AZ-Intec-GmbH/AZ-NIX
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: + kestra for AZ-PRM-1

Browse Source
This commit is contained in:
sascha.koenig
2026-03-10 12:49:11 +01:00
parent e832ba3742
commit ad24a7a91c
11 changed files with 730 additions and 639 deletions
Download Patch File Download Diff File Expand all files Collapse all files

190
flake.nix
View File

@@ -178,96 +178,126 @@
}; };
}; };
homeConfigurations = { homeConfigurations = {
"logistik@AZPILOGISTIK01" = home-manager.lib.homeManagerConfiguration { "logistik@AZPILOGISTIK01" = let
pkgs = nixpkgs.legacyPackages."aarch64-linux"; system = "aarch64-linux";
extraSpecialArgs = { in
inherit inputs outputs; home-manager.lib.homeManagerConfiguration {
hostname = "AZPILOGISTIK01"; pkgs = nixpkgs.legacyPackages.${system};
username = "logistik"; extraSpecialArgs = {
inherit inputs outputs system;
hostname = "AZPILOGISTIK01";
username = "logistik";
};
modules = [./home/users/logistik/AZPILOGISTIK01.nix];
}; };
modules = [./home/users/logistik/AZPILOGISTIK01.nix]; "logistik@AZPILOGISTIK02" = let
}; system = "aarch64-linux";
"logistik@AZPILOGISTIK02" = home-manager.lib.homeManagerConfiguration { in
pkgs = nixpkgs.legacyPackages."aarch64-linux"; home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = { pkgs = nixpkgs.legacyPackages.${system};
inherit inputs outputs; extraSpecialArgs = {
hostname = "AZPILOGISTIK02"; inherit inputs outputs system;
username = "logistik"; hostname = "AZPILOGISTIK02";
username = "logistik";
};
modules = [./home/users/logistik/AZPILOGISTIK02.nix];
}; };
modules = [./home/users/logistik/AZPILOGISTIK02.nix]; "logistik@AZPILOGISTIK03" = let
}; system = "aarch64-linux";
"logistik@AZPILOGISTIK03" = home-manager.lib.homeManagerConfiguration { in
pkgs = nixpkgs.legacyPackages."aarch64-linux"; home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = { pkgs = nixpkgs.legacyPackages.${system};
inherit inputs outputs; extraSpecialArgs = {
hostname = "AZPILOGISTIK03"; inherit inputs outputs system;
username = "logistik"; hostname = "AZPILOGISTIK03";
username = "logistik";
};
modules = [./home/users/logistik/AZPILOGISTIK03.nix];
}; };
modules = [./home/users/logistik/AZPILOGISTIK03.nix]; "logistik@AZPILOGISTIK04" = let
}; system = "aarch64-linux";
"logistik@AZPILOGISTIK04" = home-manager.lib.homeManagerConfiguration { in
pkgs = nixpkgs.legacyPackages."aarch64-linux"; home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = { pkgs = nixpkgs.legacyPackages.${system};
inherit inputs outputs; extraSpecialArgs = {
hostname = "AZPILOGISTIK04"; inherit inputs outputs system;
username = "logistik"; hostname = "AZPILOGISTIK04";
username = "logistik";
};
modules = [./home/users/logistik/AZPILOGISTIK04.nix];
}; };
modules = [./home/users/logistik/AZPILOGISTIK04.nix]; "logistik@AZPILOGISTIK05" = let
}; system = "aarch64-linux";
"logistik@AZPILOGISTIK05" = home-manager.lib.homeManagerConfiguration { in
pkgs = nixpkgs.legacyPackages."aarch64-linux"; home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = { pkgs = nixpkgs.legacyPackages.${system};
inherit inputs outputs; extraSpecialArgs = {
hostname = "AZPILOGISTIK05"; inherit inputs outputs system;
username = "logistik"; hostname = "AZPILOGISTIK05";
