mirror of
https://github.com/oddlama/nix-config.git
synced 2025-10-11 07:10:39 +02:00
feat: add influxdb as storage backend to home assistant
This commit is contained in:
parent
b36e7e8202
commit
db86d754c4
18 changed files with 141 additions and 39 deletions
|
@ -29,7 +29,14 @@ in {
|
||||||
group = "grafana";
|
group = "grafana";
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets.grafana-influxdb-token = {
|
age.secrets.grafana-influxdb-token-machines = {
|
||||||
|
generator.script = "alnum";
|
||||||
|
generator.tags = ["influxdb"];
|
||||||
|
mode = "440";
|
||||||
|
group = "grafana";
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets.grafana-influxdb-token-home = {
|
||||||
generator.script = "alnum";
|
generator.script = "alnum";
|
||||||
generator.tags = ["influxdb"];
|
generator.tags = ["influxdb"];
|
||||||
mode = "440";
|
mode = "440";
|
||||||
|
@ -45,8 +52,8 @@ in {
|
||||||
|
|
||||||
nodes.sire-influxdb = {
|
nodes.sire-influxdb = {
|
||||||
# Mirror the original secret on the influx host
|
# Mirror the original secret on the influx host
|
||||||
age.secrets."grafana-influxdb-token-${config.node.name}" = {
|
age.secrets."grafana-influxdb-token-machines-${config.node.name}" = {
|
||||||
inherit (config.age.secrets.grafana-influxdb-token) rekeyFile;
|
inherit (config.age.secrets.grafana-influxdb-token-machines) rekeyFile;
|
||||||
mode = "440";
|
mode = "440";
|
||||||
group = "influxdb2";
|
group = "influxdb2";
|
||||||
};
|
};
|
||||||
|
@ -54,7 +61,19 @@ in {
|
||||||
services.influxdb2.provision.organizations.machines.auths."grafana machines:telegraf (${config.node.name})" = {
|
services.influxdb2.provision.organizations.machines.auths."grafana machines:telegraf (${config.node.name})" = {
|
||||||
readBuckets = ["telegraf"];
|
readBuckets = ["telegraf"];
|
||||||
writeBuckets = ["telegraf"];
|
writeBuckets = ["telegraf"];
|
||||||
tokenFile = nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-${config.node.name}".path;
|
tokenFile = nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-machines-${config.node.name}".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets."grafana-influxdb-token-home-${config.node.name}" = {
|
||||||
|
inherit (config.age.secrets.grafana-influxdb-token-home) rekeyFile;
|
||||||
|
mode = "440";
|
||||||
|
group = "influxdb2";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.influxdb2.provision.organizations.machines.auths."grafana home:home_assistan (${config.node.name})" = {
|
||||||
|
readBuckets = ["home_assistant"];
|
||||||
|
writeBuckets = ["home_assistant"];
|
||||||
|
tokenFile = nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-home-${config.node.name}".path;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -177,11 +196,22 @@ in {
