nixconfig/modules/server/containers/apps/influx.nix

{ config, containerCfg, pkgs, lib, builder, name, ... }:
let 
  serverCfg = config.syscfg.server;
  version = "latest";

  influxSource = pkgs.writers.writeYAML "influx.yaml" {
  apiVersion = 1;
  datasources = [
    {
      name = "InfluxDB 3 SQL";
      type = "influxdb";
      access = "proxy";
      url = "http://influx-db";
      jsonData = {
        version = "SQL";
        dbName = "telegraf";
        httpMode = "POST";
      };
      secureJsonData = {
        token = "\${INFLUXDB_TOKEN}"; 
      };
      isDefault = true;
      editable = true;
    }
  ];
};

in {
  requires = {
    secrets = [ name ];
    databases = [ name ];
  };

  runtime = {
    paths = [{
      path = "${serverCfg.path.config}/influxdb/";
      owner = "1500:1500";
      mode = "0755"; 
    }{
      path = "${serverCfg.path.data}/influxdb/";
      dirs = ["data" "ui"];
      owner = "1500:1500";
      mode = "0755"; 
    }];

    containers = {
      db = builder.mkContainer {
        image = "influxdb:3-core";
        secret = name;
        extraEnv = {
          INFLUXD_DB_PATH = "/db";
          INFLUXD_CONFIG_PATH = "/config";
        };
        overrides = {
          cmd = [ "influxdb3" "serve" "--node-id=node0" "--data-dir=/var/lib/influxdb3/data" "--admin-token-file=/var/lib/influxdb3/token.json" ];
          ports = [ "8181:8181" ];
          volumes = [
            "${serverCfg.path.data}/influxdb/data:/var/lib/influxdb3/data:rw"
            "${serverCfg.path.config}/influxdb/admin-token.json:/var/lib/influxdb3/token.json:ro"

          ];
        };
      };

      ui = if(containerCfg.extra?explorer) then builder.mkContainer {
        tmpfs = true;
        authentik = true;
        subdomain = containerCfg.subdomain;
        image = "influxdata/influxdb3-ui:${version}";
        port = 8080; # 8888 is something else
        secret = name;
        extraEnv = {
          DATABASE_URL = "/db/sqlite.db"; 
          DEFAULT_INFLUX_SERVER = "http://${builder.host}:8181";
        };
        overrides = {
          cmd = [ "--mode=admin" ]; 
          volumes = [
            "${serverCfg.path.data}/influxdb/ui:/db:rw"
            "${serverCfg.path.config}/influxdb/:/app-root/config:rw"
          ];
        };
      } else builder.mkContainer {
        tmpfs = true;
        authentik = true;
        subdomain = containerCfg.subdomain;
        image = "grafana/grafana:${version}";
        port = 3000;
        extraEnv = {
          GF_DEFAULT_INSTANCE_NAME = serverCfg.domain;
          GF_SECURITY_ADMIN_USER = "\${DEFAULT_ADMIN_USERNAME}"; 
          GF_SECURITY_ADMIN_PASSWORD = "\${DEFAULT_ADMIN_PASSWORD}";
          GF_SECURITY_ADMIN_EMAIL = "\${DEFAULT_ADMIN_EMAIL}";
          GF_SECURITY_COOKIE_SECURE = "true";
          GF_USERS_ALLOW_SIGN_UP = "false";
          GF_USERS_AUTO_ASSIGN_ORG = "true";
          GF_USERS_AUTO_ASSIGN_ORG_ROLE = "true";
          GF_AUTH_PROXY_ENABLED = "true";
          GF_AUTH_PROXY_HEADER_NAME = "X-authentik-username";
          GF_AUTH_PROXY_HEADER_PROPERTY = "username";
          GF_AUTH_PROXY_AUTO_SIGN_UP = "true";
          GF_DATABASE_TYPE = "postgres";
          GF_DATABASE_HOST = "${builder.host}";
          GF_DATABASE_NAME = "influx_db";
          GF_DATABASE_USER = "influx_user";
          GF_ANALYTICS_REPORTING_ENABLED = "false";
          GF_CHECK_FOR_UPDATED = "false";
          GF_LIVE_HA_ENGINE = "redis";
          GF_LIVE_HA_ENGINE_ADRESS = "${builder.host}:6379";
    
          DEFAULT_INFLUX_SERVER = "http://${builder.host}:8181";
        };
        overrides = { 
          environmentFiles =  [ config.sops.secrets."INFLUX".path config.sops.secrets."CUSTOM".path ] ;
        
          volumes = [
            "${serverCfg.path.data}/influxdb/ui:/var/lib/grafana:rw"
            "${influxSource}:/etc/grafana/provisioning/datasources/influx.yaml:ro"
          ];
        };
      };
    };

    setup = {
      trigger = "db";
      envFile =  config.sops.secrets."INFLUX".path;
      script = pkgs.writeShellScript "setup" ''
        cat > ${serverCfg.path.config}/influxdb/config.json << EOF
{
  "DEFAULT_INFLUX_SERVER": "http://${builder.host}:8181",
  "DEFAULT_INFLUX_DATABASE": "main",
  "DEFAULT_API_TOKEN": "$INFLUXDB_TOKEN",
  "DEFAULT_SERVER_NAME": "${serverCfg.domain}"
}
EOF

      cat > ${serverCfg.path.config}/influxdb/admin-token.json << EOF
{
  "token": "$INFLUXDB_TOKEN",
  "name": "admin",
  "description": "Admin token for automated deployment"
}
EOF
      '';
    };
  };
}