username = "logistik";
};
modules = [./home/users/logistik/AZPILOGISTIK05.nix];
}; };
modules = [./home/users/logistik/AZPILOGISTIK05.nix]; "logistik@AZPILOGISTIKTEST" = let
}; system = "aarch64-linux";
"logistik@AZPILOGISTIKTEST" = home-manager.lib.homeManagerConfiguration { in
pkgs = nixpkgs.legacyPackages."aarch64-linux"; home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = { pkgs = nixpkgs.legacyPackages.${system};
inherit inputs outputs; extraSpecialArgs = {
hostname = "AZPILOGISTIKTEST"; inherit inputs outputs system;
username = "logistik"; hostname = "AZPILOGISTIKTEST";
username = "logistik";
};
modules = [./home/users/logistik/AZPILOGISTIKTEST.nix];
}; };
modules = [./home/users/logistik/AZPILOGISTIKTEST.nix]; "produktion@AZPIPRODUKTION01" = let
}; system = "aarch64-linux";
"produktion@AZPIPRODUKTION01" = home-manager.lib.homeManagerConfiguration { in
pkgs = nixpkgs.legacyPackages."aarch64-linux"; home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = { pkgs = nixpkgs.legacyPackages.${system};
inherit inputs outputs; extraSpecialArgs = {
hostname = "AZPIPRODUKTION01"; inherit inputs outputs system;
username = "produktion"; hostname = "AZPIPRODUKTION01";
username = "produktion";
};
modules = [./home/users/produktion/AZPIPRODUKTION01.nix];
}; };
modules = [./home/users/produktion/AZPIPRODUKTION01.nix]; "produktion@AZPIPRODUKTION02" = let
}; system = "aarch64-linux";
"produktion@AZPIPRODUKTION02" = home-manager.lib.homeManagerConfiguration { in
pkgs = nixpkgs.legacyPackages."aarch64-linux"; home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = { pkgs = nixpkgs.legacyPackages.${system};
inherit inputs outputs; extraSpecialArgs = {
hostname = "AZPIPRODUKTION02"; inherit inputs outputs system;
username = "produktion"; hostname = "AZPIPRODUKTION02";
username = "produktion";
};
modules = [./home/users/produktion/AZPIPRODUKTION02.nix];
}; };
modules = [./home/users/produktion/AZPIPRODUKTION02.nix]; "produktion@AZPIPRODUKTION03" = let
}; system = "aarch64-linux";
"produktion@AZPIPRODUKTION03" = home-manager.lib.homeManagerConfiguration { in
pkgs = nixpkgs.legacyPackages."aarch64-linux"; home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = { pkgs = nixpkgs.legacyPackages.${system};
inherit inputs outputs; extraSpecialArgs = {
hostname = "AZPIPRODUKTION03"; inherit inputs outputs system;
username = "produktion"; hostname = "AZPIPRODUKTION03";
username = "produktion";
};
modules = [./home/users/produktion/AZPIPRODUKTION03.nix];
}; };
modules = [./home/users/produktion/AZPIPRODUKTION03.nix]; "produktion@AZPIPRODUKTION04" = let
}; system = "aarch64-linux";
"produktion@AZPIPRODUKTION04" = home-manager.lib.homeManagerConfiguration { in
pkgs = nixpkgs.legacyPackages."aarch64-linux"; home-manager.lib.homeManagerConfiguration {
extraSpecialArgs = { pkgs = nixpkgs.legacyPackages.${system};
inherit inputs outputs; extraSpecialArgs = {
hostname = "AZPIPRODUKTION04"; inherit inputs outputs system;
username = "produktion"; hostname = "AZPIPRODUKTION04";
username = "produktion";
};
modules = [./home/users/produktion/AZPIPRODUKTION04.nix];
}; };
modules = [./home/users/produktion/AZPIPRODUKTION04.nix];
};
}; };
deploy.nodes = { deploy.nodes = {
AZ-CLD-1 = { AZ-CLD-1 = {

