diff --git a/home/features/desktop/coding.nix b/home/features/desktop/coding.nix index f8d2a58..5b25c81 100644 --- a/home/features/desktop/coding.nix +++ b/home/features/desktop/coding.nix @@ -13,6 +13,7 @@ in { config = mkIf cfg.enable { home.packages = with pkgs; [ bruno + filezilla insomnia ]; diff --git a/hosts/AZ-CLD-1/secrets.nix b/hosts/AZ-CLD-1/secrets.nix index e90ce70..aecbce0 100644 --- a/hosts/AZ-CLD-1/secrets.nix +++ b/hosts/AZ-CLD-1/secrets.nix @@ -31,6 +31,14 @@ hetzner-s3-az-intern-access-key = { file = ../../secrets/hetzner-s3-az-intern-access-key.age; }; + zammad-pw = { + file = ../../secrets/zammad-pw.age; + owner = "zammad"; + }; + zammad-secret = { + file = ../../secrets/zammad-secret.age; + owner = "zammad"; + }; }; }; } diff --git a/hosts/AZ-CLD-1/services/default.nix b/hosts/AZ-CLD-1/services/default.nix index 2e9dce2..44558a8 100644 --- a/hosts/AZ-CLD-1/services/default.nix +++ b/hosts/AZ-CLD-1/services/default.nix @@ -9,5 +9,6 @@ ./postgres.nix ./traefik.nix ./vaultwarden.nix + ./zammad.nix ]; } diff --git a/hosts/AZ-CLD-1/services/postgres.nix b/hosts/AZ-CLD-1/services/postgres.nix index 0755294..7ac1872 100644 --- a/hosts/AZ-CLD-1/services/postgres.nix +++ b/hosts/AZ-CLD-1/services/postgres.nix @@ -44,6 +44,7 @@ local n8n n8n scram-sha-256 local outline outline scram-sha-256 local vaultwarden vaultwarden scram-sha-256 + local zammad zammad scram-sha-256 # Localhost connections (IPv4 and IPv6) host all postgres 127.0.0.1/32 scram-sha-256 @@ -58,6 +59,9 @@ host vaultwarden vaultwarden 127.0.0.1/32 scram-sha-256 host vaultwarden vaultwarden ::1/128 scram-sha-256 + host zammad zammad 127.0.0.1/32 scram-sha-256 + host zammad zammad ::1/128 scram-sha-256 + # Podman network connections for Baserow host baserow baserow 10.89.0.0/24 scram-sha-256 host kestra kestra 10.89.0.0/24 scram-sha-256 @@ -72,7 +76,7 @@ services.postgresqlBackup = { enable = true; startAt = "03:10:00"; - databases = ["baserow" "kestra" "librechat_rag" "n8n" "outline" "vaultwarden"]; + databases = ["baserow" "kestra" "librechat_rag" "n8n" "outline" "vaultwarden" "zammad"]; }; services.pgadmin = { enable = true; diff --git a/hosts/AZ-CLD-1/services/zammad.nix b/hosts/AZ-CLD-1/services/zammad.nix new file mode 100644 index 0000000..0275f69 --- /dev/null +++ b/hosts/AZ-CLD-1/services/zammad.nix @@ -0,0 +1,34 @@ +{config, ...