feat: add postgres config for kestra_prm

2026-03-13 06:20:57 +01:00
parent a1d5947b98
commit 57bc3b9453
7 changed files with 97 additions and 38 deletions
--- a/hosts/AZ-CLD-1/services/containers/baserow.nix
+++ b/hosts/AZ-CLD-1/services/containers/baserow.nix
@@ -36,5 +36,22 @@ in {
      service = serviceName;
      entrypoints = "websecure";
    };
+
+    routers.azubi = {
+      rule = "Host(`azubi.az-gruppe.com`)";
+      tls = {
+        certResolver = "ionos";
+      };
+      service = serviceName;
+      entrypoints = "websecure";
+    };
+    routers.ausbilder = {
+      rule = "Host(`ausbilder.az-gruppe.com`)";
+      tls = {
+        certResolver = "ionos";
+      };
+      service = serviceName;
+      entrypoints = "websecure";
+    };
  };
 }
--- a/hosts/AZ-CLD-1/services/postgres.nix
+++ b/hosts/AZ-CLD-1/services/postgres.nix
@@ -119,6 +119,9 @@
      host    litellm             litellm             10.89.0.0/24       scram-sha-256
      host    netbird             netbird             10.89.0.0/24       scram-sha-256

+      # Netbird network connections
+      host    az_kpi_raw          kestra_prm          100.91.49.26/32    scram-sha-256
+
      # Deny all other connections
      local   all                 all                 reject
      host    all                 all                 0.0.0.0/0          reject
@@ -151,6 +154,7 @@
      iptables -A INPUT -p tcp -s 127.0.0.1 --dport 5432 -j ACCEPT
      iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport 5432 -j ACCEPT
      iptables -A INPUT -p tcp -s 10.89.1.0/24 --dport 5432 -j ACCEPT
+      iptables -A INPUT -p tcp -s 100.91.49.26/32 --dport 5432 -j ACCEPT
    '';
  };
 }
--- a/hosts/AZ-PRM-1/secrets.nix
+++ b/hosts/AZ-PRM-1/secrets.nix
@@ -10,7 +10,7 @@
      };
      kestra-env = {file = ../../secrets/kestra-env.age;};
      n8n-env = {
-        file = ../../secrets/n8n-env.age;
+        file = ../../secrets/n8n-env-prm.age;
      };
      pgadmin-pw = {
        file = ../../secrets/pgadmin-pw.age;