2
hosts/AZ-CLD-1/services/containers/librechat.nix
View File

@@ -73,7 +73,7 @@ in {
"librechat_uploads:/app/uploads" "librechat_uploads:/app/uploads"
"librechat_logs:/app/api/logs" "librechat_logs:/app/api/logs"
]; ];
extraOptions = ["--ip=10.89.0.23" "--network=web"]; extraOptions = ["--ip=10.89.0.23" "--network=web" "--dns=8.8.8.8" "--dns=8.8.4.4"];
}; };
}; };

2
hosts/AZ-CLD-1/services/containers/litellm.nix
View File

@@ -9,7 +9,7 @@
in { in {
virtualisation.oci-containers.containers.${serviceName} = { virtualisation.oci-containers.containers.${serviceName} = {
#image = "ghcr.io/berriai/litellm:v1.78.5-stable"; #image = "ghcr.io/berriai/litellm:v1.78.5-stable";
image = "docker.litellm.ai/berriai/litellm:v1.81.14-stable.gpt-5.4_patch"; image = "docker.litellm.ai/berriai/litellm:v1.81.14-stable";
ports = ["127.0.0.1:${toString servicePort}:4000"]; ports = ["127.0.0.1:${toString servicePort}:4000"];
environmentFiles = [config.age.secrets.litellm-env.path]; environmentFiles = [config.age.secrets.litellm-env.path];
environment = { environment = {

3
hosts/AZ-PRM-1/default.nix
View File

@@ -5,4 +5,7 @@
./secrets.nix ./secrets.nix
./services ./services
]; ];
extraServices = {
podman.enable = true;
};
} }

5
hosts/AZ-PRM-1/secrets.nix
View File

@@ -4,6 +4,11 @@
traefik-env = { traefik-env = {
file = ../../secrets/traefik-env.age; file = ../../secrets/traefik-env.age;
}; };
kestra-config = {
file = ../../secrets/kestra-config.age;
mode = "644";
};
kestra-env = {file = ../../secrets/kestra-env.age;};
n8n-env = { n8n-env = {
file = ../../secrets/n8n-env.age; file = ../../secrets/n8n-env.age;
}; };

2
hosts/AZ-PRM-1/services/containers/default.nix
View File

@@ -1,7 +1,7 @@
{lib, ...}: { {lib, ...}: {
imports = [ imports = [
#./baserow.nix #./baserow.nix
# ./kestra.nix ./kestra.nix
./stirling-pdf.nix ./stirling-pdf.nix
]; ];
system.activationScripts.createPodmanNetworkWeb = lib.mkAfter '' system.activationScripts.createPodmanNetworkWeb = lib.mkAfter ''

18
hosts/AZ-PRM-1/services/containers/kestra.nix
View File

@@ -1,12 +1,20 @@
{config, ...}: { {
virtualisation.oci-containers.containers."kestra" = { config,
lib,
...
}: let
serviceName = "kestra";
portUtils = import ../../../../lib/port-utils.nix {inherit lib;};
servicePort = portUtils.getPort serviceName "AZ-CLD-1";
in {
virtualisation.oci-containers.containers."${serviceName}" = {
image = "docker.io/kestra/kestra:latest"; image = "docker.io/kestra/kestra:latest";
environmentFiles = [config.age.secrets.kestra-env.path]; environmentFiles = [config.age.secrets.kestra-env.path];
cmd = ["server" "standalone" "--config" "/etc/config/application.yaml"]; cmd = ["server" "standalone" "--config" "/etc/config/application.yaml"];
ports = ["127.0.0.1:3031:8080"]; ports = ["127.0.0.1:${toString servicePort}:8080"];
user = "root"; user = "root";
volumes = [ volumes = [
"/var/run/docker.sock:/var/run/docker.sock" "/var/run/podman/podman.sock:/var/run/docker.sock"
"${config.age.secrets.kestra-config.path}:/etc/config/application.yaml" "${config.age.secrets.kestra-config.path}:/etc/config/application.yaml"
"kestra_data:/app/storage" "kestra_data:/app/storage"
"/tmp/kestra-wd:/tmp/kestra-wd" "/tmp/kestra-wd:/tmp/kestra-wd"
@@ -20,7 +28,7 @@
# Traefik configuration specific to littlelink # Traefik configuration specific to littlelink
services.traefik.dynamicConfigOptions.http = { services.traefik.dynamicConfigOptions.http = {
services.kestra.loadBalancer.servers = [{url = "http://localhost:3031/";}]; services.kestra.loadBalancer.servers = [{url = "http://localhost:${toString servicePort}/";}];
routers.kestra = { routers.kestra = {
rule = "Host(`k.l.az-gruppe.com`)"; rule = "Host(`k.l.az-gruppe.com`)";

