AZ-Intec-GmbH/AZ-NIX
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

flake update

Browse Source
This commit is contained in:
sascha.koenig
2026-03-24 04:55:43 +01:00
parent 60fbc75d5e
commit 745f85e8b8
18 changed files with 273 additions and 169 deletions
Download Patch File Download Diff File Expand all files Collapse all files

102
flake.lock generated
View File

@@ -24,11 +24,11 @@
"agents": { "agents": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1773479083, "lastModified": 1773654477,
"narHash": "sha256-qwope4VrtrMsebTjyqhiwO6NxZ4t8kk+65K8y41ada0=", "narHash": "sha256-de+B85eBY2SyT0uPLlVxKCy6lsKYXhtA2mo2zO6MXlg=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "8bcb5e11fbfeb4c00b81358163162324d0893ff8", "rev": "a4ae041e1d2343000da7b7098195f166b58c0d11",
"revCount": 64, "revCount": 65,
"type": "git", "type": "git",
"url": "https://code.m3ta.dev/m3tam3re/AGENTS" "url": "https://code.m3ta.dev/m3tam3re/AGENTS"
}, },
@@ -236,11 +236,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773025010, "lastModified": 1773889306,
"narHash": "sha256-khlHllTsovXgT2GZ0WxT4+RvuMjNeR5OW0UYeEHPYQo=", "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "7b9f7f88ab3b339f8142dc246445abb3c370d3d3", "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -417,11 +417,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773179137, "lastModified": 1774210133,
"narHash": "sha256-EdW2bwzlfme0vbMOcStnNmKlOAA05Bp6su2O8VLGT0k=", "narHash": "sha256-yeiWCY9aAUUJ3ebMVjs0UZXRnT5x90MCtpbpOWiXrvM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3f98e2bbc661ec0aaf558d8a283d6955f05f1d09", "rev": "c6fe2944ad9f2444b2d767c4a5edee7c166e8a95",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -438,11 +438,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772985280, "lastModified": 1773963144,
"narHash": "sha256-FdrNykOoY9VStevU4zjSUdvsL9SzJTcXt4omdEDZDLk=", "narHash": "sha256-WzBOBfSay3GYilUfKaUa1Mbf8/jtuAiJIedx7fWuIX4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "8f736f007139d7f70752657dff6a401a585d6cbc", "rev": "a91b3ea73a765614d90360580b689c48102d1d33",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -492,11 +492,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1773631298, "lastModified": 1774237443,
"narHash": "sha256-ayzlBBwiXP30BiI+T4POukapy+x0TG7MVsWbTIfUDac=", "narHash": "sha256-4h/vWMOCvd0s5WK7DONqlljImbbKG55gmnVfBcxcFoY=",
"owner": "numtide", "owner": "numtide",
"repo": "llm-agents.nix", "repo": "llm-agents.nix",
"rev": "49964b8b4efa9ed7ffab7cbd63497ab029bdfc82", "rev": "d17f058f96e7993b50879e871a742b3ed9a5f429",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -513,11 +513,11 @@
"openspec": "openspec" "openspec": "openspec"
}, },
"locked": { "locked": {
"lastModified": 1773151265, "lastModified": 1774231264,
"narHash": "sha256-XzPR+if4vsckxPD6SYeMPQcfOy+M0V0YofnseC8/ZC8=", "narHash": "sha256-Igcbq2IHBn+ZthttcFBI2/H8H8zh6pOJOG5LkPbmHYA=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "29d1cdf894841101ee84e038bff7b3e8531fba1c", "rev": "99d281fd4f5d5deb2487761194b4926b59e8d6cd",
"revCount": 163, "revCount": 185,
"type": "git", "type": "git",
"url": "https://code.m3ta.dev/m3tam3re/nixpkgs" "url": "https://code.m3ta.dev/m3tam3re/nixpkgs"
}, },
@@ -556,11 +556,11 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1773201098, "lastModified": 1774237443,
"narHash": "sha256-yq35qMKDHyMdVlhGfR5BojbjniY2cY9XYmiILeCf1Xc=", "narHash": "sha256-4h/vWMOCvd0s5WK7DONqlljImbbKG55gmnVfBcxcFoY=",
"owner": "numtide", "owner": "numtide",
"repo": "nix-ai-tools", "repo": "nix-ai-tools",