|
||||||
access = "proxy";
|
access = "proxy";
|
||||||
url = "https://${sentinelCfg.networking.providedDomains.influxdb}";
|
url = "https://${sentinelCfg.networking.providedDomains.influxdb}";
|
||||||
orgId = 1;
|
orgId = 1;
|
||||||
secureJsonData.token = "$__file{${config.age.secrets.grafana-influxdb-token.path}}";
|
secureJsonData.token = "$__file{${config.age.secrets.grafana-influxdb-token-machines.path}}";
|
||||||
jsonData.version = "Flux";
|
jsonData.version = "Flux";
|
||||||
jsonData.organization = "machines";
|
jsonData.organization = "machines";
|
||||||
jsonData.defaultBucket = "telegraf";
|
jsonData.defaultBucket = "telegraf";
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
name = "InfluxDB (home_assistant)";
|
||||||
|
type = "influxdb";
|
||||||
|
access = "proxy";
|
||||||
|
url = "https://${sentinelCfg.networking.providedDomains.influxdb}";
|
||||||
|
orgId = 1;
|
||||||
|
secureJsonData.token = "$__file{${config.age.secrets.grafana-influxdb-token-home.path}}";
|
||||||
|
jsonData.version = "Flux";
|
||||||
|
jsonData.organization = "home";
|
||||||
|
jsonData.defaultBucket = "home_assistant";
|
||||||
|
}
|
||||||
{
|
{
|
||||||
name = "Loki";
|
name = "Loki";
|
||||||
type = "loki";
|
type = "loki";
|
||||||
|
|
|
@ -133,6 +133,7 @@ in {
|
||||||
tokenFile = config.age.secrets.influxdb-admin-token.path;
|
tokenFile = config.age.secrets.influxdb-admin-token.path;
|
||||||
};
|
};
|
||||||
organizations.machines.buckets.telegraf = {};
|
organizations.machines.buckets.telegraf = {};
|
||||||
|
organizations.home.buckets.home_assistant = {};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
# First Setup
|
|
||||||
|
|
||||||
- Install Tow-Boot (version 006 is broken, currently used 005) to SPI flash to be able to use UEFI. <3
|
|
||||||
|
|
||||||
- In HomeAssistant, MQTT integration needs to be added
|
|
||||||
manually, and the mqtt connection details must be entered
|
|
||||||
localhost:1883, user=home_assistant, pass=<see corresponding secret file>
|
|
|
@ -1,7 +1,8 @@
|
||||||
{
|
{
|
||||||
lib,
|
|
||||||
config,
|
config,
|
||||||
|
lib,
|
||||||
nodes,
|
nodes,
|
||||||
|
pkgs,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
homeDomain = "home.${config.repo.secrets.global.domains.me}";
|
homeDomain = "home.${config.repo.secrets.global.domains.me}";
|
||||||
|
@ -77,11 +78,25 @@ in {
|
||||||
webhook = {};
|
webhook = {};
|
||||||
zeroconf = {};
|
zeroconf = {};
|
||||||
|
|
||||||
|
### Components not from default_config
|
||||||
|
|
||||||
backup = {};
|
backup = {};
|
||||||
config = {};
|
config = {};
|
||||||
frontend = {
|
frontend = {
|
||||||
#themes = "!include_dir_merge_named themes";
|
#themes = "!include_dir_merge_named themes";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
