@aYyo2Mn-uM`M^S38+_C5KF{ZF5MKz{WudFw8?|NZmygO{Ht?x{aN`t$vN
sKKkhEhtg9Y-&sz-ef8h)hev;<%a`1@U;N|8;_rt~eEE%Xd6Clo1MR5&!2kdN

literal 0
HcmV?d00001

diff --git a/machines/storage01/secrets/secrets.nix b/machines/storage01/secrets/secrets.nix
index 4b5d635..407a70b 100644
--- a/machines/storage01/secrets/secrets.nix
+++ b/machines/storage01/secrets/secrets.nix
@@ -7,6 +7,9 @@ lib.setDefault { inherit publicKeys; } [
   "forgejo-mailer_password_file"
   "forgejo_runners-token_file"
   "garage-environment_file"
+  "influxdb2-initial_password_file"
+  "influxdb2-initial_token_file"
+  "influxdb2-telegraf_token_file"
   "netbird-auth_client_secret_file"
   "peertube-secrets_file"
   "peertube-service_environment_file"