infra/machines/b4l/services/victoriametrics.nix

{ config, pkgs, ... }:
let
  vmDomain = "${config.clan.core.vars.generators.b4l-victoriametrics.files.subdomain.value}.${config.networking.fqdn}";
in
{
  clan.core.vars.generators.b4l-victoriametrics = {
    files.subdomain.secret = false;
    files.adminuser.secret = false;
    files.adminpassword.secret = true;

    prompts = {
      subdomain = {
        persist = true;
        type = "line";
        description = "Sub-domain for Victoria Metrics app. Default:(metrics)";
      };
      adminuser = {
        persist = true;
        type = "line";
        description = "Username for an admin user. Default:(admin)";
      };
      adminpassword = {
        persist = true;
        type = "hidden";
        description = "Password for the admin user. Leave empty to auto-generate.";
      };
    };

    runtimeInputs = [
      pkgs.xkcdpass
      pkgs.coreutils
    ];

    script = ''
      prompt_domain=$(cat "$prompts"/subdomain)
      if [[ -n "''${prompt_domain-}" ]]; then
        echo $prompt_domain | tr -d "\n" > "$out"/subdomain
      else
        echo -n "metrics" > "$out"/subdomain
      fi

      prompt_adminuser=$(cat "$prompts"/adminuser)
      if [[ -n "''${prompt_adminuser-}" ]]; then
        echo $prompt_adminuser | tr -d "\n" > "$out"/adminuser
      else
        echo -n "admin" > "$out"/adminuser
      fi

      prompt_password=$(cat "$prompts"/adminpassword)
      if [[ -n "''${prompt_password-}" ]]; then
        echo "$prompt_password" | tr -d "\n" > "$out"/adminpassword
      else
        xkcdpass --numwords 4 --delimiter - --count 1 | tr -d "\n" > "$out"/adminpassword
      fi
    '';
  };

  services.victoriametrics = {
    extraOptions = [
      "-httpAuth.username=file://${config.clan.core.vars.generators.b4l-victoriametrics.files.adminuser.path}"
      "-httpAuth.password=file://${config.clan.core.vars.generators.b4l-victoriametrics.files.adminpassword.path}"
    ];
  };

  services.nginx.virtualHosts."${vmDomain}" = {
    forceSSL = true;
    useACMEHost = "${config.networking.fqdn}";
    locations."/" = {
      proxyPass = "http://localhost${builtins.toString config.services.victoriametrics.listenAddress}";
    };
  };

}