feat: add influxdb as storage backend to home assistant

hosts/sire/guests/grafana.nix

@@ -29,7 +29,14 @@ in {
     group = "grafana";
   };
 
-  age.secrets.grafana-influxdb-token = {
+  age.secrets.grafana-influxdb-token-machines = {
+    generator.script = "alnum";
+    generator.tags = ["influxdb"];
+    mode = "440";
+    group = "grafana";
+  };
+
+  age.secrets.grafana-influxdb-token-home = {
     generator.script = "alnum";
     generator.tags = ["influxdb"];
     mode = "440";
@@ -45,8 +52,8 @@ in {
 
   nodes.sire-influxdb = {
     # Mirror the original secret on the influx host
-    age.secrets."grafana-influxdb-token-${config.node.name}" = {
-      inherit (config.age.secrets.grafana-influxdb-token) rekeyFile;
+    age.secrets."grafana-influxdb-token-machines-${config.node.name}" = {
+      inherit (config.age.secrets.grafana-influxdb-token-machines) rekeyFile;
       mode = "440";
       group = "influxdb2";
     };
@@ -54,7 +61,19 @@ in {
     services.influxdb2.provision.organizations.machines.auths."grafana machines:telegraf (${config.node.name})" = {
       readBuckets = ["telegraf"];
       writeBuckets = ["telegraf"];
-      tokenFile = nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-${config.node.name}".path;
+      tokenFile = nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-machines-${config.node.name}".path;
+    };
+
+    age.secrets."grafana-influxdb-token-home-${config.node.name}" = {
+      inherit (config.age.secrets.grafana-influxdb-token-home) rekeyFile;
+      mode = "440";
+      group = "influxdb2";
+    };
+
+    services.influxdb2.provision.organizations.machines.auths."grafana home:home_assistan (${config.node.name})" = {
+      readBuckets = ["home_assistant"];
+      writeBuckets = ["home_assistant"];
+      tokenFile = nodes.sire-influxdb.config.age.secrets."grafana-influxdb-token-home-${config.node.name}".path;
     };
   };
 
@@ -177,11 +196,22 @@ in {
           access = "proxy";
           url = "https://${sentinelCfg.networking.providedDomains.influxdb}";
           orgId = 1;
-          secureJsonData.token = "$__file{${config.age.secrets.grafana-influxdb-token.path}}";
+          secureJsonData.token = "$__file{${config.age.secrets.grafana-influxdb-token-machines.path}}";
           jsonData.version = "Flux";
           jsonData.organization = "machines";
           jsonData.defaultBucket = "telegraf";
         }
+        {
+          name = "InfluxDB (home_assistant)";
+          type = "influxdb";
+          access = "proxy";
+          url = "https://${sentinelCfg.networking.providedDomains.influxdb}";
+          orgId = 1;
+          secureJsonData.token = "$__file{${config.age.secrets.grafana-influxdb-token-home.path}}";
+          jsonData.version = "Flux";
+          jsonData.organization = "home";
+          jsonData.defaultBucket = "home_assistant";
+        }
         {
           name = "Loki";
           type = "loki";

hosts/sire/guests/influxdb.nix

@@ -133,6 +133,7 @@ in {
         tokenFile = config.age.secrets.influxdb-admin-token.path;
       };
       organizations.machines.buckets.telegraf = {};
+      organizations.home.buckets.home_assistant = {};
     };
   };
 

hosts/zackbiene/README.md

@@ -1,7 +0,0 @@
-# First Setup
-
-- Install Tow-Boot (version 006 is broken, currently used 005) to SPI flash to be able to use UEFI. <3
-
-- In HomeAssistant, MQTT integration needs to be added
-  manually, and the mqtt connection details must be entered
-  localhost:1883, user=home_assistant, pass=<see corresponding secret file>

hosts/zackbiene/home-assistant.nix

@@ -1,7 +1,8 @@
 {
-  lib,
   config,
+  lib,
   nodes,
+  pkgs,
   ...
 }: let
   homeDomain = "home.${config.repo.secrets.global.domains.me}";
@@ -77,11 +78,25 @@ in {
       webhook = {};
       zeroconf = {};
 
+      ### Components not from default_config
+
       backup = {};
       config = {};
       frontend = {
         #themes = "!include_dir_merge_named themes";
       };
+
+      influxdb = {
+        api_version = 2;
+        host = nodes.sentinel.config.networking.providedDomains.influxdb;
+        port = "443";
+        max_retries = 10;
+        ssl = true;
+        verify_ssl = true;
+        token = "!secret influxdb_token";
+        organization = "home";
+        bucket = "home_assistant";
+      };
     };
     extraPackages = python3Packages:
       with python3Packages; [
@@ -97,11 +112,41 @@ in {
 
   systemd.services.home-assistant = {
     preStart = lib.mkBefore ''
-      ln -sf ${config.age.secrets."home-assistant-secrets.yaml".path} ${config.services.home-assistant.configDir}/secrets.yaml
+      if [[ -e ${config.services.home-assistant.configDir}/secrets.yaml ]]; then
+        rm ${config.services.home-assistant.configDir}/secrets.yaml
+      fi
+      cat ${config.age.secrets."home-assistant-secrets.yaml".path} > ${config.services.home-assistant.configDir}/secrets.yaml
+
+      # Update influxdb token
+      INFLUXDB_TOKEN="$(cat ${config.age.secrets.hass-influxdb-token.path})" \
+        ${lib.getExe pkgs.yq-go} -i '.influxdb_token = strenv(INFLUXDB_TOKEN)' \
+        ${config.services.home-assistant.configDir}/secrets.yaml
+
       touch -a ${config.services.home-assistant.configDir}/{automations,scenes,scripts,manual}.yaml
     '';
   };
 
+  age.secrets.hass-influxdb-token = {
+    generator.script = "alnum";
+    mode = "440";
+    group = "hass";
+  };
+
+  nodes.sire-influxdb = {
+    # Mirror the original secret on the influx host
+    age.secrets."hass-influxdb-token-${config.node.name}" = {
+      inherit (config.age.secrets.hass-influxdb-token) rekeyFile;
+      mode = "440";
+      group = "influxdb2";
+    };
+
+    services.influxdb2.provision.organizations.machines.auths."home-assistant (${config.node.name})" = {
+      readBuckets = ["home_assistant"];
+      writeBuckets = ["home_assistant"];
+      tokenFile = nodes.sire-influxdb.config.age.secrets."hass-influxdb-token-${config.node.name}".path;
+    };
+  };
+
   nodes.ward-web-proxy = {
     services.nginx = {
       upstreams."home-assistant" = {