"rev": "8578734bf5087a1ca45033c2ec8e1a2228f9b95c", "rev": "d17f058f96e7993b50879e871a742b3ed9a5f429",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -710,11 +710,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1773150927, "lastModified": 1774230720,
"narHash": "sha256-0Js8/ZxXH575nfmUENgX2JlFY6GrXjFTlQT81mfN1bQ=", "narHash": "sha256-cFg5kIiLTt9mRjZuc6cu7W5ClVIyAgrtKEHGUwFaSKc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2d82c4ce7238cc3e5bf80ba48894185ea3947615", "rev": "127473ff3102f1d1c4804b54dc557a6a01d26a68",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -742,11 +742,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1772963539, "lastModified": 1773821835,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d", "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -774,11 +774,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1773507054, "lastModified": 1773840656,
"narHash": "sha256-Q8U5VXgrcxmCxPtCCJCIZkcAX3FCZwGh1GNVIXxMND0=", "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e80236013dc8b77aa49ca90e7a12d86f5d8d64c9", "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -790,11 +790,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1772963539, "lastModified": 1773821835,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d", "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -806,11 +806,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1772956932, "lastModified": 1773840656,
"narHash": "sha256-M0yS4AafhKxPPmOHGqIV0iKxgNO8bHDWdl1kOwGBwRY=", "narHash": "sha256-9tpvMGFteZnd3gRQZFlRCohVpqooygFuy9yjuyRL2C0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "608d0cadfed240589a7eea422407a547ad626a14", "rev": "9cf7092bdd603554bd8b63c216e8943cf9b12512",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -822,11 +822,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1773068389, "lastModified": 1773964973,
"narHash": "sha256-vMrm7Pk2hjBRPnCSjhq1pH0bg350Z+pXhqZ9ICiqqCs=", "narHash": "sha256-NV/J+tTER0P5iJhUDL/8HO5MDjDceLQPRUYgdmy5wXw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "44bae273f9f82d480273bab26f5c50de3724f52f", "rev": "812b3986fd1568f7a858f97fcf425ad996ba7d25",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -876,11 +876,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773206216, "lastModified": 1774243438,
"narHash": "sha256-zODqMIuMUDYHxHCKtKyUL7qckWX+ggbaCpQVBQKMMOI=", "narHash": "sha256-mllIhgQyvjSWm9rMiX4gTGNGjkUbdcGcHeZeI8hO3cE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "90f69edef312092455879bb82faf8feb1be44297", "rev": "fcb9e000f223397217a86394a9284132ea873c1d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -897,16 +897,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1773072574, "lastModified": 1774222321,
"narHash": "sha256-smGIc6lYWSjfmGAikoYpP7GbB6mWacrPWrRtp/+HJ3E=", "narHash": "sha256-JQsccVflS/GAjzguvZTLn7UH7tsou8yCSlaA48DVY10=",
"owner": "anomalyco", "owner": "anomalyco",
"repo": "opencode", "repo": "opencode",
"rev": "c6262f9d4002d86a1f1795c306aa329d45361d12", "rev": "eb3bfffad453f1c8c3f0f92bba0d8e34c83fa244",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "anomalyco", "owner": "anomalyco",
"ref": "v1.2.24", "ref": "v1.3.0",
"repo": "opencode", "repo": "opencode",
"type": "github" "type": "github"
} }
@@ -1078,11 +1078,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1772660329, "lastModified": 1773297127,
"narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "3710e0e1218041bbad640352a0440114b1e10428", "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016",
"type": "github" "type": "github"
}, },
"original": { "original": {

