n8n@m3-atlas

This commit is contained in:
m3tam3re 2025-02-23 19:07:14 +01:00
parent 2ffd84eb4e
commit 262902c018
9 changed files with 39 additions and 38 deletions

View File

@ -5,8 +5,9 @@
./postgres.nix
./restic.nix
./sound.nix
./tailscale.nix
./udev.nix
#./wireguard.nix
./wireguard.nix
];
services = {
hypridle.enable = true;

View File

@ -8,33 +8,33 @@
useRoutingFeatures = "client";
};
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# systemd.services.tailscale-autoconnect = {
# description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = ["network-pre.target" "tailscale.service"];
wants = ["network-pre.target" "tailscale.service"];
wantedBy = ["multi-user.target"];
# # make sure tailscale is running before trying to connect to tailscale
# after = ["network-pre.target" "tailscale.service"];
# wants = ["network-pre.target" "tailscale.service"];
# wantedBy = ["multi-user.target"];
# set this service as a oneshot job
serviceConfig = {
Type = "oneshot";
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
};
# # set this service as a oneshot job
# serviceConfig = {
# Type = "oneshot";
# EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
# };
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# # have the job run this shell script
# script = with pkgs; ''
# # wait for tailscaled to settle
# sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# # check if we are already authenticated to tailscale
# status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
# if [ $status = "Running" ]; then # if so, then do nothing
# exit 0
# fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY
'';
};
# # otherwise authenticate with tailscale
# ${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY
# '';
# };
}

View File

@ -13,6 +13,9 @@
minio-root-cred = {
file = ../../secrets/minio-root-cred.age;
};
n8n-env = {
file = ../../secrets/n8n-env.age;
};
restreamer-env = {
file = ../../secrets/restreamer-env.age;
};

View File

@ -1,6 +1,6 @@
{config, ...}: {
virtualisation.oci-containers.containers."baserow" = {
image = "docker.io/baserow/baserow:1.30.1";
image = "docker.io/baserow/baserow:1.31.1";
environmentFiles = [config.age.secrets.baserow-env.path];
ports = ["127.0.0.1:3001:80"];
volumes = ["baserow_data:/baserow/data"];

View File

@ -3,6 +3,7 @@
./baserow.nix
./ghost.nix
./littlelink.nix
./n8n.nix
./restreamer.nix
];
system.activationScripts.createPodmanNetworkWeb = lib.mkAfter ''

View File

@ -1,14 +1,10 @@
{
services.n8n = {
enable = true;
webhookUrl = "https://wf.m3tam3re.com";
};
systemd.services.n8n = {
environment = {
N8N_EDITOR_BASE_URL = "https://wf.m3tam3re.com";
N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = "false";
};
{config, ...}: {
virtualisation.oci-containers.containers."n8n" = {
image = "docker.n8n.io/n8nio/n8n";
environmentFiles = [config.age.secrets.n8n-env.path];
ports = ["127.0.0.1:5678:5678"];
volumes = ["n8n_data:/home/node/.n8n"];
extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.14" "--network=web"];
};
# Traefik configuration specific to n8n

View File

@ -5,7 +5,6 @@
./headscale.nix
./minio.nix
./mysql.nix
./n8n.nix
./postgres.nix
./searx.nix
./tailscale.nix

View File

@ -23,6 +23,7 @@ in {
"secrets/littlelink-m3tam3re.age".publicKeys = systems ++ users;
"secrets/m3tam3re-secrets.age".publicKeys = systems ++ users;
"secrets/minio-root-cred.age".publicKeys = systems ++ users;
"secrets/n8n-env.age".publicKeys = systems ++ users;
"secrets/restreamer-env.age".publicKeys = systems ++ users;
"secrets/searx.age".publicKeys = systems ++ users;
"secrets/tailscale-key.age".publicKeys = systems ++ users;

BIN
secrets/n8n-env.age Normal file

Binary file not shown.