3
secrets.nix
View File

@@ -16,7 +16,8 @@ in {
"secrets/traefik-env.age".publicKeys = systems ++ users; "secrets/traefik-env.age".publicKeys = systems ++ users;
"secrets/baserow-db.age".publicKeys = systems ++ users; "secrets/baserow-db.age".publicKeys = systems ++ users;
"secrets/baserow-env.age".publicKeys = systems ++ users; "secrets/baserow-env.age".publicKeys = systems ++ users;
"secrets/kestra-db.age".publicKeys = systems ++ users; "secrets/kestra-env.age".publicKeys = systems ++ users;
"secrets/kestra-config.age".publicKeys = systems ++ users;
"secrets/librechat-env.age".publicKeys = systems ++ users; "secrets/librechat-env.age".publicKeys = systems ++ users;
"secrets/librechat.age".publicKeys = systems ++ users; "secrets/librechat.age".publicKeys = systems ++ users;
"secrets/librechat-env-prod.age".publicKeys = systems ++ users; "secrets/librechat-env-prod.age".publicKeys = systems ++ users;

26
secrets/kestra-config.age Normal file
View File

@@ -0,0 +1,26 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyB4TWJl
YUhxeXRVMDF5MnNMK1hQOTA2MFB1OWRCdjAzZ0ZSaWI3UGV6MHdvCjBlNTNRMVBB
cU0xZThjTUJvM0lOUGxMRUhiUUxrZXhKNzlRUmdMajQxbW8KLT4gc3NoLWVkMjU1
MTkgU3JIYXFBIE1BOCtTbGlmQXplU2pSSjBxUFQwMGlZbWJiMDR3cTFCaGRDNllj
ejU0ajQKRW9RWXVKc055QXlHemlaaU40ck9vS1Y2ckdPRENSdmZEd2hYQW9SbFFp
WQotPiBzc2gtZWQyNTUxOSBsR3FWWmcgNExQT2gyaU1xNStxZ21XVS9QMjRCR2FM
bWRWVjlHSVJlQXE3S2dEZVBFOApsdlE3a3ZZWDhGQ29QaG1CQ0VjYVRHMXFtbkJS
amlveTZTRE5tOXR6b2NZCi0+IHNzaC1lZDI1NTE5IENTTXloZyBjNXNOaW82VzY5
S1JOa2hLck9WamxXcEU3anYzM0Jwb290emRCVDUwaTFjCjNZN3NVNmNySWJXTzRi
bmhPTE1ic2hETTlVdDdRYmViRkpDYUwxNDllWFkKLT4gOy0tZ3JlYXNlIDRLPiFT
UCFVIEtibUYoIH5CdyBpLSU+VSEKMWFVRUI1eUlsQ1huRVkyUTFyYTdSSmFMN0xN
NEZnCi0tLSAxcWxjdXZSRWlQZGZtUzcxZkR2L0phcUNtRG1JQzZSalZDSzRoS05s
RkVVCh/SZUhAjpHGjXnnkPmXn7qcYbwXczOrA1z4GN81ntshqzoszx2WyDk7Wfgr
BjlHy/Jn3M8s5im+JfE5BS4PuhAjZDKIBXGlghEsvJVIyt5jZvJDdYp3wdu9+IAT
Y9qzT0De8xFQYg76hUf0RhoXyRMzgP0rImFcCdvMPdMnMD4Ea518Zex01DiexNEB
OtUBbo98spOBr6Ih1HN7thXvSrCA9g6VtNEm3WJWXGSWOQiFboVLh1Ds0WUFHkow
96Ip5TgliBdAZSrt6YWlcxDccjsMDwZ5an8l5QjqNNvFP1tdV/JwZ/vKfLsxp1le
1OujlZJUmOFYxyOnzggTesInvBvL6Fjku5xLFM+jKKuII35XSXzMWGQ7ekpYxMQ/
qDkHqmIZJFniU/13Tc2J2aVMo1ugWG3qKU7Xr31c+OTzH727Qec8xCkx9zllMwKE
H2AhVbWL+3j8aeeOU7mNyDnL0hU7pyfvb2Ni0xUaUyHUfFtz8jDKU3BYMiVxQlR0
NJSwrEdo9ncU2994AwNYwhCAVvNAt7DclaoxakD0hpWOfk7bOjvGTt2tIIdauenK
lhYqmsZCs5zv6EH9QneNxKsLwIu0xnSIGigllntYyqbk14XSciWCfmPgWLZ+1uRW
yNZhxNPID7NvhCreVSqgcz2qhk2vYwNG8+yY2Hq6Y3KEp0Wk8dJc7WW8S/4/y1dA
/XCEhQ/+6zAH8h1EzqMkNnmHDxWXwRGmCTE=
-----END AGE ENCRYPTED FILE-----