13
home/features/cli/default.nix
View File

@@ -6,6 +6,7 @@
./nushell.nix ./nushell.nix
./secrets.nix ./secrets.nix
./starship.nix ./starship.nix
./television.nix
./zellij.nix ./zellij.nix
]; ];
@@ -23,6 +24,12 @@
enableBashIntegration = true; enableBashIntegration = true;
}; };
programs.nix-index = {
enable = true;
enableBashIntegration = true;
enableNushellIntegration = true;
};
programs.zoxide = { programs.zoxide = {
enable = true; enable = true;
enableFishIntegration = true; enableFishIntegration = true;
@@ -89,9 +96,9 @@
nushellPlugins.skim nushellPlugins.skim
progress progress
ripgrep ripgrep
rocmPackages.rocm-smi # rocmPackages.rocm-smi
rocmPackages.rocminfo # rocmPackages.rocminfo
rocmPackages.rocm-runtime # rocmPackages.rocm-runtime
tldr tldr
pomodoro-timer pomodoro-timer
trash-cli trash-cli

90
home/features/cli/nushell.nix
View File

@@ -27,8 +27,19 @@ in {
$env.SSH_AUTH_SOCK = "/run/user/1000/gnupg/S.gpg-agent.ssh" $env.SSH_AUTH_SOCK = "/run/user/1000/gnupg/S.gpg-agent.ssh"
$env.PATH = ($env.PATH | split row (char esep) | append "/home/sascha.koenig/.cache/.bun/bin" | uniq) $env.PATH = ($env.PATH | split row (char esep) | append "/home/sascha.koenig/.cache/.bun/bin" | uniq)
$env.FLAKE = $"($env.HOME)/p/NIX/nixos-config" $env.FLAKE = $"($env.HOME)/p/NIX/nixos-config"
#source /run/agenix/${config.home.username}-secrets
# Load kestractl-env from agenix
if ("/run/agenix/kestractl-env" | path exists) {
open /run/agenix/kestractl-env
| lines
| where {($in | str trim | str length) > 0}
| parse "{key}={value}"
| update value {str trim -c '"'}
| transpose -r -d
| load-env
}
''; '';
# if (tty) == "/dev/tty1" { # if (tty) == "/dev/tty1" {
# exec uwsm start -S -F /run/current-system/sw/bin/Hyprland # exec uwsm start -S -F /run/current-system/sw/bin/Hyprland
# } # }
@@ -67,80 +78,9 @@ in {
alias vi = nvim alias vi = nvim
alias vim = nvim alias vim = nvim
def history_fuzzy [] { if (which tv | is-not-empty) {
let selected = ( mkdir ($nu.data-dir | path join "vendor/autoload")
history tv init nu | save -f ($nu.data-dir | path join "vendor/autoload/tv.nu")
| reverse
| get command
| uniq
| to text
| ^fzf
)
if ($selected | is-not-empty) {
commandline edit ($selected)
} else {
null
}
}
def --env dir_fuzzy [] {
let selected = (
fd --type directory
| ^fzf
)
cd $selected
}
def find_fuzzy [] {
# Find non-hidden text files with matches for any content and select one via fuzzy search
let selected = (
^fd --type file --no-hidden -X rg -l --files-with-matches .
| lines
| to text
| ^fzf
)
if ($selected | is-not-empty) {
^$env.EDITOR $selected
}
}
$env.config = {
keybindings: [
{
name: history_fuzzy
modifier: control
keycode: char_r
mode: [emacs, vi_insert, vi_normal]
event: [
{
send: executehostcommand
cmd: "history_fuzzy"
}
]
}
{
name: dir_fuzzy
modifier: alt
keycode: char_c
mode: [emacs, vi_insert, vi_normal]
event: [
{
send: executehostcommand
cmd: "dir_fuzzy"
}
]
}
{
name: history_fuzzy
modifier: control
keycode: char_t
mode: [emacs, vi_insert, vi_normal]
event: [
{
send: executehostcommand
cmd: "find_fuzzy"
}
]
}
]
} }
''; '';
}; };

64
home/features/cli/television.nix Normal file
View File

@@ -0,0 +1,64 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.television;
in {
options.features.cli.television.enable = mkEnableOption "enable nitch";
config = mkIf cfg.enable {
programs.television = {
enable = true;
channels = {
tldr = {
metadata = {
description = "Browse TLDR pages";
name = "tldr";
requirements = [
"tldr"
];
};
preview = {
command = "tldr '{}'";
};
source = {
command = "tldr --list";
};
};
git-diff = {
metadata = {
description = "A channel to select files from git diff commands";
name = "git-diff";
requirements = [
"git"
];
};
preview = {
command = "git diff HEAD --color=always -- '{}'";
};
source = {
command = "git diff --name-only HEAD";
};
};
git-log = {
metadata = {
description = "A channel to select from git log entries";
name = "git-log";
requirements = [
"git"
];
};
preview = {
command = "git show -p --stat --pretty=fuller --color=always '{0}'";
};
source = {
command = "git log --oneline --date=short --pretty=\"format:%h %s %an %cd\" \"$@\"";
output = "{split: :0}";
};
};
};
};
};
}

1
home/features/coding/default.nix
View File

@@ -40,6 +40,7 @@
bc bc
bun bun
devpod devpod
kestractl
kitty kitty
#devpod-desktop #devpod-desktop
(python3.withPackages (ps: (python3.withPackages (ps:

34
home/features/coding/opencode.nix
View File

@@ -51,6 +51,19 @@
output = 128000; output = 128000;
}; };
}; };
"claude-haiku-4-5" = {
name = "Claude Haiku 4.5";
options = {
thinking = {
type = "enabled";
budget_tokens = 16000;
};
};
limit = {
context = 200000;
output = 64000;
};
};
"claude-sonnet-4-6" = { "claude-sonnet-4-6" = {
name = "Claude Sonnet 4.6"; name = "Claude Sonnet 4.6";
options = { options = {
@@ -97,22 +110,22 @@
model = "litellm/claude-sonnet-4-6"; model = "litellm/claude-sonnet-4-6";
}; };
explore = { explore = {
model = "zai-coding-plan/glm-4.5-air"; model = "litellm/claude-haiku-4-5";
}; };
multimodal-looker = { multimodal-looker = {
model = "zai-coding-plan/glm-4.6v"; model = "litellm/gpt-5.3-codex";
}; };
prometheus = { prometheus = {
model = "litellm/claude-opus-4-6"; model = "litellm/claude-opus-4-6";
}; };
metis = { metis = {
model = "zai-coding-plan/glm-5"; model = "litellm/claude-opus-4-6";
}; };
momus = { momus = {
model = "zai-coding-plan/glm-5"; model = "litellm/claude-opus-4-6";
}; };
atlas = { atlas = {
model = "zai-coding-plan/glm-5"; model = "litellm/claude-sonnet-4-6";
}; };
}; };
categories = { categories = {
@@ -120,19 +133,22 @@
model = "zai-coding-plan/glm-5"; model = "zai-coding-plan/glm-5";
}; };
ultrabrain = { ultrabrain = {
model = "litellm/gpt-5.3-codex"; model = "litellm/claude-opus-4-6";
};
deep = {
model = "litellm/claude-sonnet-4-6";
}; };
artistry = { artistry = {
model = "zai-coding-plan/glm-5"; model = "zai-coding-plan/glm-5";
}; };
quick = { quick = {
model = "zai-coding-plan/glm-5"; model = "litellm/claude-haiku-4-5";
}; };
unspecified-low = { unspecified-low = {
model = "zai-coding-plan/glm-5"; model = "litellm/claude-sonnet-4-6";
}; };
unspecified-high = { unspecified-high = {
model = "zai-coding-plan/glm-5"; model = "litellm/claude-opus-4-6";
}; };
writing = { writing = {
model = "zai-coding-plan/glm-5"; model = "zai-coding-plan/glm-5";

1
home/features/desktop/media.nix
View File

@@ -17,7 +17,6 @@ in {
# makemkv # makemkv
# mediainfo # mediainfo
amf amf
blueberry
ffmpeg_6-full ffmpeg_6-full
gst_all_1.gstreamer gst_all_1.gstreamer
gst_all_1.gst-vaapi gst_all_1.gst-vaapi

1
home/users/sascha.koenig/AZ-PRM-1.nix
View File

@@ -2,6 +2,7 @@
imports = [ imports = [
./home.nix ./home.nix
../../common ../../common
../../features/cli
../../features/cli/fish.nix ../../features/cli/fish.nix
../../features/cli/fzf.nix ../../features/cli/fzf.nix
../../features/cli/nushell.nix ../../features/cli/nushell.nix

1
home/users/sascha.koenig/AZLT124-L.nix
View File

@@ -60,6 +60,7 @@ in {
nitch.enable = true; nitch.enable = true;
secrets.enable = true; secrets.enable = true;
starship.enable = true; starship.enable = true;
television.enable = true;
}; };
desktop = { desktop = {
coding.enable = true; coding.enable = true;

