AZ-Intec-GmbH/AZ-NIX
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

flake update

Browse Source
This commit is contained in:
sascha.koenig
2026-03-24 04:55:43 +01:00
parent 60fbc75d5e
commit 745f85e8b8
18 changed files with 273 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
hosts/AZ-CLD-1/services/postgres.nix
View File

@@ -76,12 +76,25 @@
CREATE DATABASE zammad-hr;
ALTER DATABASE zammad-hr OWNER to zammad-hr;
ALTER DATABASE zammad-hr CONNECTION LIMIT 50;
-- Group roles (NOLOGIN, for permission management)
CREATE ROLE admin NOLOGIN;
CREATE ROLE dba NOLOGIN;
-- Personal login roles
CREATE USER sascha_koenig WITH ENCRYPTED PASSWORD 'sascha_koenig';
GRANT admin TO sascha_koenig;
CREATE USER jannik_mueller WITH ENCRYPTED PASSWORD 'jannik_mueller';
GRANT admin TO jannik_mueller;
'';
authentication = pkgs.lib.mkOverride 10 ''
# Local connections (Unix socket)
local all postgres peer
local all sascha_koenig scram-sha-256
local all jannik_mueller scram-sha-256
local az_test az_test scram-sha-256
local metabase metabase scram-sha-256
local metabase,az_kpi_raw metabase scram-sha-256
local n8n n8n scram-sha-256
local outline outline scram-sha-256
local vaultwarden vaultwarden scram-sha-256
@@ -91,14 +104,20 @@
host all postgres 127.0.0.1/32 scram-sha-256
host all postgres ::1/128 scram-sha-256
host all sascha_koenig 127.0.0.1/32 scram-sha-256
host all sascha_koenig ::1/128 scram-sha-256
host all jannik_mueller 127.0.0.1/32 scram-sha-256
host all jannik_mueller ::1/128 scram-sha-256
host az_test az_test 127.0.0.1/32 scram-sha-256
host az_test az_test ::1/128 scram-sha-256
host outline outline 127.0.0.1/32 scram-sha-256
host outline outline ::1/128 scram-sha-256
host metabase metabase 127.0.0.1/32 scram-sha-256
host metabase metabase ::1/128 scram-sha-256
host metabase,az_kpi_raw metabase 127.0.0.1/32 scram-sha-256
host metabase,az_kpi_raw metabase ::1/128 scram-sha-256
host n8n n8n 127.0.0.1/32 scram-sha-256
host n8n n8n ::1/128 scram-sha-256
@@ -131,7 +150,7 @@
services.postgresqlBackup = {
enable = true;
startAt = "03:10:00";
databases = ["baserow" "kestra" "librechat_rag" "litellm" "metabase" "n8n" "outline" "vaultwarden" "zammad" "zammad_hr"];
databases = ["az_kpi_raw" "baserow" "kestra" "librechat_rag" "litellm" "metabase" "n8n" "outline" "vaultwarden" "zammad" "zammad_hr"];
};
services.pgadmin = {
enable = true;

1
hosts/AZ-PRM-1/secrets.nix
View File

@@ -9,6 +9,7 @@
mode = "644";
};
kestra-env = {file = ../../secrets/kestra-env.age;};
kestra-secrets = {file = ../../secrets/kestra-secrets.age;};
n8n-env = {
file = ../../secrets/n8n-env-prm.age;
};

5
hosts/AZ-PRM-1/services/containers/kestra.nix
View File

@@ -9,7 +9,10 @@
in {
virtualisation.oci-containers.containers."${serviceName}" = {
image = "docker.io/kestra/kestra:latest";
environmentFiles = [config.age.secrets.kestra-env.path];
environmentFiles = [
config.age.secrets.kestra-env.path
config.age.secrets.kestra-secrets.path
];
cmd = ["server" "standalone" "--config" "/etc/config/application.yaml"];
ports = ["127.0.0.1:${toString servicePort}:8080"];
user = "root";

1
hosts/AZ-PRM-1/services/postgres.nix
View File

@@ -49,7 +49,6 @@
host kestra kestra 10.89.0.0/24 scram-sha-256
# Deny all other connections
local all all reject
host all all 0.0.0.0/0 reject
host all all ::/0 reject
'';

4
hosts/AZLT124-L/secrets.nix
View File

@@ -13,6 +13,10 @@
file = ../../secrets/exa-key.age;
owner = "sascha.koenig";
};
kestractl-env = {
file = ../../secrets/kestractl-env.age;
owner = "sascha.koenig";
};
};
};
}