From 262902c018535549ab6447273a34af99783118d3 Mon Sep 17 00:00:00 2001 From: m3tam3re Date: Sun, 23 Feb 2025 19:07:14 +0100 Subject: [PATCH] n8n@m3-atlas --- hosts/m3-ares/services/default.nix | 3 +- hosts/m3-ares/services/tailscale.nix | 48 +++++++++--------- hosts/m3-atlas/secrets.nix | 3 ++ .../m3-atlas/services/containers/baserow.nix | 2 +- .../m3-atlas/services/containers/default.nix | 1 + .../services/{ => containers}/n8n.nix | 18 +++---- hosts/m3-atlas/services/default.nix | 1 - secrets.nix | 1 + secrets/n8n-env.age | Bin 0 -> 1470 bytes 9 files changed, 39 insertions(+), 38 deletions(-) rename hosts/m3-atlas/services/{ => containers}/n8n.nix (53%) create mode 100644 secrets/n8n-env.age diff --git a/hosts/m3-ares/services/default.nix b/hosts/m3-ares/services/default.nix index 4e0e209..5c09611 100644 --- a/hosts/m3-ares/services/default.nix +++ b/hosts/m3-ares/services/default.nix @@ -5,8 +5,9 @@ ./postgres.nix ./restic.nix ./sound.nix + ./tailscale.nix ./udev.nix - #./wireguard.nix + ./wireguard.nix ]; services = { hypridle.enable = true; diff --git a/hosts/m3-ares/services/tailscale.nix b/hosts/m3-ares/services/tailscale.nix index 7910806..15f40d6 100644 --- a/hosts/m3-ares/services/tailscale.nix +++ b/hosts/m3-ares/services/tailscale.nix @@ -8,33 +8,33 @@ useRoutingFeatures = "client"; }; - systemd.services.tailscale-autoconnect = { - description = "Automatic connection to Tailscale"; + # systemd.services.tailscale-autoconnect = { + # description = "Automatic connection to Tailscale"; - # make sure tailscale is running before trying to connect to tailscale - after = ["network-pre.target" "tailscale.service"]; - wants = ["network-pre.target" "tailscale.service"]; - wantedBy = ["multi-user.target"]; + # # make sure tailscale is running before trying to connect to tailscale + # after = ["network-pre.target" "tailscale.service"]; + # wants = ["network-pre.target" "tailscale.service"]; + # wantedBy = ["multi-user.target"]; - # set this service as a oneshot job - serviceConfig = { - Type = "oneshot"; - EnvironmentFile = "${config.age.secrets.tailscale-key.path}"; - }; + # # set this service as a oneshot job + # serviceConfig = { + # Type = "oneshot"; + # EnvironmentFile = "${config.age.secrets.tailscale-key.path}"; + # }; - # have the job run this shell script - script = with pkgs; '' - # wait for tailscaled to settle - sleep 2 + # # have the job run this shell script + # script = with pkgs; '' + # # wait for tailscaled to settle + # sleep 2 - # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" - if [ $status = "Running" ]; then # if so, then do nothing - exit 0 - fi + # # check if we are already authenticated to tailscale + # status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" + # if [ $status = "Running" ]; then # if so, then do nothing + # exit 0 + # fi - # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY - ''; - }; + # # otherwise authenticate with tailscale + # ${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY + # ''; + # }; } diff --git a/hosts/m3-atlas/secrets.nix b/hosts/m3-atlas/secrets.nix index 1cce8a6..d607c11 100644 --- a/hosts/m3-atlas/secrets.nix +++ b/hosts/m3-atlas/secrets.nix @@ -13,6 +13,9 @@ minio-root-cred = { file = ../../secrets/minio-root-cred.age; }; + n8n-env = { + file = ../../secrets/n8n-env.age; + }; restreamer-env = { file = ../../secrets/restreamer-env.age; }; diff --git a/hosts/m3-atlas/services/containers/baserow.nix b/hosts/m3-atlas/services/containers/baserow.nix index 8789eaa..02bf0af 100644 --- a/hosts/m3-atlas/services/containers/baserow.nix +++ b/hosts/m3-atlas/services/containers/baserow.nix @@ -1,6 +1,6 @@ {config, ...