27
hosts/AZ-CLD-1/services/postgres.nix
View File

@@ -76,12 +76,25 @@
CREATE DATABASE zammad-hr; CREATE DATABASE zammad-hr;
ALTER DATABASE zammad-hr OWNER to zammad-hr; ALTER DATABASE zammad-hr OWNER to zammad-hr;
ALTER DATABASE zammad-hr CONNECTION LIMIT 50; ALTER DATABASE zammad-hr CONNECTION LIMIT 50;
-- Group roles (NOLOGIN, for permission management)
CREATE ROLE admin NOLOGIN;
CREATE ROLE dba NOLOGIN;
-- Personal login roles
CREATE USER sascha_koenig WITH ENCRYPTED PASSWORD 'sascha_koenig';
GRANT admin TO sascha_koenig;
CREATE USER jannik_mueller WITH ENCRYPTED PASSWORD 'jannik_mueller';
GRANT admin TO jannik_mueller;
''; '';
authentication = pkgs.lib.mkOverride 10 '' authentication = pkgs.lib.mkOverride 10 ''
# Local connections (Unix socket) # Local connections (Unix socket)
local all postgres peer local all postgres peer
local all sascha_koenig scram-sha-256
local all jannik_mueller scram-sha-256
local az_test az_test scram-sha-256 local az_test az_test scram-sha-256
local metabase metabase scram-sha-256 local metabase,az_kpi_raw metabase scram-sha-256
local n8n n8n scram-sha-256 local n8n n8n scram-sha-256
local outline outline scram-sha-256 local outline outline scram-sha-256
local vaultwarden vaultwarden scram-sha-256 local vaultwarden vaultwarden scram-sha-256
@@ -91,14 +104,20 @@
host all postgres 127.0.0.1/32 scram-sha-256 host all postgres 127.0.0.1/32 scram-sha-256
host all postgres ::1/128 scram-sha-256 host all postgres ::1/128 scram-sha-256
host all sascha_koenig 127.0.0.1/32 scram-sha-256
host all sascha_koenig ::1/128 scram-sha-256
host all jannik_mueller 127.0.0.1/32 scram-sha-256
host all jannik_mueller ::1/128 scram-sha-256
host az_test az_test 127.0.0.1/32 scram-sha-256 host az_test az_test 127.0.0.1/32 scram-sha-256
host az_test az_test ::1/128 scram-sha-256 host az_test az_test ::1/128 scram-sha-256
host outline outline 127.0.0.1/32 scram-sha-256 host outline outline 127.0.0.1/32 scram-sha-256
host outline outline ::1/128 scram-sha-256 host outline outline ::1/128 scram-sha-256
host metabase metabase 127.0.0.1/32 scram-sha-256 host metabase,az_kpi_raw metabase 127.0.0.1/32 scram-sha-256
host metabase metabase ::1/128 scram-sha-256 host metabase,az_kpi_raw metabase ::1/128 scram-sha-256
host n8n n8n 127.0.0.1/32 scram-sha-256 host n8n n8n 127.0.0.1/32 scram-sha-256
host n8n n8n ::1/128 scram-sha-256 host n8n n8n ::1/128 scram-sha-256
@@ -131,7 +150,7 @@
services.postgresqlBackup = { services.postgresqlBackup = {
enable = true; enable = true;
startAt = "03:10:00"; startAt = "03:10:00";
databases = ["baserow" "kestra" "librechat_rag" "litellm" "metabase" "n8n" "outline" "vaultwarden" "zammad" "zammad_hr"]; databases = ["az_kpi_raw" "baserow" "kestra" "librechat_rag" "litellm" "metabase" "n8n" "outline" "vaultwarden" "zammad" "zammad_hr"];
}; };
services.pgadmin = { services.pgadmin = {
enable = true; enable = true;

1
hosts/AZ-PRM-1/secrets.nix
View File

@@ -9,6 +9,7 @@
mode = "644"; mode = "644";
}; };
kestra-env = {file = ../../secrets/kestra-env.age;}; kestra-env = {file = ../../secrets/kestra-env.age;};
kestra-secrets = {file = ../../secrets/kestra-secrets.age;};
n8n-env = { n8n-env = {
file = ../../secrets/n8n-env-prm.age; file = ../../secrets/n8n-env-prm.age;
}; };

5
hosts/AZ-PRM-1/services/containers/kestra.nix
View File

@@ -9,7 +9,10 @@
in { in {
virtualisation.oci-containers.containers."${serviceName}" = { virtualisation.oci-containers.containers."${serviceName}" = {
image = "docker.io/kestra/kestra:latest"; image = "docker.io/kestra/kestra:latest";
environmentFiles = [config.age.secrets.kestra-env.path]; environmentFiles = [
config.age.secrets.kestra-env.path
config.age.secrets.kestra-secrets.path
];
cmd = ["server" "standalone" "--config" "/etc/config/application.yaml"]; cmd = ["server" "standalone" "--config" "/etc/config/application.yaml"];
ports = ["127.0.0.1:${toString servicePort}:8080"]; ports = ["127.0.0.1:${toString servicePort}:8080"];
user = "root"; user = "root";

1
hosts/AZ-PRM-1/services/postgres.nix
View File

@@ -49,7 +49,6 @@
host kestra kestra 10.89.0.0/24 scram-sha-256 host kestra kestra 10.89.0.0/24 scram-sha-256
# Deny all other connections # Deny all other connections
local all all reject
host all all 0.0.0.0/0 reject host all all 0.0.0.0/0 reject
host all all ::/0 reject host all all ::/0 reject
''; '';

4
hosts/AZLT124-L/secrets.nix
View File

@@ -13,6 +13,10 @@
file = ../../secrets/exa-key.age; file = ../../secrets/exa-key.age;
owner = "sascha.koenig"; owner = "sascha.koenig";
}; };
kestractl-env = {
file = ../../secrets/kestractl-env.age;
owner = "sascha.koenig";
};
}; };
}; };
} }