16
secrets/kestra-env.age Normal file
View File

@@ -0,0 +1,16 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpoVnNlZyBjdmNT
bnJScmdlUUZPZSsvdmd2eFJZZEswcjdITDNPeU5zS092OVMyamlZCnNLYi83TFhK
YUhDaWlxL2REejNSdDllZVdmNFR5eXVWWlhVVnlIZ2QydEUKLT4gc3NoLWVkMjU1
MTkgU3JIYXFBIHBvUTJiZytRbGdJUkRzYm5YbFQ0bEJXaytaU2h1NkJTS2ltWXFw
dnFQaFUKSUdpU3hqTjZCTG5qRGpmcjNqaWMzSUoxRTNGY1JNYlJnUXV1TVBqMFF1
dwotPiBzc2gtZWQyNTUxOSBsR3FWWmcgK0o0YkptWkRUeWo1ZndudFpMVlJGZjNZ
UWVMNG5nMUJZU0NqYmpjcSszawo5TVViZ09heVl2bVBRWElxOXVOL1NsOFlZRS9q
TlpGZ25PZ3luZ2UvNm1rCi0+IHNzaC1lZDI1NTE5IENTTXloZyBTY0x5WEZLQnZk
KzFUVVV3UnFYU3AzRU44NXZibWJsTUk2Z0t6MU5CVkZFCjhiSE9taHdiV3prNUpC
OWZqK2RZVUJZZkxYMjlYRTVkZDYzdmRqaTU1U0kKLT4gbC9qNi4yQyktZ3JlYXNl
IHt0LQo2eUpaZ3RwZUEzVjk1Y3hFa1ZPdHVacHdvL3V0WVRUSFZyVndUU1o1REto
NWlxZWNOcWMxU0srQjg3cFQvVTh0CnkyRFhUMEtmQkRCcmgxWjdaSmlDZVRDUmJJ
ZjZlRkVPc0NTZgotLS0gR01PeFhpNW5EbExTT2pyeWFvelZ1SEEzazYybjd1b0dm
K0hyVVNFZGF3OAp3+MW8cSEB7t8dq6oHBdvo/1iVRmKrN64bdO0mxpLkbA==
-----END AGE ENCRYPTED FILE-----

1102
secrets/librechat-env.age
View File

File diff suppressed because it is too large Load Diff