influxdb = {
|
||||||
|
api_version = 2;
|
||||||
|
host = nodes.sentinel.config.networking.providedDomains.influxdb;
|
||||||
|
port = "443";
|
||||||
|
max_retries = 10;
|
||||||
|
ssl = true;
|
||||||
|
verify_ssl = true;
|
||||||
|
token = "!secret influxdb_token";
|
||||||
|
organization = "home";
|
||||||
|
bucket = "home_assistant";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
extraPackages = python3Packages:
|
extraPackages = python3Packages:
|
||||||
with python3Packages; [
|
with python3Packages; [
|
||||||
|
@ -97,11 +112,41 @@ in {
|
||||||
|
|
||||||
systemd.services.home-assistant = {
|
systemd.services.home-assistant = {
|
||||||
preStart = lib.mkBefore ''
|
preStart = lib.mkBefore ''
|
||||||
ln -sf ${config.age.secrets."home-assistant-secrets.yaml".path} ${config.services.home-assistant.configDir}/secrets.yaml
|
if [[ -e ${config.services.home-assistant.configDir}/secrets.yaml ]]; then
|
||||||
|
rm ${config.services.home-assistant.configDir}/secrets.yaml
|
||||||
|
fi
|
||||||
|
cat ${config.age.secrets."home-assistant-secrets.yaml".path} > ${config.services.home-assistant.configDir}/secrets.yaml
|
||||||
|
|
||||||
|
# Update influxdb token
|
||||||
|
INFLUXDB_TOKEN="$(cat ${config.age.secrets.hass-influxdb-token.path})" \
|
||||||
|
${lib.getExe pkgs.yq-go} -i '.influxdb_token = strenv(INFLUXDB_TOKEN)' \
|
||||||
|
${config.services.home-assistant.configDir}/secrets.yaml
|
||||||
|
|
||||||
touch -a ${config.services.home-assistant.configDir}/{automations,scenes,scripts,manual}.yaml
|
touch -a ${config.services.home-assistant.configDir}/{automations,scenes,scripts,manual}.yaml
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
age.secrets.hass-influxdb-token = {
|
||||||
|
generator.script = "alnum";
|
||||||
|
mode = "440";
|
||||||
|
group = "hass";
|
||||||
|
};
|
||||||
|
|
||||||
|
nodes.sire-influxdb = {
|
||||||
|
# Mirror the original secret on the influx host
|
||||||
|
age.secrets."hass-influxdb-token-${config.node.name}" = {
|
||||||
|
inherit (config.age.secrets.hass-influxdb-token) rekeyFile;
|
||||||
|
mode = "440";
|
||||||
|
group = "influxdb2";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.influxdb2.provision.organizations.machines.auths."home-assistant (${config.node.name})" = {
|
||||||
|
readBuckets = ["home_assistant"];
|
||||||
|
writeBuckets = ["home_assistant"];
|
||||||
|
tokenFile = nodes.sire-influxdb.config.age.secrets."hass-influxdb-token-${config.node.name}".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
nodes.ward-web-proxy = {
|
nodes.ward-web-proxy = {
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
upstreams."home-assistant" = {
|
upstreams."home-assistant" = {
|
||||||
|
|
|