2
secrets.nix
View File

@@ -18,6 +18,8 @@ in {
"secrets/baserow-env.age".publicKeys = systems ++ users; "secrets/baserow-env.age".publicKeys = systems ++ users;
"secrets/kestra-env.age".publicKeys = systems ++ users; "secrets/kestra-env.age".publicKeys = systems ++ users;
"secrets/kestra-config.age".publicKeys = systems ++ users; "secrets/kestra-config.age".publicKeys = systems ++ users;
"secrets/kestra-secrets.age".publicKeys = systems ++ users;
"secrets/kestractl-env.age".publicKeys = systems ++ users;
"secrets/librechat-env.age".publicKeys = systems ++ users; "secrets/librechat-env.age".publicKeys = systems ++ users;
"secrets/librechat.age".publicKeys = systems ++ users; "secrets/librechat.age".publicKeys = systems ++ users;
"secrets/librechat-env-prod.age".publicKeys = systems ++ users; "secrets/librechat-env-prod.age".publicKeys = systems ++ users;

51
secrets/kestra-config.age
View File

@@ -1,26 +1,29 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyB4TWJl YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBRYXF4
YUhxeXRVMDF5MnNMK1hQOTA2MFB1OWRCdjAzZ0ZSaWI3UGV6MHdvCjBlNTNRMVBB cisrS0NGeHZIckRrV2FzNjA1Ym91Tk83czRUZVhXNkJseFJMYmc4CjJlUlRMcmFD
cU0xZThjTUJvM0lOUGxMRUhiUUxrZXhKNzlRUmdMajQxbW8KLT4gc3NoLWVkMjU1 TGxyZjRhd0RxRXQyRFZBZk5CT2VpczR4QTliQkh2R1pnZlkKLT4gc3NoLWVkMjU1
MTkgU3JIYXFBIE1BOCtTbGlmQXplU2pSSjBxUFQwMGlZbWJiMDR3cTFCaGRDNllj MTkgU3JIYXFBIEI4YitPTXB3VFp3SzByUStDTms5TitnQUx3aFdQY09rZmNzTjAz
ejU0ajQKRW9RWXVKc055QXlHemlaaU40ck9vS1Y2ckdPRENSdmZEd2hYQW9SbFFp SWJsV0UKc0t1YnRzVXFiZWZDRkJZd1Zld0ZMZE4zN2pJYXp2OGQzOW5BQ2htcG5r
WQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgNExQT2gyaU1xNStxZ21XVS9QMjRCR2FM UQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgS0hINXZOVWlGNzZRWUlBYVE3S0FMVXBs
bWRWVjlHSVJlQXE3S2dEZVBFOApsdlE3a3ZZWDhGQ29QaG1CQ0VjYVRHMXFtbkJS NXZGZTRDRXBuNGp3ejM4WnhEMApHZWZyT0ozZXU2WHNJMUcxUDBRZlFhU3g1RWI1
amlveTZTRE5tOXR6b2NZCi0+IHNzaC1lZDI1NTE5IENTTXloZyBjNXNOaW82VzY5 UVcrMlBUSjArSURWa0pjCi0+IHNzaC1lZDI1NTE5IENTTXloZyBhTE1oMmh2Smc0
S1JOa2hLck9WamxXcEU3anYzM0Jwb290emRCVDUwaTFjCjNZN3NVNmNySWJXTzRi RDM3T1B5UGhLeUVVZG9CclNoSGhQWGRXbVgrSnU2UURFCkhidDBoNTUrRXpzeGgr