}:{ + services = { + zammad = { + enable = true; + openPorts = false; + port = 3034; + secretKeyBaseFile = "${config.age.secrets.zammad-secret.path}"; + database = { + createLocally = false; + port = 5432; + host = "127.0.0.1"; + passwordFile = "${config.age.secrets.zammad-pw.path}"; + }; + }; + }; + + # Traefik configuration specific to littlelink + services.traefik.dynamicConfigOptions.http = { + services.zammad.loadBalancer.servers = [ + { + url = "http://localhost:3034/"; + } + ]; + + routers.zammad = { + rule = "Host(`help.az-gruppe.com`)"; + tls = { + certResolver = "ionos"; + }; + service = "zammad"; + entrypoints = "websecure"; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index 604abaf..acec2db 100644 --- a/secrets.nix +++ b/secrets.nix @@ -21,4 +21,6 @@ in { "secrets/pgadmin-pw.age".publicKeys = systems ++ users; "secrets/vaultwarden-env.age".publicKeys = systems ++ users; "secrets/vaultwarden-db.age".publicKeys = systems ++ users; + "secrets/zammad-pw.age".publicKeys = systems ++ users; + "secrets/zammad-secret.age".publicKeys = systems ++ users; } diff --git a/secrets/zammad-pw.age b/secrets/zammad-pw.age new file mode 100644 index 0000000..46bac28 --- /dev/null +++ b/secrets/zammad-pw.age @@ -0,0 +1,11 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBEZTVj +RmV1ODV4bWJlV2lWN2pod290M0tSbTRKZzZwUHFYRVNjWlRHK21vCnNaL3Axc29T +MlVCT2RFS2hZRjlWdVN2dWFrS2ozU3UzbzhkVHNkT3FnS3MKLT4gc3NoLWVkMjU1 +MTkgQ1NNeWhnIFFTSVBOUExXUWlkK3hvVVVIWDUvbWZKYytjTktEQlYySDYvcGdt +MWd0bVkKSmdLNmZocDJzR1IzbUY5UnIwYi9QNW9SVnpuTzBuRlhnZEVzektzd2t0 +YwotPiA8ci1ncmVhc2Ugd3opclF1IG52IDhmITZPdFAKZU1VWmpIYnNlVmtKYTZR +c29USmhEelN4ZWE4b3RqRkoxOG1UL3NTWFdhWVNkWFlVOHJ4dkF3Ci0tLSBjdkVY +Qng2c3hFcnFwY25laE44dHpEUVRvL1ZSYkVNUnY4bllNbzlmL2VvChj2mK4ic7/9 +moMEsJIKG/PZz0kHDzDnmHAEyYTEpShixmnj2tl9k9UxTMZG8lVj +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/zammad-secret.age b/secrets/zammad-secret.age new file mode 100644 index 0000000..16e5930 --- /dev/null +++ b/secrets/zammad-secret.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBPbVJt +b28xdkl3Z0laRVg2eU9MZjJLUms1QVpvZkw4SWhoRm5JTTllS2dBCkVTK3NPYjZq +NVdiRmVhWXZXUUVIcEZVWTZLekVDdnBFUDViU0tha3ZRSVUKLT4gc3NoLWVkMjU1 +MTkgQ1NNeWhnIG9ic05MZi9XWHBPWmtQTzZVdmU1ekYyNExKeXg3VDAxbHNpRjgw +UlhyeDQKZ1ErOGw1ZFl0N3dTNmozRzZzazlWWnY5bCsrNVhnZzBsLzZsNlFLVmJR +NAotPiBlOSomL0k/YS1ncmVhc2UgKzs8XmZlMmcgR18KaHlBbzFuelVKc3IvTzE2 +QWZkYmQyamZLMElVRlA1NkI5OTVvcDdEWUhVTmpZV2Z6RWtVSTcyM1JBcWNnM3Fq +bQprNWVlZ1EKLS0tIFZpbCtrY3dLNFdpZ3didHF1cndrNzllOVE3Ykk3eWl4cGRY +NDhTaE1vb2sKA8yVrMv119ZAbidadw1qJxKSnmz/EChZV5OEDxcSuCGMd04mxi98 +/n4oD9KUFaDztmG+wTqjeaUGNwNl3peq/OgRXSZJtCgqlXtteG7tYX9enrztQnzV +jmw8rY/1IJ0SZ6PSM7tsWg6ePvbiWNrxlVvZDmc0bCXZ7CvCRoZPf7oTV0JukLwY +BcUk6LUYfenE0H+uuD1jRm3MJnF4UawKY/c= +-----END AGE ENCRYPTED FILE-----