@ -0,0 +1,10 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> X25519 MiVjKhmcPoryN213jpcDtwM82OG66AVVGHN/AL4H3EA
|
||||||
|
y5NItWLZhVKgTrUDDU4euyOeB+9k33Gmguklx38csCY
|
||||||
|
-> piv-p256 xqSe8Q A+IEiVKYZQoj1WIZupZdUWZ8m0Qi+7xd7DJIUd1TSXVc
|
||||||
|
4MwF1yVTyoRp7QF6/rUpywEVpqS6lg8RZendWAMd5/U
|
||||||
|
-> opvcX>!-grease omZ
|
||||||
|
2xokmE8MrVzRcsPjTvovMN4+oENCc9I996b6ceiRbqATBHqghFofIyQlC+63BK9R
|
||||||
|
zqsVYHsTj9xsHQ
|
||||||
|
--- lsktZnNVUrWPii9QSAN8dCqFdqgNXqdPJpEL5NSlQtY
|
||||||
|
�üÈÁo>·äã›èæh«6¨ÝSJÙ�§™ÑeðŸûÅ7?4Âþך°'?S)×i¿à!Q*Ó,ÿS••‘r$ Y¢ñÁå6¼ÌÓ×
|
|
@ -0,0 +1,11 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> X25519 8RST3xS+wVkBHfVo21d+fYDxjLyKAvm7YV2pdgTNmmA
|
||||||
|
b03ClQlTW2I/qdUsqCse7WhbPhcj0s+g1WUlZ5SIxbA
|
||||||
|
-> piv-p256 xqSe8Q A8lbeX/6k6fV+K2/YEiJJXWoXX9OLJ9tDIbO0qJPwRLg
|
||||||
|
SjOddGF5dQbDxtmAAWuUmehieP7X5C9jj9CIalDSSxA
|
||||||
|
-> -4gr-grease Dg3nr, bBf9!>h
|
||||||
|
Kb0310cWQZGEZLpBI969WbCU3OT2hCJ7KzLA2PgDBnagP/x4aZS7MSEof9amXIrb
|
||||||
|
jgyIAMySsC2ZjmGPYiNzFSUxZpsBK90NxFCNFpVgupAz6PtXMz4U3QDq3G4Hq37m
|
||||||
|
JQ
|
||||||
|
--- zYoy9Lc9etflU4gmc6qYzrwaPrvo8q6O6RvkKVb8iw0
|
||||||
|
Ôá×ôkŽGJßñï–©µ7F„¿pµ‹n'¢çY gå8ô´=þå}zèÂAqí¥¦Ã©•×B2h3ª[„*'ñ�€`,A†½ÿ©Xª¹å
|
|
@ -1,10 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> X25519 Bo6kBRQL230lQ3HcTc3AajPp/gw7PA8oTM8gYSg62y8
|
|
||||||
o2VKru7J29Nk+pLPIIodPwIRT9dY8iemtPy/PDTaPDU
|
|
||||||
-> piv-p256 xqSe8Q AldXLqMr0qwEaKHsed9nLXLWyMs1GLAd7fDY+kwelRUW
|
|
||||||
p1soq4J7A73ZgoUcQJknAHBo54sFVCaTZ+hirVjL9OE
|
|
||||||
-> g6z"P-grease (@ Y
|
|
||||||
TM39Zea9KUhp85YkmHg7Qd069qelJ3rgHIW4MFHhAvRxGpTnq02uRlkUJC1KdOH3
|
|
||||||
kkx0bXhb9ueJ5i0kvQYeURM6j6rIcFy0a4GZgH/QjjF/GDsx0Yj55SPYmfD/
|
|
||||||
--- ncrTYfKfUkwg2T6xI0dxf5+8qzNWpiUQirMn0G9/w80
|
|
||||||
µôc×uÎË¢ÒpË+Mç´lãƒâ—÷Hxž|ž§zDj\lz+?I2>`¦6lUÂLHq¦™¢Í€¿ªÙ9•Îæm¬ÛWÔëäæDïIäˆ,÷U„
|
|
Binary file not shown.
BIN
secrets/generated/zackbiene/hass-influxdb-token.age
Normal file
BIN
secrets/generated/zackbiene/hass-influxdb-token.age
Normal file
Binary file not shown.
|
@ -1,7 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 B7KO8w 8wCp1rYZS3lDaGRqUiTIUBpfcSA8vH1CddfRpcCmwFg
|
|
||||||
F5t+bPiacZls0kXXmYlGditf0s1RiMcXSLl0nsSW+jI
|
|
||||||
-> C-,-grease <fcN F g
|
|
||||||
GTedNm74HhMm
|
|
||||||
--- Y13a+/YSQ9MMjhRpfwVHQ0nphPG8qN4798HEgRVlovU
|
|
||||||
mާ]ŠVºï^�˜"²R�Õ$ÏïÔâ÷•®±¿‘š¾J•ö±R©e�iuH9pfÀ‚SFFa·Ò˜X{¿åQ¿‰ž&ìð¶ª+ÃÖ…ÅKœ
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 B7KO8w NtS2dqQU1BoTwoT/42UfEcOKVlrKDdT4zoSqtkvD2Cg
|
||||||
|
E3gjjbUQwUAs/Gljfv0CfoPAKo6L9rcPBPP6rx9kBTI
|
||||||
|
-> EXb+5IAV-grease e) G
|
||||||
|
kvWs+CDtZg
|
||||||
|
--- 97OhIK+gTO3VZe+lOmjFGe1RygiTPhbyK5ZhtIWW4tk
|
||||||
|
”WÞÒ|N¼J±ˆÁêãzXÀò>ÈÛäf3iÙÀF°�€áˆZÙ36MnJ úÌB7›ïMMcß¾W9eò»ZÆ>D¨±n}Ãr>&
|
Binary file not shown.
