AZ-Intec-GmbH/AZ-NIX
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

+AZPILOGISTIK01

Browse Source
This commit is contained in:
sascha.koenig
2025-11-11 10:53:19 +01:00
parent 82ca6fbe98
commit bb66bcc2c5
8 changed files with 309 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/AZ-PRM-1/configuration.nix
View File

@@ -98,7 +98,7 @@
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 587 ];
networking.firewall.allowedTCPPorts = [587];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;

16
hosts/AZ-PRM-1/services/containers/kestra.nix
View File

@@ -1,9 +1,9 @@
{ config, ... }: {
{config, ...}: {
virtualisation.oci-containers.containers."kestra" = {
image = "docker.io/kestra/kestra:latest";
environmentFiles = [ config.age.secrets.kestra-env.path ];
cmd = [ "server" "standalone" "--config" "/etc/config/application.yaml"];
ports = [ "127.0.0.1:3031:8080" ];
environmentFiles = [config.age.secrets.kestra-env.path];
cmd = ["server" "standalone" "--config" "/etc/config/application.yaml"];
ports = ["127.0.0.1:3031:8080"];
user = "root";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
@@ -11,8 +11,7 @@
"kestra_data:/app/storage"
"/tmp/kestra-wd:/tmp/kestra-wd"
];
extraOptions =
[ "--add-host=postgres:10.89.0.1" "--ip=10.89.0.12" "--network=web" ];
extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.12" "--network=web"];
};
systemd.tmpfiles.rules = [
@@ -21,12 +20,11 @@
# Traefik configuration specific to littlelink
services.traefik.dynamicConfigOptions.http = {
services.kestra.loadBalancer.servers =
[{ url = "http://localhost:3031/"; }];
services.kestra.loadBalancer.servers = [{url = "http://localhost:3031/";}];
routers.kestra = {
rule = "Host(`k.i.az-intec.com`)";
tls = { certResolver = "ionos"; };
tls = {certResolver = "ionos";};
service = "kestra";
entrypoints = "websecure";
};

14
hosts/AZ-PRM-1/services/postgres.nix
View File

@@ -1,12 +1,16 @@
{config, pkgs, ...}: {
{
config,
pkgs,
...
}: {
services.postgresql = {
enable = true;
enableTCPIP = true;
package = pkgs.postgresql_17;
settings = {
ssl = true;
ssl_cert_file = config.age.secrets.pg-cert.path;
ssl_key_file = config.age.secrets.pg-key.path;
ssl = true;
ssl_cert_file = config.age.secrets.pg-cert.path;
ssl_key_file = config.age.secrets.pg-key.path;
};
extensions = with pkgs.postgresql17Packages; [
pgvector
@@ -37,7 +41,7 @@
# Localhost connections (IPv4 and IPv6)
host all postgres 127.0.0.1/32 scram-sha-256
host all postgres ::1/128 scram-sha-256
host n8n n8n 127.0.0.1/32 scram-sha-256
host n8n n8n ::1/128 scram-sha-256

1
hosts/AZ-PRM-1/services/vaultwarden.nix
View File

@@ -27,4 +27,3 @@
};
};
}