}: { virtualisation.oci-containers.containers."baserow" = { - image = "docker.io/baserow/baserow:1.30.1"; + image = "docker.io/baserow/baserow:1.31.1"; environmentFiles = [config.age.secrets.baserow-env.path]; ports = ["127.0.0.1:3001:80"]; volumes = ["baserow_data:/baserow/data"]; diff --git a/hosts/m3-atlas/services/containers/default.nix b/hosts/m3-atlas/services/containers/default.nix index 2e820a8..9e431aa 100644 --- a/hosts/m3-atlas/services/containers/default.nix +++ b/hosts/m3-atlas/services/containers/default.nix @@ -3,6 +3,7 @@ ./baserow.nix ./ghost.nix ./littlelink.nix + ./n8n.nix ./restreamer.nix ]; system.activationScripts.createPodmanNetworkWeb = lib.mkAfter '' diff --git a/hosts/m3-atlas/services/n8n.nix b/hosts/m3-atlas/services/containers/n8n.nix similarity index 53% rename from hosts/m3-atlas/services/n8n.nix rename to hosts/m3-atlas/services/containers/n8n.nix index f6b4041..0925e20 100644 --- a/hosts/m3-atlas/services/n8n.nix +++ b/hosts/m3-atlas/services/containers/n8n.nix @@ -1,14 +1,10 @@ -{ - services.n8n = { - enable = true; - webhookUrl = "https://wf.m3tam3re.com"; - }; - - systemd.services.n8n = { - environment = { - N8N_EDITOR_BASE_URL = "https://wf.m3tam3re.com"; - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = "false"; - }; +{config, ...}: { + virtualisation.oci-containers.containers."n8n" = { + image = "docker.n8n.io/n8nio/n8n"; + environmentFiles = [config.age.secrets.n8n-env.path]; + ports = ["127.0.0.1:5678:5678"]; + volumes = ["n8n_data:/home/node/.n8n"]; + extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.14" "--network=web"]; }; # Traefik configuration specific to n8n diff --git a/hosts/m3-atlas/services/default.nix b/hosts/m3-atlas/services/default.nix index a5746cb..5eca34e 100644 --- a/hosts/m3-atlas/services/default.nix +++ b/hosts/m3-atlas/services/default.nix @@ -5,7 +5,6 @@ ./headscale.nix ./minio.nix ./mysql.nix - ./n8n.nix ./postgres.nix ./searx.nix ./tailscale.nix diff --git a/secrets.nix b/secrets.nix index 528a5ea..217a4e5 100644 --- a/secrets.nix +++ b/secrets.nix @@ -23,6 +23,7 @@ in { "secrets/littlelink-m3tam3re.age".publicKeys = systems ++ users; "secrets/m3tam3re-secrets.age".publicKeys = systems ++ users; "secrets/minio-root-cred.age".publicKeys = systems ++ users; + "secrets/n8n-env.age".publicKeys = systems ++ users; "secrets/restreamer-env.age".publicKeys = systems ++ users; "secrets/searx.age".publicKeys = systems ++ users; "secrets/tailscale-key.age".publicKeys = systems ++ users; diff --git a/secrets/n8n-env.age b/secrets/n8n-env.age new file mode 100644 index 0000000000000000000000000000000000000000..7b8309595b0c882a97e8eee09682c31d5f87133b GIT binary patch literal 1470 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP@$>O6Dp&Aw4fV~g z2s1MEOEole%uGzqw=fC_2rM=>GcqqLPpqsk4>ZvZ^bSs~%H~Qp4=l9QPR~yd@l1Ej z^$7H-^3u-CE!Gb+cQnoQs;n&W@~bR&OSUj^^hLMLG`l>x*ioU#(3F<(F1 zFxcBP-OwV#-!au#KhMxT(5yJo&o9-_+g#t$v79S1-Mm8IE!DNcE4ZS}D=DiWO5ejP z!@0^l)1WZF(8w^TIN9CbtGvqFu^int%M_DH&p?Gr_o#?)^YqNrz&u}5p9;e$%k0Q7 zkHoSvKgY5_FG~w^r`*Ky0!zbO$7HSy@2b2q&y+BK^O8VEA9r8ZFax6$=PFan2on$Y zR3rZ+KZ`u`aL>v}qkMGRjGdB;49gV)4IOOJu&GU0BB8?2n z{rxj7BeP+)6%{8cxCG|7nwN9=c;rPIB`n??G%rWKp!x~E%4TIL%D z8N0itmF4FdRGE7gdHG~o8oDPt6}Tig!lxyMEO=4Y5OK66}UN@7g~A- zre|b?nR1zw8fRqqTNWnzhq#!hMUgK;r8`yXJDP@sS4Kocg$MYQ z2fLJ&n51|IMY^Us8YGuxCnx0vMY$K68M#^JSn3CG`6N478a)jr<9~6WjpzsmKWvfbA^=zMHG|; z`?-5nB$-4cRTfv6c!i~Vx}_O;n585p7MSLmhdR1==DT`@xE6$Dx@wo?8kl4mM->-Z zCWaUohj5t$cxE~~N9wx=gaoHJd7Bwqr1*s;r)9d8m?lS*nT8Z38YE^0M>FVk#l$vB&IEHC^8RQ!TmlkCNd#B|jml&3n_!kwG zgqubs1_WgnmR1I4=T${=J%7M5cTq?r`^+Ct98MitV`wejd-m&p_AW)~9MvCtZd{z4 z?<%nP`HdK9_fJh%gVLA&GUQtLeZtky^9ioA>NZQ+Dkr##YMp)h?$|fkd4X~l5A2)2 ztMzji$E31g!T&{TXUTqW+*$hNjmS&OqK~RRkJ@x)_vU>HdltKDI;Z?xaQu~Vby2`= z&vmz6MtQm|wu=0CvH!T+MaF9thl1wM<>0NOUtLSoj)#f_w`TwV|4b^g literal 0 HcmV?d00001