diff --git a/hosts/m3-ares/services/default.nix b/hosts/m3-ares/services/default.nix index 4e0e209..5c09611 100644 --- a/hosts/m3-ares/services/default.nix +++ b/hosts/m3-ares/services/default.nix @@ -5,8 +5,9 @@ ./postgres.nix ./restic.nix ./sound.nix + ./tailscale.nix ./udev.nix - #./wireguard.nix + ./wireguard.nix ]; services = { hypridle.enable = true; diff --git a/hosts/m3-ares/services/tailscale.nix b/hosts/m3-ares/services/tailscale.nix index 7910806..15f40d6 100644 --- a/hosts/m3-ares/services/tailscale.nix +++ b/hosts/m3-ares/services/tailscale.nix @@ -8,33 +8,33 @@ useRoutingFeatures = "client"; }; - systemd.services.tailscale-autoconnect = { - description = "Automatic connection to Tailscale"; + # systemd.services.tailscale-autoconnect = { + # description = "Automatic connection to Tailscale"; - # make sure tailscale is running before trying to connect to tailscale - after = ["network-pre.target" "tailscale.service"]; - wants = ["network-pre.target" "tailscale.service"]; - wantedBy = ["multi-user.target"]; + # # make sure tailscale is running before trying to connect to tailscale + # after = ["network-pre.target" "tailscale.service"]; + # wants = ["network-pre.target" "tailscale.service"]; + # wantedBy = ["multi-user.target"]; - # set this service as a oneshot job - serviceConfig = { - Type = "oneshot"; - EnvironmentFile = "${config.age.secrets.tailscale-key.path}"; - }; + # # set this service as a oneshot job + # serviceConfig = { + # Type = "oneshot"; + # EnvironmentFile = "${config.age.secrets.tailscale-key.path}"; + # }; - # have the job run this shell script - script = with pkgs; '' - # wait for tailscaled to settle - sleep 2 + # # have the job run this shell script + # script = with pkgs; '' + # # wait for tailscaled to settle + # sleep 2 - # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" - if [ $status = "Running" ]; then # if so, then do nothing - exit 0 - fi + # # check if we are already authenticated to tailscale + # status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" + # if [ $status = "Running" ]; then # if so, then do nothing + # exit 0 + # fi - # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY - ''; - }; + # # otherwise authenticate with tailscale + # ${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY + # ''; + # }; } diff --git a/hosts/m3-atlas/secrets.nix b/hosts/m3-atlas/secrets.nix index 1cce8a6..d607c11 100644 --- a/hosts/m3-atlas/secrets.nix +++ b/hosts/m3-atlas/secrets.nix @@ -13,6 +13,9 @@ minio-root-cred = { file = ../../secrets/minio-root-cred.age; }; + n8n-env = { + file = ../../secrets/n8n-env.age; + }; restreamer-env = { file = ../../secrets/restreamer-env.age; }; diff --git a/hosts/m3-atlas/services/containers/baserow.nix b/hosts/m3-atlas/services/containers/baserow.nix index 8789eaa..02bf0af 100644 --- a/hosts/m3-atlas/services/containers/baserow.nix +++ b/hosts/m3-atlas/services/containers/baserow.nix @@ -1,6 +1,6 @@ {config, ...}: { virtualisation.oci-containers.containers."baserow" = { - image = "docker.io/baserow/baserow:1.30.1"; + image = "docker.io/baserow/baserow:1.31.1"; environmentFiles = [config.age.secrets.baserow-env.path]; ports = ["127.0.0.1:3001:80"]; volumes = ["baserow_data:/baserow/data"]; diff --git a/hosts/m3-atlas/services/containers/default.nix b/hosts/m3-atlas/services/containers/default.nix index 2e820a8..9e431aa 100644 --- a/hosts/m3-atlas/services/containers/default.nix +++ b/hosts/m3-atlas/services/containers/default.nix @@ -3,6 +3,7 @@ ./baserow.nix ./ghost.nix ./littlelink.nix + ./n8n.nix ./restreamer.nix ]; system.activationScripts.createPodmanNetworkWeb = lib.mkAfter '' diff --git a/hosts/m3-atlas/services/n8n.nix b/hosts/m3-atlas/services/containers/n8n.nix similarity index 53% rename from hosts/m3-atlas/services/n8n.nix rename to hosts/m3-atlas/services/containers/n8n.nix index f6b4041..0925e20 100644 --- a/hosts/m3-atlas/services/n8n.nix +++ b/hosts/m3-atlas/services/containers/n8n.nix @@ -1,14 +1,10 @@ -{ - services.n8n = { - enable = true; - webhookUrl = "https://wf.m3tam3re.com"; - }; - - systemd.services.n8n = { - environment = { - N8N_EDITOR_BASE_URL = "https://wf.m3tam3re.com"; - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = "false"; - }; +{config, ...}: { + virtualisation.oci-containers.containers."n8n" = { + image = "docker.n8n.io/n8nio/n8n"; + environmentFiles = [config.age.secrets.n8n-env.path]; + ports = ["127.0.0.1:5678:5678"]; + volumes = ["n8n_data:/home/node/.n8n"]; + extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.14" "--network=web"]; }; # Traefik configuration specific to n8n diff --git a/hosts/m3-atlas/services/default.nix b/hosts/m3-atlas/services/default.nix index a5746cb..5eca34e 100644 --- a/hosts/m3-atlas/services/default.nix +++ b/hosts/m3-atlas/services/default.nix @@ -5,7 +5,6 @@ ./headscale.nix ./minio.nix ./mysql.nix - ./n8n.nix ./postgres.nix ./searx.nix ./tailscale.nix diff --git a/secrets.nix b/secrets.nix index 528a5ea..217a4e5 100644 --- a/secrets.nix +++ b/secrets.nix @@ -23,6 +23,7 @@ in { "secrets/littlelink-m3tam3re.age".publicKeys = systems ++ users; "secrets/m3tam3re-secrets.age".publicKeys = systems ++ users; "secrets/minio-root-cred.age".publicKeys = systems ++ users; + "secrets/n8n-env.age".publicKeys = systems ++ users; "secrets/restreamer-env.age".publicKeys = systems ++ users; "secrets/searx.age".publicKeys = systems ++ users; "secrets/tailscale-key.age".publicKeys = systems ++ users; diff --git a/secrets/n8n-env.age b/secrets/n8n-env.age new file mode 100644 index 0000000..7b83095 Binary files /dev/null and b/secrets/n8n-env.age differ