bmhPTE1ic2hETTlVdDdRYmViRkpDYUwxNDllWFkKLT4gOy0tZ3JlYXNlIDRLPiFT T2VkRjZ5TGJaeWE1K2U4RjJKa3AzMVJSQ1ZjQ1EKLT4gcHxQJFotZ3JlYXNlClVP
UCFVIEtibUYoIH5CdyBpLSU+VSEKMWFVRUI1eUlsQ1huRVkyUTFyYTdSSmFMN0xN d09WTS9NR1htNzA2WFNnbUh2TGJWdVhVSUppMVZkcFNSQjJwazZtelpFNXhXZDBV
NEZnCi0tLSAxcWxjdXZSRWlQZGZtUzcxZkR2L0phcUNtRG1JQzZSalZDSzRoS05s MzVoQzJWWW5JVjhlYlYKb0NCNkl0YXA4WWZwZCszSVdWUXlKYzZQaXVTS3VDT2lC
RkVVCh/SZUhAjpHGjXnnkPmXn7qcYbwXczOrA1z4GN81ntshqzoszx2WyDk7Wfgr Tk5DS05idAotLS0gMmMzYU9uaGJJaUtzNlRNNExYUWFOQmZKcEwxZFpQZC8vTVJ1
BjlHy/Jn3M8s5im+JfE5BS4PuhAjZDKIBXGlghEsvJVIyt5jZvJDdYp3wdu9+IAT MDZ3TXNPYwrXl7PIzv7lRFfBOlmJ6i74CchhE9HAet4uB5NFOfDt3Q5BjCMd/lVD
Y9qzT0De8xFQYg76hUf0RhoXyRMzgP0rImFcCdvMPdMnMD4Ea518Zex01DiexNEB ZVENpsyjyxhI48gqLOEUAFn8UhOaxYcnu6F0f436Az5AiQfzvcmU4WKi6XRJ12qx
OtUBbo98spOBr6Ih1HN7thXvSrCA9g6VtNEm3WJWXGSWOQiFboVLh1Ds0WUFHkow 7jg0wi04xIqujcQNTSWG9mOJ9P/8VrlRJ5HRVo0gE8MaulBuxzmMFJr0ZSAtQXXO
96Ip5TgliBdAZSrt6YWlcxDccjsMDwZ5an8l5QjqNNvFP1tdV/JwZ/vKfLsxp1le DNLltwJ0r6Sy9yLeakDyAxSPOUZSH0B9VzWFmTUcboaWbbDSoy8+kSNpiue81O+i
1OujlZJUmOFYxyOnzggTesInvBvL6Fjku5xLFM+jKKuII35XSXzMWGQ7ekpYxMQ/ Wy6Dlpr2e0A2HJEmQHHE71Ur6Edpwl+xn3YJjYN4bqMO/KjbrXerT3/Z+gHItMWy
qDkHqmIZJFniU/13Tc2J2aVMo1ugWG3qKU7Xr31c+OTzH727Qec8xCkx9zllMwKE Z6QHxMDCw7o/iGhTTp9ALUfFG861x64z9YXoacX1jGLq/bs/3SXaCy/keXMd/y16
H2AhVbWL+3j8aeeOU7mNyDnL0hU7pyfvb2Ni0xUaUyHUfFtz8jDKU3BYMiVxQlR0 XPRm0P07Ux+wPKKKIyQ64hEemTj7c5KAlPnlrqvbaPCbx0/QONMZz4kXKFEgzXqi
NJSwrEdo9ncU2994AwNYwhCAVvNAt7DclaoxakD0hpWOfk7bOjvGTt2tIIdauenK B6wr4PnsGsDOKe32IysYraZ6MTyYrHX7/5udOy/YMwb6SiX7Fm5J+XgE2rH4XevA
lhYqmsZCs5zv6EH9QneNxKsLwIu0xnSIGigllntYyqbk14XSciWCfmPgWLZ+1uRW q2kn1UcXTglW5y2ot24HHasCh+bZLv8OiG19qQq3nC3PsYpWYT1lMcm64uBWbvZ7
yNZhxNPID7NvhCreVSqgcz2qhk2vYwNG8+yY2Hq6Y3KEp0Wk8dJc7WW8S/4/y1dA ejkWrwOZF5FnKEnaj/OKRg3EPSoOkovY12/2X6boehHUTGfga4jZDVvPLgOLwlfk
/XCEhQ/+6zAH8h1EzqMkNnmHDxWXwRGmCTE= 27VNDynyZot98qYquTcdVyVTNNWvOre53Zw9AM0+XwxcPAUWrFXE99cimoT3XQlp
c1V4G8xUgANT/Er32o3yhmItmnRrdtT4oIpqlVJEZ3ploYJKmbxVBnAvTzby88HG
I4vmrAaE0omIE/GQ1+cNONfk55Paezw+DM6LEGy/SW4OZamqpd5aIdYJDLSUe0wQ
+5xH8m1iszJm8s3f8ocw/dVGgK9M74k=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

