From 57bc3b9453211116fcc2dd9fca8f6b7cf58f6fca Mon Sep 17 00:00:00 2001
From: "sascha.koenig" <sascha.koenig@azintec.com>
Date: Fri, 13 Mar 2026 06:20:57 +0100
Subject: [PATCH] feat: add postgres config for kestra_prm

---
 home/users/sascha.koenig/AZLT124-L.nix        | 10 +--
 .../AZ-CLD-1/services/containers/baserow.nix  | 17 +++++
 hosts/AZ-CLD-1/services/postgres.nix          |  4 ++
 hosts/AZ-PRM-1/secrets.nix                    |  2 +-
 secrets.nix                                   |  1 +
 secrets/n8n-env-prm.age                       | 35 ++++++++++
 secrets/n8n-env.age                           | 66 ++++++++++---------
 7 files changed, 97 insertions(+), 38 deletions(-)
 create mode 100644 secrets/n8n-env-prm.age

diff --git a/home/users/sascha.koenig/AZLT124-L.nix b/home/users/sascha.koenig/AZLT124-L.nix
index 8c002c4..2f508ef 100644
--- a/home/users/sascha.koenig/AZLT124-L.nix
+++ b/home/users/sascha.koenig/AZLT124-L.nix
@@ -48,7 +48,7 @@ in {
         wallpaper = [
           "eDP-1,/home/sascha.koenig/.config/hypr/wallpapers/wallhaven-lmmo8r_2560x1600.png"
           "DP-8,/home/sascha.koenig/.config/hypr/wallpapers/wallhaven-lmmo8r_2560x1600.png"
-          "DP-9,/home/sascha.koenig/.config/hypr/wallpapers/wallhaven-lmmo8r_2560x1600.png"
+          "DP-10,/home/sascha.koenig/.config/hypr/wallpapers/wallhaven-lmmo8r_2560x1600.png"
         ];
       };
 
@@ -81,10 +81,10 @@ in {
           workspace = [
             "1, monitor:eDP-1, default:true"
             "2, monitor:eDP-1"
-            "3, monitor:DP-9"
-            "4, monitor:DP-9"
-            "5, monitor:DP-8"
-            "6, monitor:DP-8"
+            "3, monitor:DP-8"
+            "4, monitor:DP-8"
+            "5, monitor:DP-10"
+            "6, monitor:DP-10"
           ];
           windowrule = [
             "match:class com.obsproject.Studio, workspace 1"
diff --git a/hosts/AZ-CLD-1/services/containers/baserow.nix b/hosts/AZ-CLD-1/services/containers/baserow.nix
index f796a78..f1604a3 100644
--- a/hosts/AZ-CLD-1/services/containers/baserow.nix
+++ b/hosts/AZ-CLD-1/services/containers/baserow.nix
@@ -36,5 +36,22 @@ in {
       service = serviceName;
       entrypoints = "websecure";
     };
+
+    routers.azubi = {
+      rule = "Host(`azubi.az-gruppe.com`)";
+      tls = {
