+AZPILOGISTIK01

2025-11-11 10:53:19 +01:00
parent 82ca6fbe98
commit bb66bcc2c5
8 changed files with 309 additions and 17 deletions
--- a/hosts/AZ-PRM-1/services/containers/kestra.nix
+++ b/hosts/AZ-PRM-1/services/containers/kestra.nix
@@ -1,9 +1,9 @@
-{ config, ... }: {
+{config, ...}: {
  virtualisation.oci-containers.containers."kestra" = {
    image = "docker.io/kestra/kestra:latest";
-    environmentFiles = [ config.age.secrets.kestra-env.path ];
-    cmd = [ "server" "standalone" "--config" "/etc/config/application.yaml"];
-    ports = [ "127.0.0.1:3031:8080" ];
+    environmentFiles = [config.age.secrets.kestra-env.path];
+    cmd = ["server" "standalone" "--config" "/etc/config/application.yaml"];
+    ports = ["127.0.0.1:3031:8080"];
    user = "root";
    volumes = [
      "/var/run/docker.sock:/var/run/docker.sock"
@@ -11,8 +11,7 @@
      "kestra_data:/app/storage"
      "/tmp/kestra-wd:/tmp/kestra-wd"
    ];
-    extraOptions =
-      [ "--add-host=postgres:10.89.0.1" "--ip=10.89.0.12" "--network=web" ];
+    extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.12" "--network=web"];
  };

  systemd.tmpfiles.rules = [
@@ -21,12 +20,11 @@

  # Traefik configuration specific to littlelink
  services.traefik.dynamicConfigOptions.http = {
-    services.kestra.loadBalancer.servers =
-      [{ url = "http://localhost:3031/"; }];
+    services.kestra.loadBalancer.servers = [{url = "http://localhost:3031/";}];

    routers.kestra = {
      rule = "Host(`k.i.az-intec.com`)";
-      tls = { certResolver = "ionos"; };
+      tls = {certResolver = "ionos";};
      service = "kestra";
      entrypoints = "websecure";
    };
--- a/hosts/AZ-PRM-1/services/postgres.nix
+++ b/hosts/AZ-PRM-1/services/postgres.nix
@@ -1,12 +1,16 @@
-{config, pkgs, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
  services.postgresql = {
    enable = true;
    enableTCPIP = true;
    package = pkgs.postgresql_17;
    settings = {
-        ssl = true;
-        ssl_cert_file = config.age.secrets.pg-cert.path;
-        ssl_key_file  = config.age.secrets.pg-key.path;
+      ssl = true;
+      ssl_cert_file = config.age.secrets.pg-cert.path;
+      ssl_key_file = config.age.secrets.pg-key.path;
    };
    extensions = with pkgs.postgresql17Packages; [
      pgvector
@@ -37,7 +41,7 @@
      # Localhost connections (IPv4 and IPv6)
      host    all          postgres     127.0.0.1/32    scram-sha-256
      host    all          postgres     ::1/128         scram-sha-256
-  
+
      host    n8n          n8n          127.0.0.1/32    scram-sha-256
      host    n8n          n8n          ::1/128         scram-sha-256

--- a/hosts/AZ-PRM-1/services/vaultwarden.nix
+++ b/hosts/AZ-PRM-1/services/vaultwarden.nix
@@ -27,4 +27,3 @@
    };
  };
 }
-