|
@ -0,0 +1,8 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 1tdZKQ 7/FNR9qPfnog6Ci/YIfPv/SWstIvi9KNfoOJSKj3UhU
|
||||||
|
pRyszE6vS1KWz/oqRddga6TDCKigzEHneOMtpiF+6ZM
|
||||||
|
-> V]6Awl-grease
|
||||||
|
vGI9Lof1yQ
|
||||||
|
--- ugvostW30lRVwoa0y1CG2zlNnOsG6+Fl6xA3VZJAagA
|
||||||
|
MRZöŐc×?,čĂ…˛űMí¶íűéË8ć’óR
|
||||||
|
ÓźĺçŽüvşÝÜ„JŚĐ�Öńh˝‚Íu�oŇ€ă»ÔMĽôĽî뻕Č\({Óžu
|
|
@ -1,8 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 1tdZKQ zBATrC0W9c0OA8FO03FFxqPJaLsNb7O5ownBSmSn1gY
|
|
||||||
X3oqnPWt8wv3PaHtdxZ9SRsz3fUtowpMA6LUz3Vvjxg
|
|
||||||
-> ;}-grease O>
|
|
||||||
ba89giA262+t2OeOhZ5ewG+AUHXjJnT9UkpPqQaZovpmWaV4lRLX/+e5DWVzXlzd
|
|
||||||
n5fEjrhovARYQ9rTCIwI
|
|
||||||
--- LX956zk61RQNVOkrkxHRN4Ki6auA6crNbwl4SmysfO8
|
|
||||||
µÝ2ë%y¹È»ƒZOe¾®üæRš6‘î§LÐï~0u�¥(èi€è"xi¾+ŽfâîÈ]…5ÎfxÑàP×ÕWÉ«¹ÐMËV=¢9n åóö
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 1tdZKQ 7hRaB/jl5aAQ0OaLaE84invNGJc4iuzxk/jGA7cxMS0
|
||||||
|
nKH9M7KqbC2yQbjRY7h9yeCUPjii/PKbaArv7vF0tgs
|
||||||
|
-> =Bq38rC-grease |< t'@ f
|
||||||
|
WX5ZG96lJs4zzi4
|
||||||
|
--- Msg4tXQbL4PdKR//oobUKg2lvMAp1IZgimw09W6BnK4
|
||||||
|
Î ýhÄ}ª@“hÝ4[ðœñã¢Ø„=RýJ`O3ŠÍÐulàbÎ’í쌣⦫zÌUBÙâµ¢Íìĸ/]¦i¢-—®ë³ª±ÅN�
|
|
@ -0,0 +1,7 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 1tdZKQ AsgXjTnMlWoukmKdk3jBqZKildhbuhemjeXVEP6hxU4
|
||||||
|
27r8siEl0mvMKMUxXapJqYgHkc/3pO3pGQwzKFV9lV8
|
||||||
|
-> IzSa}-grease )hD+%g6Z
|
||||||
|
jdkBplRj8opuM6K2D4j2g4CeyQ
|
||||||
|
--- 9/pgTJnwXS0d4avPkE4joBUEiCxGOzzAM2+O4kAayxg
|
||||||
|
: ÉQqA”Üx�}‡hœW!ÇkËFKoC¿²<e•s¶²áS�ˊ׈ò(¿¸£ép£¨2y`nMZ<æ9EÆ@áóÿv¬ÿ¦E'‡S
|
|
@ -0,0 +1,8 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 DynNMA t66pK0Xp15NUNuTlvpUDfD+jfYmZr6vje8Zil3yV4xA
|
||||||
|
NJ89Tcht+GvI7R8RgA0GniOLgbIS7IBTTal2FUN+Pn8
|
||||||
|
-> L8|W-grease {#S
|
||||||
|
6NoW21RijvL4DTAL7742L9eB5aG3X0fgvf+3vY6IGLW2vKPCIVr1rLkzzhfYnUp4
|
||||||
|
avIHxxFbWVHqXUHO71WMcBiC+dHLYxJ9gEeY338
|
||||||
|
--- 3zxIzft5E8Z9sQIrEMZKkqxugeS9g8LWYeY3hP8HHio
|
||||||
|
.Üu€Å.BzLHNrpµÿÀ�?å#ÍsÎÓ¸|•c�xÛ¡\¦·$‰Ÿ¼ˆQæ]³¹æ.í¯¿¹>Œ
@qö)ì�j•ÛÕÇ"
|
Binary file not shown.
Loading…
Add table
Add a link
Reference in a new issue