+        certResolver = "ionos";
+      };
+      service = serviceName;
+      entrypoints = "websecure";
+    };
+    routers.ausbilder = {
+      rule = "Host(`ausbilder.az-gruppe.com`)";
+      tls = {
+        certResolver = "ionos";
+      };
+      service = serviceName;
+      entrypoints = "websecure";
+    };
   };
 }
diff --git a/hosts/AZ-CLD-1/services/postgres.nix b/hosts/AZ-CLD-1/services/postgres.nix
index c25c992..63453e1 100644
--- a/hosts/AZ-CLD-1/services/postgres.nix
+++ b/hosts/AZ-CLD-1/services/postgres.nix
@@ -119,6 +119,9 @@
       host    litellm             litellm             10.89.0.0/24       scram-sha-256
       host    netbird             netbird             10.89.0.0/24       scram-sha-256
 
+      # Netbird network connections
+      host    az_kpi_raw          kestra_prm          100.91.49.26/32    scram-sha-256
+
       # Deny all other connections
       local   all                 all                 reject
       host    all                 all                 0.0.0.0/0          reject
@@ -151,6 +154,7 @@
       iptables -A INPUT -p tcp -s 127.0.0.1 --dport 5432 -j ACCEPT
       iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport 5432 -j ACCEPT
       iptables -A INPUT -p tcp -s 10.89.1.0/24 --dport 5432 -j ACCEPT
+      iptables -A INPUT -p tcp -s 100.91.49.26/32 --dport 5432 -j ACCEPT
     '';
   };
 }
diff --git a/hosts/AZ-PRM-1/secrets.nix b/hosts/AZ-PRM-1/secrets.nix
index 0229f0b..eb12a76 100644
--- a/hosts/AZ-PRM-1/secrets.nix
+++ b/hosts/AZ-PRM-1/secrets.nix
@@ -10,7 +10,7 @@
       };
       kestra-env = {file = ../../secrets/kestra-env.age;};
       n8n-env = {
-        file = ../../secrets/n8n-env.age;
+        file = ../../secrets/n8n-env-prm.age;
       };
       pgadmin-pw = {
         file = ../../secrets/pgadmin-pw.age;
diff --git a/secrets.nix b/secrets.nix
index 90e761f..032304b 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -25,6 +25,7 @@ in {
   "secrets/litellm-env.age".publicKeys = systems ++ users;
   "secrets/metabase-env.age".publicKeys = systems ++ users;
   "secrets/n8n-env.age".publicKeys = systems ++ users;
+  "secrets/n8n-env-prm.age".publicKeys = systems ++ users;
   "secrets/n8n-db.age".publicKeys = systems ++ users;
   "secrets/netbird-auth-secret.age".publicKeys = systems ++ users;
