+m3-daedalus

2025-05-26 11:36:25 +02:00
parent 8c9860674b
commit a11ee7ee02
18 changed files with 265 additions and 107 deletions
--- a/hosts/m3-aether/services/cloud-init.nix
+++ b/hosts/m3-aether/services/cloud-init.nix
@ -0,0 +1,7 @@
+{
+  services.cloud-init = {
+    enable = true;
+    ext4.enable = true;
+    network.enable = true;
+  };
+}
--- a/hosts/m3-atlas/secrets.nix
+++ b/hosts/m3-atlas/secrets.nix
@ -7,6 +7,13 @@
      ghost-env = {
        file = ../../secrets/ghost-env.age;
      };
+      kestra-config = {
+        file = ../../secrets/kestra-config.age;
+        mode = "644";
+      };
+      kestra-env = {
+        file = ../../secrets/kestra-env.age;
+      };
      littlelink-m3tam3re = {
        file = ../../secrets/littlelink-m3tam3re.age;
      };
--- a/hosts/m3-atlas/services/containers/default.nix
+++ b/hosts/m3-atlas/services/containers/default.nix
@ -2,6 +2,7 @@
  imports = [
    ./baserow.nix
    ./ghost.nix
+    ./kestra.nix
    ./littlelink.nix
    ./matomo.nix
    # ./n8n.nix
--- a/hosts/m3-atlas/services/containers/kestra.nix
+++ b/hosts/m3-atlas/services/containers/kestra.nix
@ -0,0 +1,34 @@
+{ config, ... }: {
+  virtualisation.oci-containers.containers."kestra" = {
+    image = "docker.io/kestra/kestra:latest";
+    environmentFiles = [ config.age.secrets.kestra-env.path ];
+    cmd = [ "server" "standalone" "--config" "/etc/config/application.yaml"];
+    ports = [ "127.0.0.1:3018:8080" ];
+    user = "root";
+    volumes = [
+      "/var/run/docker.sock:/var/run/docker.sock"
+      "${config.age.secrets.kestra-config.path}:/etc/config/application.yaml"
+      "kestra_data:/app/storage"
+      "/tmp/kestra-wd:/tmp/kestra-wd"
+    ];
+    extraOptions =
+      [ "--add-host=postgres:10.89.0.1" "--ip=10.89.0.18" "--network=web" ];
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /tmp/kestra-wd 0750 1000 1000 - -"
+  ];
+
+  # Traefik configuration specific to littlelink
+  services.traefik.dynamicConfigOptions.http = {
+    services.kestra.loadBalancer.servers =
+      [{ url = "http://localhost:3018/"; }];
+
+    routers.kestra = {
+      rule = "Host(`k.m3ta.dev`)";
+      tls = { certResolver = "godaddy"; };
+      service = "kestra";
+      entrypoints = "websecure";
+    };
+  };
+}
--- a/hosts/m3-atlas/services/postgres.nix
+++ b/hosts/m3-atlas/services/postgres.nix
@ -19,6 +19,7 @@

      # Podman network connections for Baserow
      host    baserow      baserow      10.89.0.0/24    scram-sha-256
+      host    kestra       kestra       10.89.0.0/24    scram-sha-256

      # Deny all other connections
      local   all       all       reject
@ -29,7 +30,7 @@
  services.postgresqlBackup = {
    enable = true;
    startAt = "03:10:00";
-    databases = ["baserow" "paperless"];
+    databases = ["baserow" "paperless" "kestra"];
  };
  networking.firewall = {
    extraCommands = ''
--- a/hosts/m3-atlas/services/tailscale.nix
+++ b/hosts/m3-atlas/services/tailscale.nix
@ -20,7 +20,7 @@
      onState = ["routable"];
      script = ''
        NETDEV=$(ip -o route get 8.8.8.8 | cut -f 5 -d " ")
-        ${pkgs.ethtool}/bin/ethtool -K $NETDEV rx-udp-gro-forwarding on rx-gro-list off
+        ${pkgs.ethtool}/bin/ethtool -K "$NETDEV" rx-udp-gro-forwarding on rx-gro-list off
      '';
    };
  };
--- a/hosts/m3-hermes/default.nix
+++ b/hosts/m3-hermes/default.nix
@ -5,8 +5,6 @@

  system.stateVersion = "24.11";

-  networking.hostName = "m3-hermes";
-
  services.cloud-init = {
    enable = true;
  };
@ -25,8 +23,4 @@
  systemd.network.enable = true;

  console.keyMap = "us";
-
-  # Bootloader
-  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda";
 }