n8n@m3-atlas

2025-02-23 19:07:14 +01:00 · 2025-02-23 19:07:14 +01:00 · 262902c018
commit 262902c018
parent 2ffd84eb4e
9 changed files with 39 additions and 38 deletions
--- a/hosts/m3-ares/services/default.nix
+++ b/hosts/m3-ares/services/default.nix
@ -5,8 +5,9 @@
    ./postgres.nix
    ./restic.nix
    ./sound.nix
+    ./tailscale.nix
    ./udev.nix
-    #./wireguard.nix
+    ./wireguard.nix
  ];
  services = {
    hypridle.enable = true;
--- a/hosts/m3-ares/services/tailscale.nix
+++ b/hosts/m3-ares/services/tailscale.nix
@ -8,33 +8,33 @@
    useRoutingFeatures = "client";
  };

-  systemd.services.tailscale-autoconnect = {
-    description = "Automatic connection to Tailscale";
+  # systemd.services.tailscale-autoconnect = {
+  #   description = "Automatic connection to Tailscale";

-    # make sure tailscale is running before trying to connect to tailscale
-    after = ["network-pre.target" "tailscale.service"];
-    wants = ["network-pre.target" "tailscale.service"];
-    wantedBy = ["multi-user.target"];
+  #   # make sure tailscale is running before trying to connect to tailscale
+  #   after = ["network-pre.target" "tailscale.service"];
+  #   wants = ["network-pre.target" "tailscale.service"];
+  #   wantedBy = ["multi-user.target"];

-    # set this service as a oneshot job
-    serviceConfig = {
-      Type = "oneshot";
-      EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
-    };
+  #   # set this service as a oneshot job
+  #   serviceConfig = {
+  #     Type = "oneshot";
+  #     EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
+  #   };

-    # have the job run this shell script
-    script = with pkgs; ''
-      # wait for tailscaled to settle
-      sleep 2
+  #   # have the job run this shell script
+  #   script = with pkgs; ''
+  #     # wait for tailscaled to settle
+  #     sleep 2

-      # check if we are already authenticated to tailscale
-      status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
-      if [ $status = "Running" ]; then # if so, then do nothing
-        exit 0
-      fi
+  #     # check if we are already authenticated to tailscale
+  #     status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
+  #     if [ $status = "Running" ]; then # if so, then do nothing
+  #       exit 0
+  #     fi

-      # otherwise authenticate with tailscale
-      ${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY
-    '';
-  };
+  #     # otherwise authenticate with tailscale
+  #     ${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY
+  #   '';
+  # };
 }
--- a/hosts/m3-atlas/secrets.nix
+++ b/hosts/m3-atlas/secrets.nix
@ -13,6 +13,9 @@
      minio-root-cred = {
        file = ../../secrets/minio-root-cred.age;
      };
+      n8n-env = {
+        file = ../../secrets/n8n-env.age;
+      };
      restreamer-env = {
        file = ../../secrets/restreamer-env.age;
      };
--- a/hosts/m3-atlas/services/containers/baserow.nix
+++ b/hosts/m3-atlas/services/containers/baserow.nix
@ -1,6 +1,6 @@
 {config, ...}: {
  virtualisation.oci-containers.containers."baserow" = {
-    image = "docker.io/baserow/baserow:1.30.1";
+    image = "docker.io/baserow/baserow:1.31.1";
    environmentFiles = [config.age.secrets.baserow-env.path];
    ports = ["127.0.0.1:3001:80"];
    volumes = ["baserow_data:/baserow/data"];
--- a/hosts/m3-atlas/services/containers/default.nix
+++ b/hosts/m3-atlas/services/containers/default.nix
@ -3,6 +3,7 @@
    ./baserow.nix
    ./ghost.nix
    ./littlelink.nix
+    ./n8n.nix
    ./restreamer.nix
  ];
  system.activationScripts.createPodmanNetworkWeb = lib.mkAfter ''
--- a/hosts/m3-atlas/services/containers/n8n.nix
+++ b/hosts/m3-atlas/services/containers/n8n.nix
@ -1,14 +1,10 @@
-{
-  services.n8n = {
-    enable = true;
-    webhookUrl = "https://wf.m3tam3re.com";
-  };
-
-  systemd.services.n8n = {
-    environment = {
-      N8N_EDITOR_BASE_URL = "https://wf.m3tam3re.com";
-      N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = "false";
-    };
+{config, ...}: {
+  virtualisation.oci-containers.containers."n8n" = {
+    image = "docker.n8n.io/n8nio/n8n";
+    environmentFiles = [config.age.secrets.n8n-env.path];
+    ports = ["127.0.0.1:5678:5678"];
+    volumes = ["n8n_data:/home/node/.n8n"];
+    extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.14" "--network=web"];
  };

  # Traefik configuration specific to n8n
--- a/hosts/m3-atlas/services/default.nix
+++ b/hosts/m3-atlas/services/default.nix
@ -5,7 +5,6 @@
    ./headscale.nix
    ./minio.nix
    ./mysql.nix
-    ./n8n.nix
    ./postgres.nix
    ./searx.nix
    ./tailscale.nix
--- a/secrets.nix
+++ b/secrets.nix
@ -23,6 +23,7 @@ in {
  "secrets/littlelink-m3tam3re.age".publicKeys = systems ++ users;
  "secrets/m3tam3re-secrets.age".publicKeys = systems ++ users;
  "secrets/minio-root-cred.age".publicKeys = systems ++ users;
+  "secrets/n8n-env.age".publicKeys = systems ++ users;
  "secrets/restreamer-env.age".publicKeys = systems ++ users;
  "secrets/searx.age".publicKeys = systems ++ users;
  "secrets/tailscale-key.age".publicKeys = systems ++ users;
--- a/secrets/n8n-env.age
+++ b/secrets/n8n-env.age