diff options
author | oddlama <oddlama@oddlama.org> | 2023-08-15 00:26:41 +0200 |
---|---|---|
committer | oddlama <oddlama@oddlama.org> | 2023-08-16 14:31:49 +0200 |
commit | b4d718f14a00c5cad817406f08052a52c2fef4ed (patch) | |
tree | ff623789396f9c7b00343b43d68c2a515039e452 /nixos/modules/services/databases | |
parent | fd91dcf3107361981d703f09e95fe02299b57ba3 (diff) |
nixos/influxdb2: add initial setup automation and nixos tests
Diffstat (limited to 'nixos/modules/services/databases')
-rw-r--r-- | nixos/modules/services/databases/influxdb2.nix | 124 |
1 files changed, 117 insertions, 7 deletions
diff --git a/nixos/modules/services/databases/influxdb2.nix b/nixos/modules/services/databases/influxdb2.nix index e74de66ddc2f..8e3135c9e235 100644 --- a/nixos/modules/services/databases/influxdb2.nix +++ b/nixos/modules/services/databases/influxdb2.nix @@ -1,8 +1,17 @@ { config, lib, pkgs, ... }: -with lib; - let + inherit + (lib) + escapeShellArg + hasAttr + literalExpression + mkEnableOption + mkIf + mkOption + types + ; + format = pkgs.formats.json { }; cfg = config.services.influxdb2; configFile = format.generate "config.json" cfg.settings; @@ -24,14 +33,60 @@ in description = lib.mdDoc ''configuration options for influxdb2, see <https://docs.influxdata.com/influxdb/v2.0/reference/config-options> for details.''; type = format.type; }; + + provision = { + enable = mkEnableOption "initial database setup and provisioning"; + + initialSetup = { + organization = mkOption { + type = types.str; + example = "main"; + description = "Primary organization name"; + }; + + bucket = mkOption { + type = types.str; + example = "example"; + description = "Primary bucket name"; + }; + + username = mkOption { + type = types.str; + default = "admin"; + description = "Primary username"; + }; + + retention = mkOption { + type = types.str; + default = "0"; + description = '' + The duration for which the bucket will retain data (0 is infinite). + Accepted units are `ns` (nanoseconds), `us` or `µs` (microseconds), `ms` (milliseconds), + `s` (seconds), `m` (minutes), `h` (hours), `d` (days) and `w` (weeks). + ''; + }; + + passwordFile = mkOption { + type = types.path; + description = "Password for primary user. Don't use a file from the nix store!"; + }; + + tokenFile = mkOption { + type = types.path; + description = "API Token to set for the admin user. Don't use a file from the nix store!"; + }; + }; + }; }; }; config = mkIf cfg.enable { - assertions = [{ - assertion = !(builtins.hasAttr "bolt-path" cfg.settings) && !(builtins.hasAttr "engine-path" cfg.settings); - message = "services.influxdb2.config: bolt-path and engine-path should not be set as they are managed by systemd"; - }]; + assertions = [ + { + assertion = !(hasAttr "bolt-path" cfg.settings) && !(hasAttr "engine-path" cfg.settings); + message = "services.influxdb2.config: bolt-path and engine-path should not be set as they are managed by systemd"; + } + ]; systemd.services.influxdb2 = { description = "InfluxDB is an open-source, distributed, time series database"; @@ -52,7 +107,62 @@ in LimitNOFILE = 65536; KillMode = "control-group"; Restart = "on-failure"; + LoadCredential = [ + "admin-password:${cfg.provision.initialSetup.passwordFile}" + "admin-token:${cfg.provision.initialSetup.tokenFile}" + ]; }; + + path = [pkgs.influxdb2-cli]; + + # Mark if this is the first startup so postStart can do the initial setup + preStart = mkIf cfg.provision.enable '' + if ! test -e "$STATE_DIRECTORY/influxd.bolt"; then + touch "$STATE_DIRECTORY/.first_startup" + fi + ''; + + postStart = let + initCfg = cfg.provision.initialSetup; + in mkIf cfg.provision.enable ( + '' + set -euo pipefail + export INFLUX_HOST="http://"${escapeShellArg (cfg.settings.http-bind-address or "localhost:8086")} + + # Wait for the influxdb server to come online + count=0 + while ! influx ping &>/dev/null; do + if [ "$count" -eq 300 ]; then + echo "Tried for 30 seconds, giving up..." + exit 1 + fi + + if ! kill -0 "$MAINPID"; then + echo "Main server died, giving up..." + exit 1 + fi + + sleep 0.1 + count=$((count++)) + done + + # Do the initial database setup. Pass /dev/null as configs-path to + # avoid saving the token as the active config. + if test -e "$STATE_DIRECTORY/.first_startup"; then + influx setup \ + --configs-path /dev/null \ + --org ${escapeShellArg initCfg.organization} \ + --bucket ${escapeShellArg initCfg.bucket} \ + --username ${escapeShellArg initCfg.username} \ + --password "$(< "$CREDENTIALS_DIRECTORY/admin-password")" \ + --token "$(< "$CREDENTIALS_DIRECTORY/admin-token")" \ + --retention ${escapeShellArg initCfg.retention} \ + --force >/dev/null + + rm -f "$STATE_DIRECTORY/.first_startup" + fi + '' + ); }; users.extraUsers.influxdb2 = { @@ -63,5 +173,5 @@ in users.extraGroups.influxdb2 = {}; }; - meta.maintainers = with lib.maintainers; [ nickcao ]; + meta.maintainers = with lib.maintainers; [ nickcao oddlama ]; } |