From 262902c018535549ab6447273a34af99783118d3 Mon Sep 17 00:00:00 2001 From: m3tam3re Date: Sun, 23 Feb 2025 19:07:14 +0100 Subject: [PATCH] n8n@m3-atlas --- hosts/m3-ares/services/default.nix | 3 +- hosts/m3-ares/services/tailscale.nix | 48 +++++++++--------- hosts/m3-atlas/secrets.nix | 3 ++ .../m3-atlas/services/containers/baserow.nix | 2 +- .../m3-atlas/services/containers/default.nix | 1 + .../services/{ => containers}/n8n.nix | 18 +++---- hosts/m3-atlas/services/default.nix | 1 - secrets.nix | 1 + secrets/n8n-env.age | Bin 0 -> 1470 bytes 9 files changed, 39 insertions(+), 38 deletions(-) rename hosts/m3-atlas/services/{ => containers}/n8n.nix (53%) create mode 100644 secrets/n8n-env.age diff --git a/hosts/m3-ares/services/default.nix b/hosts/m3-ares/services/default.nix index 4e0e209..5c09611 100644 --- a/hosts/m3-ares/services/default.nix +++ b/hosts/m3-ares/services/default.nix @@ -5,8 +5,9 @@ ./postgres.nix ./restic.nix ./sound.nix + ./tailscale.nix ./udev.nix - #./wireguard.nix + ./wireguard.nix ]; services = { hypridle.enable = true; diff --git a/hosts/m3-ares/services/tailscale.nix b/hosts/m3-ares/services/tailscale.nix index 7910806..15f40d6 100644 --- a/hosts/m3-ares/services/tailscale.nix +++ b/hosts/m3-ares/services/tailscale.nix @@ -8,33 +8,33 @@ useRoutingFeatures = "client"; }; - systemd.services.tailscale-autoconnect = { - description = "Automatic connection to Tailscale"; + # systemd.services.tailscale-autoconnect = { + # description = "Automatic connection to Tailscale"; - # make sure tailscale is running before trying to connect to tailscale - after = ["network-pre.target" "tailscale.service"]; - wants = ["network-pre.target" "tailscale.service"]; - wantedBy = ["multi-user.target"]; + # # make sure tailscale is running before trying to connect to tailscale + # after = ["network-pre.target" "tailscale.service"]; + # wants = ["network-pre.target" "tailscale.service"]; + # wantedBy = ["multi-user.target"]; - # set this service as a oneshot job - serviceConfig = { - Type = "oneshot"; - EnvironmentFile = "${config.age.secrets.tailscale-key.path}"; - }; + # # set this service as a oneshot job + # serviceConfig = { + # Type = "oneshot"; + # EnvironmentFile = "${config.age.secrets.tailscale-key.path}"; + # }; - # have the job run this shell script - script = with pkgs; '' - # wait for tailscaled to settle - sleep 2 + # # have the job run this shell script + # script = with pkgs; '' + # # wait for tailscaled to settle + # sleep 2 - # check if we are already authenticated to tailscale - status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" - if [ $status = "Running" ]; then # if so, then do nothing - exit 0 - fi + # # check if we are already authenticated to tailscale + # status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" + # if [ $status = "Running" ]; then # if so, then do nothing + # exit 0 + # fi - # otherwise authenticate with tailscale - ${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY - ''; - }; + # # otherwise authenticate with tailscale + # ${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY + # ''; + # }; } diff --git a/hosts/m3-atlas/secrets.nix b/hosts/m3-atlas/secrets.nix index 1cce8a6..d607c11 100644 --- a/hosts/m3-atlas/secrets.nix +++ b/hosts/m3-atlas/secrets.nix @@ -13,6 +13,9 @@ minio-root-cred = { file = ../../secrets/minio-root-cred.age; }; + n8n-env = { + file = ../../secrets/n8n-env.age; + }; restreamer-env = { file = ../../secrets/restreamer-env.age; }; diff --git a/hosts/m3-atlas/services/containers/baserow.nix b/hosts/m3-atlas/services/containers/baserow.nix index 8789eaa..02bf0af 100644 --- a/hosts/m3-atlas/services/containers/baserow.nix +++ b/hosts/m3-atlas/services/containers/baserow.nix @@ -1,6 +1,6 @@ {config, ...