{ config, pkgs, ... }:
let
  influxURL = "https://influxdb.john-stream.com";
  organization = "homelab";
  bucket = "docker";
  token = "${builtins.readFile config.sops.secrets."telegraf_influx_token".path}";
in
{
  sops.secrets."telegraf_influx_token" = { };

  environment.systemPackages = with pkgs; [
    (pkgs.writeShellScriptBin "telegraf-check" "systemctl status telegraf.service")
    (pkgs.writeShellScriptBin "telegraf-watch" "journalctl -u telegraf.service -b -n 25 -f")
  ];

  systemd.services.telegraf = {
    environment.INFLUX_WRITE_TOKEN = token;
    serviceConfig.SupplementaryGroups = [ "docker" ];
  };

  services.telegraf = {
    enable = true;
    extraConfig = {
      agent = {
        interval = "10s";
        round_interval = true;
        metric_batch_size = 1000;
        metric_buffer_limit = 10000;
        collection_jitter = "0s";
        flush_interval = "10s";
        flush_jitter = "0s";
        precision = "";
        hostname = "";
        omit_hostname = false;
      };
      inputs = {
        docker = {
          endpoint = "unix:///var/run/docker.sock";
          gather_services = false;
          source_tag = false;
          container_name_include = [];
          timeout = "5s";
          perdevice_include = ["cpu" "blkio" "network"];
          docker_label_include = [];
        };
      };
      outputs = {
        influxdb_v2 = {
          urls = ["${influxURL}"];
          token = "$INFLUX_WRITE_TOKEN";
          organization = "${organization}";
          bucket = "${bucket}";
        };
      };
    };
  };
}