   "secrets/netbird-db-password.age".publicKeys = systems ++ users;
diff --git a/secrets/n8n-env-prm.age b/secrets/n8n-env-prm.age
new file mode 100644
index 0000000..07aabcf
--- /dev/null
+++ b/secrets/n8n-env-prm.age
@@ -0,0 +1,35 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBBbzlJ
+U0xXd2RyeVJXblFzeis1NTUvTitCZmxlYVMxbWhKNTlwTEgvOFdzCjFEa3FjTm96
+TTdoWWIwV0lDZUcxbDJkQ2ZpK2t6aXJPNy9aZXQzbDkvYlkKLT4gc3NoLWVkMjU1
+MTkgU3JIYXFBIEU4OEt0RlhUZlRlUzNTMlRCSDUwUkhUbG8vZG9NSUJ1Q3JxVm5T
+WU1FMTQKS0huejlvdkFJLytRcUw5dU9XdnkyZUR6WHl2TkFtd1FobGxZUGduRXZU
+SQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgZW9ZZllzOU1EdmQySHBiRWM1L1dzcjgw
+L3JhWVB3dnVHSFlydEZwNFlnbwp4eWRuTWRCci92SGE5V1hJT3NQZ1lsWkpkU1R1
+cVJ4SjNLTUlONWNaMERzCi0+IHNzaC1lZDI1NTE5IENTTXloZyBSSis4MWhxR3JV
+RGY4V0h0NUdYMDJzd0dqOFZzRnJ0RjZIbVYyYTNSWWlJClhhVWhiNzgrQlZQaDND
+VTBMNlZKRFNsaSs1N3FsM0taRFVpZ01ha2l1alkKLT4gd3FhaWNcbV4tZ3JlYXNl
+IDp0ZnAKZHlLcHJSOElYTEZFNmFxdDBQTU1XZnhTRXVDZiswanp3cnkzT0dzeSta
+aFNTV0ZOUEpFYk1KYUVJSGU5NlV0SwpKUQotLS0gY011RXdUbmJrOTNzVmtNOUpJ
+c01UOTl4OXZkLzBjTXl2NzNQNlNBT2ptRQp7QiUkXygzzq4vn+JyEikKiO5Tlp9H
+QNYQGTLaWJpkY8afT04ux3/JiAKdkEpbQA8RPNbDlHc7YYQ04UMY3iKPnWTbZpLT
+PaqTamseLzubX8vKdvJnD0QsEnuUxNSDu68FGW9MNDPrQDvM4A47hmHNX7bdFl1J
+cE4oH0VAHdG1yg3lcTyaRYp+dfKIv2dpzpvnPLHB/IPdpaxFSn3YVerMXCMYelR5
+otSBUyqf2iY0NyEqkBDYCmNiD5tRCUuwteeMMmpvUbXpzmnpDj6U0QM/R6C7BQPB
+/K8cKE23SgxamvkMqK/blgTNlUcO8/KAJrkSGqeQ37m2RrCgUVB53tVaInSFi4ds
+K1PL/CmVGFTF7DCOSTsX7CzyivG+Ii0asonyVlsbURMVbf5WhWWUxBMMEvY2AMSC
+l1lHij3Qbc39IHY70mezkIuU1jlGtTrb0pmoymWfSSpiCTYKKky69y1mxRB6m1Ir
+kfwI0ykG6mbyHG7FfHkzwCYI+5qmbdGs6VcaK5aIiCCwz0fd/MW7z3TnKW8gikaY
+hOHK5Pmse5B/JMY3lG96G6cbT3vm1YVDmutRp5lFMwX7TmiCiYBIyTdaVkekbNzg
+iPryKQKTlpDNlmpGr63O4+id+fU5Qa/d6ja92D01PzweeSxRPe0Uh9Ps42oOlGzS
+9k9sKuXFVaeG5TiJIcV6rukmYEuYWo/kaFRK4bq6lYhxxhQEAcxGyprC2CHkFYHl
+5slXn+l2XYX0X/iltWkH9H8BW/g9rBfUnZgPYHdx0MypOzPH+S4inomdCNJYytZ1
+h5wu20m/pjxmc2yLSy/psTrwIDOft0b6NQjvVfU+74ZBV7rREcY5ymAFdioEAEyw
+2QleXg9ihlkeg7GSgsvyPFgh/T1GysZdo8QatBbNOS/hiEidCiUpfyytHlf7ZM3V
+nQmZDKt0HRs0pHfWwLAoT1yTp2pjr9BMSJ8KItR2L2pGo0EpgAGMG+p7ssbIt9VR
+QhsIyYxDQyeKasxoyFogW28KnMySr4uKBHuYEk5ht6d7spv2u5y+/FxxhSZaHqgv
+fvsqtFOuyHI8Exa9QsbyF3hp0JBmj1BWGYJGLZrjFm9TDQ/2y3bG9AJXuy4CDUgS
+tFIIb1wAXJnd7ndomGDVr8kdcFlR65IKcZbTlzt/2hFxgxq7QQyVGyfAeqpNRp2U
+512yBw98SKYxrcvV0nFxkUPzS1E0IEnxappsnaW+kN8XcdiAG+oOAM9PIoc/vQFc