}: { virtualisation.oci-containers.containers."baserow" = { - image = "docker.io/baserow/baserow:1.30.1"; + image = "docker.io/baserow/baserow:1.31.1"; environmentFiles = [config.age.secrets.baserow-env.path]; ports = ["127.0.0.1:3001:80"]; volumes = ["baserow_data:/baserow/data"]; diff --git a/hosts/m3-atlas/services/containers/default.nix b/hosts/m3-atlas/services/containers/default.nix index 2e820a8..9e431aa 100644 --- a/hosts/m3-atlas/services/containers/default.nix +++ b/hosts/m3-atlas/services/containers/default.nix @@ -3,6 +3,7 @@ ./baserow.nix ./ghost.nix ./littlelink.nix + ./n8n.nix ./restreamer.nix ]; system.activationScripts.createPodmanNetworkWeb = lib.mkAfter '' diff --git a/hosts/m3-atlas/services/n8n.nix b/hosts/m3-atlas/services/containers/n8n.nix similarity index 53% rename from hosts/m3-atlas/services/n8n.nix rename to hosts/m3-atlas/services/containers/n8n.nix index f6b4041..0925e20 100644 --- a/hosts/m3-atlas/services/n8n.nix +++ b/hosts/m3-atlas/services/containers/n8n.nix @@ -1,14 +1,10 @@ -{ - services.n8n = { - enable = true; - webhookUrl = "https://wf.m3tam3re.com"; - }; - - systemd.services.n8n = { - environment = { - N8N_EDITOR_BASE_URL = "https://wf.m3tam3re.com"; - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = "false"; - }; +{config, ...}: { + virtualisation.oci-containers.containers."n8n" = { + image = "docker.n8n.io/n8nio/n8n"; + environmentFiles = [config.age.secrets.n8n-env.path]; + ports = ["127.0.0.1:5678:5678"]; + volumes = ["n8n_data:/home/node/.n8n"]; + extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.14" "--network=web"]; }; # Traefik configuration specific to n8n diff --git a/hosts/m3-atlas/services/default.nix b/hosts/m3-atlas/services/default.nix index a5746cb..5eca34e 100644 --- a/hosts/m3-atlas/services/default.nix +++ b/hosts/m3-atlas/services/default.nix @@ -5,7 +5,6 @@ ./headscale.nix ./minio.nix ./mysql.nix - ./n8n.nix ./postgres.nix ./searx.nix ./tailscale.nix diff --git a/secrets.nix b/secrets.nix index 528a5ea..217a4e5 100644 --- a/secrets.nix +++ b/secrets.nix @@ -23,6 +23,7 @@ in { "secrets/littlelink-m3tam3re.age".publicKeys = systems ++ users; "secrets/m3tam3re-secrets.age".publicKeys = systems ++ users; "secrets/minio-root-cred.age".publicKeys = systems ++ users; + "secrets/n8n-env.age".publicKeys = systems ++ users; "secrets/restreamer-env.age".publicKeys = systems ++ users; "secrets/searx.age".publicKeys = systems ++ users; "secrets/tailscale-key.age".publicKeys = systems ++ users; diff --git a/secrets/n8n-env.age b/secrets/n8n-env.age new file mode 100644 index 0000000000000000000000000000000000000000..7b8309595b0c882a97e8eee09682c31d5f87133b GIT binary patch literal 1470 zcmZ9{U5wiX0l;xUgEFg>f*74vtxB1?8%qy=#E#>wLpX`!*h%a-b`sm;q5g`U_+rPg zW5)p|HdLW*Eo_vr4RjQ!21u>o=#VPGD74~wh_&plYoQvGsKmBv6`Mw3W4m@MyztWZ zzx2~zv#oi{GsfvC>igd3{ILzjFfjl5Oc*-zmWf~(Ok_~5UK=MFmTEWLX$QeL3(k{$ z&F~9IvnhnRJc7rGmQHa2%?dTqnz?|D3jvX}eOqE|a#$7WGd9~FhF}LLu_2qL5zD1X z#VDX;<37{rKIp+M z3)HD7nLSSM>V8b;I$7KwP89@7c)m|4?*FxMsAbB+0);0)z3Qa_+>!>P$+Q8=I-ge> zR4>Gav`r|454UnO)r)-(n&Hftt@jC-Hj1ONkxmLoElFBH7ByMAY>uW}&Kq=xu3QML zJ`^o9&8P-(JTq#zYIj&rbQ2#9l(s#wL}r>I4R|K;W2f8%5XY7VB^5VYsyhYwnn`MG zh%c}sSstNbGo>*L=?+k-E|k?qiewwQKB|=PfM5jMaXJ`)PI8XJ6M@D{WxOX(BFv3? zRIF7R0_Jg0$WvuGi&I!jLc?|;yO3*DAS$YPe1tc$x$X?mEm3tQzL79y4^m*FXctqE z#H4O2%WAh-PsDN@p=Pb6P!?nySqHmy+3%<-8HA>2Mm^mv@>nt+fJm-j8Cx=HIn*NHX1_cAg6`_p-E6q0?;PYFO?LKZc3tAtmShBlj|70 zekH;TImV=s25Eg!)<~UBoR(<8X4;HN0V4Q%LkwaA0OsfCGZS=BAUjzW@*#0DcEnn5 z!HD2E;>Y8ti>X?(u{9?SM~hK6L5A7q`+^9y;H$pI(Q7AO7dj^X=z%Q{R2yncMEWV>fln-Dh5Ta&Y&)Z@fD9w+CMt^CGw>;GQS zpGJDvmiL2);CGkqGgo*0X7TWQr~kC+!#lsX`jI8~@W-|X+rN4*x&J4}?mq|bbo@t7 z6E8jY#NB)Mu9s2p)X^fk