25
secrets/kestra-secrets.age Normal file
View File

@@ -0,0 +1,25 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBkTmF6
THI0Q24yZVk3bDEvanlkVHdyTGhsNUwydmNFWlZDUTQ0dzlKV2d3Ckg4MFlNdTJl
Qks0YWNqa1N5UkdxV2hWTXljRkJHYnM1amk3SmNmdGp2WlEKLT4gc3NoLWVkMjU1
MTkgU3JIYXFBIGhOQk9JdmNLbFdLOHhxc3VkdW40bGY3YTNUOE1ya0V2b0g2Z2M4
YWh4R0UKNkRYSWIydk1Dc3gvTEZIaFlNWUxvYkJ3emgySkVVREdPdUp6cFFGYzg0
ZwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgSnBIRTUxeXE0ZWNSM0tpWmpCUWxZSDNB
T2VlMkMvTzIvNjdLMGVvYTIzQQp5US9TMzVteFZRZVdhVnFNekJ0MFBhcTBLYjZs
VFFvTlNGK0JSOGtDVDJrCi0+IHNzaC1lZDI1NTE5IENTTXloZyBmV1VGREp1MERB
Q0Z3ZitmTmwwTWxQRWdINmJ6YndaRWY0SDN3MHAzeW1BCmtjY1Rrb1hzMzRBVllh
UFdUWkRuZk1IcE5VcUNuVWpHaWhObU1MUnQvRVEKLT4gYWRZQi1ncmVhc2UKTjdU
TUh0T0JaUVBqRjl2SWp0L2FaRjU3MmVTVER6UFJQS2xTb2hDRG5YQjhSMlA3d3gz
VkoxRDFYd0wzRXFEZApNeGMKLS0tIE5XSGZ0SVZ3SE5yU2Q0cnFvUTNXNTdkUFpX
elhTcHIvVWtPWFRNQjV4RlEKcmO0w5CcHnC+UlfVyllEZVXUGBnIoVw8ROUw+zcn
5MmUfjUWSlVoMlsdIOYXHS62JVb6gsEatynUVe2YBx5elbR9CN+EmwaLcE7FnapF
7vmraVnIHAqDHA4buVhx+mzt9Qvs0VkG8jBdgm7t4/WQq8Lx+IyRWvaUsSymR2Ea
NwEyHQbWKcha/er15NY46+4Xac4RLDvj7GUZWYFgPtSxASNncDCRZDpBycG+Gm5i
V96X6i8GaqgHQnr2ra7FrmN4PGX2uyl9PjB7DhsAWByMZuKb8IWs9cTF05oO2ouN
nPA9C5PmIp+Wz2NNE8tVGMUJmXUXi47FOoiT8c6z9h+hamBs2gZqzc+pM7F09H6M
b0m3kOdZ2btvVtT6tww1596eViKVNXpuMEQGpLny92S3iq/jlBmLv+kyMinsNvAg
U9Q2HXrjd9FuKohe6WA95hugb4RcbXxbigFKiI/bH822UnQmb4v1UwkoYXwfp/UC
Bf6SD8ZSESqfqujJl+rW2LTryu84ntPrE8/WuHqriHcSAfHS2/lKTnZibx4Rt/Vb
21heAmMOMzrzlhbzFNwzmWUrMcyiqMHs4KRi8aJxv4IrTAkT1tiJGNP7SreBUOec
aWH5lKsjUbzdmRZrzY0=
-----END AGE ENCRYPTED FILE-----

19
secrets/kestractl-env.age Normal file
View File

@@ -0,0 +1,19 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBrRUFE
TjJybGM1YXhpbis3bUU0SVBsMGlIenFkNWpMUnhEMmlIK1pBc1VjCkkvT3IvN2VE
T21jb3lkUk1xUUZZaXBOYlFhYTRIMjlBS3NuQlA3VFFYSDQKLT4gc3NoLWVkMjU1
MTkgU3JIYXFBIHdmb2c0blErQ0k0cTlKVzRFRCtaOUxhZDhvckloUW9HVktqQU9O
ZjRzMDgKcG8zYUhQZnRCYTVJMHhzZm1RbkNoODFwSC90RnVuV2tXUXRRYzlYM28y
SQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgMzNyWUVuOTkwcDd5TmE2eXpXT0xQRkpk
VVFzaXdHdjg0R3BESTI2VGJ3MApkWk9mMVpydS9OU0NkcWVxNjcyaitzUzd0eGdZ
cDNnZzZtM3ZzSm85NjFJCi0+IHNzaC1lZDI1NTE5IENTTXloZyA5ak9RR1pZV1lX
M0NCTnZpTHRKYnZUcEdMU0J0SmxOZmlrcGN0eEVsdXhFCjNyZWdCK1dOSXVrTlNt
d2FJai8za2ZtS0FlUTZPRm40ZzVGdUwybTdiMjAKLT4gTy1ncmVhc2UgKVRVMlRz
eiBlRChgIyByJApIWko0SW5LM2k0VExKbCtaclpCUlBVOFdjcEY4NHhxNjhLSXpq
MWRRcGFzUFdUT3l4TTRrMGhJRzg5aVFrd1U1Cmc5QXFEVG9ubS83c1M5Z1ltaWIx
ekEKLS0tIG5FM0gxY0JpaHBIVjdack41TTYxb0N2OXhuSEJFamVGbXdvdVpLQUww
a1EK+4IOFlZ/BEmN5diOyV9hgLUfHf3SOijxq4Z0ctIAXuNZVXaSpP5mRXGb4q1D
xkk0MMF5F17yNnhLIM2Ca5PEH2chIb3yUhbdLJTiTtgyF3tEbo2YtAYXT90zKBB1
p9Zi6cxl63s4+yela7J5lXb8dPA2nCQA2obrB8wkexuYATF0KxNyX4vWK7Yj6DP9
rt0nxt5umpbBmqfSsuGd2cWg/RveqNDim+q+DVNO9fyhnsMs1e0Wv4f8Jg==
-----END AGE ENCRYPTED FILE-----