+1FNOvJhUTg5wCZFbfZkCbWWKP+hk4YhoFzw56m8pwlDwMQKkc9whKuCvXX5bSb0=
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/n8n-env.age b/secrets/n8n-env.age
index 0752741..93fd6bd 100644
--- a/secrets/n8n-env.age
+++ b/secrets/n8n-env.age
@@ -1,34 +1,36 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBSUVY0
-Y0V2Rlk0Z2ZMa3NmKzZKTnIyak1raitMcWlBbXZuTmwydTNEUjFRCm56dStWdUNF
-alZSYXFka280bGRiZElEU0R1ZHloZ1REL2hXVFhGUlJRN0EKLT4gc3NoLWVkMjU1
-MTkgU3JIYXFBIEFTckw2OEtVTGtPbWpwUzNBaE0vV2M4VzF3YUFBMlZha2o2a3pq
-c25JbEUKMHlGWlpya3I2dTYwTzNOSTQ0cXozK0pIakZ2SW9VaENYQlY3eTF6eW5Z
-YwotPiBzc2gtZWQyNTUxOSBsR3FWWmcga0lVMTZIdDBEdEJxRUpuU3JHeEZOajNT
-amtFYTFxMEFPYkFYeDdSdUl3WQpwMlF2RzlRY20xQjk3N09JQjkzMzRGYndibUpj
-ZmtXYzQ2cnpDWkhCWlFFCi0+IHNzaC1lZDI1NTE5IENTTXloZyBIQllKZzZndk4z
-VzJUM04zMEFHZWQzS0VtWFExY0VoNTZ0Mm56SlhVNzBvCnJLSlE1cGp5bkJ6dlMv
-QjlFbk4zZW1lU095Y1Z1OWI3aW8rSnl2R0VMMW8KLT4gd3FvLWdyZWFzZSAhXWVV
-IFIgYUthSQoyUEx2QVd5OUZKUQotLS0gMkRmbmRkTk9jRzc5Y252Z0xxRTJLN0Jm
-Nk90MGR6Q25iRE9TZk5rU2dzVQqbJeCiLsKte4eOeDIVa+ASFaDW+dg0ClDITFRU
-yrigeQCS3Fj4PGW2xWNP03l4Kk9FJrItTdm3zvHi28BOwWnx4ro3rxCDyArdDu7j
-MvNZMi5dxNUhUVfCdxFMx31z0KGWg6LyG1E6NcWSNPKrs6YMpQSdE6z37CdwLP31
-nQgw7yBoxZ++CPn9+olJGJS0sJ23Gfosccyic04adcMvw5XzFQJZShwsKw1DOYwo
-HLK80jjjrK90UMsEJK6tEZJzzWYZHX9fj2rvPAYDdHahpp4+qIFQsuOrSNvDRmp+
-BHqxSBcSavhR7IcOpX0eGwc6+NJt+WJDCBUJnMysla5mJiWTQ3b5jFlNFsD36U+b
-UiLSbSeO5Me+1n0fNK3qmx0CcxAr0WilOfmj6oDA8BTShXGx8GuzMe4XTzbMlamd
-WBwWX0Ld/pTrq4MrBwsJ4eqzV7Eg9tI/75ZLMetz2piiyClygxH3JbrdJl9n5BIE
-hPj8BFBbyABocYVvgYRQwL6uGahZKcfFG0P32ZjF0LNytYqkLP8tCax8nBOa1t38
-yljKC+EJ2wI8/jJGyA0JIgms71I5atlInmWFSCgvH2UVUiGS+UZmmNC1O83g6wpL
-6MU3E6rCyLXPP8Id9/pyhC9VHjqrqsLqL6+qmRUduJFHiv1Lke+KByPZZP8FjRy9
-V27t3HQ+FAKjwI45WF2A5LoqQ9khnucc1gdLY+b2ouHpkFnXLmA4QFqmgPCUpcEI
-z8o1U5wFuQYYF8UG7tculizft3iAZ1O9uU0PmtxLLGFHRS9aAnGCZJTbQMxdIlsP
-9S8gCS2bWnqUzXfRKXna6FixwAzIiZRdCyk3uC3EhbpmPc+qJmF1JKsIyv0OKPnM
-8yuN0DOh6Czz5tKPXY2vMxOups6KboW3/O61Y20TjJ7Y2gA5bpkbstXv3x+Mr4+5
-ux19JjNe0ylqCu7TV538GIFmEeITfuf8ZUcxynA2t6LzSMFmZFycQI4u3JvVF3fl
-cIPi9xOAPiP4tVyoZrY79VYHEN8s4WJi2hhYyvUPYItZ6rX9R0mS2mTcZpZ7yq46
-2lbL2s547kgTaVeiOSGY0dA8Ene4rnXCw1Lng+vGKqPRqo2b9Ru7clKnNcwqumut
-6WDYfWWEboY21xtH0iTQoQUaRaewb3dBtC8RHS7HhiZwg0fwOq9Cok4WeWi1Mk2o
-/uHcY8B/sEMxfhe05KFeYqtY7OQ7HBiyz0qtjuKWM21HOlTaeHF7KZDlNC18lwXl
-wntmDt++CCcCoWyJ0zPkarWlpQrMwMGLXexf5G6vyFMAXzy+2xdn4T8=
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBhLzMr
+K05GUnNuQndGa2JoSm5TT2ZpU3FOTTZ6aG9SdElHREVjQm5BRERRCjBwelhQTjBi
+L1JXOXhSZ1BpNDhqdGRCV3dwNFFjbXdPSzNINXVFRU9ydzQKLT4gc3NoLWVkMjU1
+MTkgU3JIYXFBIDFFd0xzbDhEOUNxdDdudVFLeU1yM2VqR3RwOHZFM2VQMmpHNStS
+b21NQ1kKdUtHQU5qUHlLd1ZwNWxpZ1Y2ZVN0NVZVdXlvVUkwdEdPbkdPU0UvcTB0
+MAotPiBzc2gtZWQyNTUxOSBsR3FWWmcgbE1KaFR5TmFnb1BKb3lKek5DdVNjZVk4
+cmF4UjRpTDU4WFJVU21penlHMApUM0YwSnU0cVhVUS85ekpzT2Y1N3Q0Y1p6THZo
+OE5hQWZYYVVEREg1a2d3Ci0+IHNzaC1lZDI1NTE5IENTTXloZyBRL2t4d0ZvNmxm
+K2tDOS82WEZOZGxXa3RGdkZKSFliS0JzOEZiK3JqY0EwCm13N1VhMUIyK1VuZm5l
+TjV5bDdLYXRDWGF6eDVOQ21zTTVLQ2hIem1vT3cKLT4gM18/Lnp8SS1ncmVhc2Ug
+bmV+X24tbkogV3plb14KcEh4alk2V3U3ZitUZ3ZsTzJTbDdvb1VuM3JlL0FCZVl3
+bTNCSDdkOVJTWDZMSGNqM200eEd6OWg0TS9VRWhYSwpIYlVEY1FWeTR4b25zTDZp
+Uk1NCi0tLSBqOGFrOEVmbTY0N3pCM0kzVExBcXdYam85WVpGZXZVUk1YMU9pSTdD
+NjhBCmMGbE45ce2jAoYuG+L27X0LDsJxOrydZqA/lZ9I21J+9LTIpLIDiMlr/n7C
+FNOW39bbaPudck8b0THImIsuu+ylzMSpt3CVXdZIzaB4hRKctLRv4zRL/UkbfMsl
+mPFcdxNPkqmZsABgTui6b5suxdB5aWFx4EYcDIAjokZFuLXHrbIYOYNWEWBA3tVn
+ji1n8aVPw1keln8qmzYJiL9bjGxq3KB7NJEhzGrqDVcn0koXpynSJxz+dlw6jmO4
+Nk+wych9gLOq6g9agDUXjpj4Q7l1cUmuAD+Xh5CPVJIV4xpjUDm+GCBLryFWcHdH
+XC1MEnr/x5OuX0/XcPL7pRXvOjxAPgjSn/omisZtFNhBKzmNZZG2XLReyDJttXQ6
+QoNXp8DhoaPBFES6fi6NvYE2KpjSoTjHFRuJuslpmPGPC3yOSXpJlwlUI9wC6TTh
+8rXYvb3mxT90KJK9SoKvSUFN5/63N15IzD8PFc1A5lP1MAL+pPUF3vX89mUGKB92
++8uKs5RqhOFJSgYSqmdC10TUdg61WTsXlivbue6l54v+rfIKxaNAzxxFEvkYWIwP
+Sl7tG7bwr+joqg2p4JnGc/nD4UU7zAwXIZGefmPMktpDple6JhsggvDy4FLebdpk
+NTjTSsYCWTLymXcW+K+syibVc3jH6RFLW9n9rVmsVDHxSXFDOcPEdjEOS2RMOMdB
+RdDJMfx330a6lXVjM1VhCotPnVQ9j51KjfIzsduXJ39xRremTGzEsbrY8a9dmVgO
+T2++xCPnuH8oGqt77AozSLCUKfh2fKrUQRkuROwjRgBsx0KB2W6+lY3hNZzgvUq2
+VLlZSLQApl1tR+bZE+OOZFOYw6s4CjEfBToL5ovwVIZFirLVHog1iWdDN5qc8MPy
+7Lr18UWWEFJ6ceaCZEaFLvOeNa36emIeqwReIkUG3IGlU6CMcbGsCpDVPKI2CKFB
+WRCuYFckOKcmmvlcHxdg46c18uwAHkSwVV6wEWPrw68jPTyYaYu7UEy4p0wVYhcS
+cOiGqb8Nkc+xkBwF7zyvkiDWx9yWSBwJHz6pLQJ2kg6W+IdIxEKgv/VrbpuzoyE9
+PJ4QVdz5/f4aGAmw/iSrIsl48gNoScUvxGZjrE0dqBj4yu+aEy7Xj8fST7XmyZgw
+DRcOPowQD5hxdtkG63uesZvFSlNNfouoR4klRPoCkJBHNRrtIsmaPJiw+WZgr3hj
+rf/MeswTbtwaFuCUM2AwrHCRTKqRenc5c9+jl7JNAB0sBnJhukumA4tK3v/8eXtK
+y8wGLyS6WAgK0pptoY7ntcz7djhlyYg=
 -----END AGE ENCRYPTED FILE-----