AZ-Intec-GmbH/AZ-NIX
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: +AZ-PRM-1

Browse Source
This commit is contained in:
sascha.koenig
2026-03-09 07:20:53 +01:00
parent e8d8adb626
commit f5ea46001e
54 changed files with 2600 additions and 2233 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
hosts/AZ-PRM-1/services/containers/default.nix
View File

@@ -1,6 +1,15 @@
{
{lib, ...}: {
imports = [
#./baserow.nix
#./kestra.nix
# ./kestra.nix
./stirling-pdf.nix
];
system.activationScripts.createPodmanNetworkWeb = lib.mkAfter ''
if ! /run/current-system/sw/bin/podman network exists web; then
/run/current-system/sw/bin/podman network create web --subnet=10.89.0.0/24 --internal
fi
if ! /run/current-system/sw/bin/podman network exists web-dev; then
/run/current-system/sw/bin/podman network create web-dev --subnet=10.89.1.0/24 --internal
fi
'';
}

2
hosts/AZ-PRM-1/services/containers/kestra.nix
View File

@@ -23,7 +23,7 @@
services.kestra.loadBalancer.servers = [{url = "http://localhost:3031/";}];
routers.kestra = {
rule = "Host(`k.i.az-intec.com`)";
rule = "Host(`k.l.az-gruppe.com`)";
tls = {certResolver = "ionos";};
service = "kestra";
entrypoints = "websecure";

27
hosts/AZ-PRM-1/services/containers/stirling-pdf.nix Normal file
View File

@@ -0,0 +1,27 @@
{...}: {
virtualisation.oci-containers.containers."stirling-pdf" = {
image = "docker.stirlingpdf.com/stirlingtools/stirling-pdf:latest-fat";
ports = ["127.0.0.1:3032:8080"];
environment = {
SECURITY_ENABLELOGIN = "False";
DISABLE_ADDITIONAL_FEATURES = "False";
};
volumes = [
"stirling_pdf_data:/usr/share/tessdata"
"stirling_pdf_configs:/configs"
];
extraOptions = ["--ip=10.89.0.13" "--network=web"];
};
services.traefik.dynamicConfigOptions.http = {
services.stirling-pdf.loadBalancer.servers = [{url = "http://localhost:3032/";}];
routers.stirling-pdf = {
rule = "Host(`pdf.l.az-gruppe.com`)";
tls = {certResolver = "ionos";};
service = "stirling-pdf";
entrypoints = "websecure";
};
};
}

25
hosts/AZ-PRM-1/services/default.nix
View File

@@ -1,7 +1,28 @@
{
imports = [
# ./n8n.nix
./containers
./n8n.nix
./pgadmin.nix
./postgres.nix
# ./traefik.nix
./traefik.nix
];
services.traefik.dynamicConfigOptions.http = {
services.ptrg.loadBalancer.servers = [{url = "http://192.168.152.102:7784/";}];
routers.prtg = {
rule = "Host(`m.l.az-gruppe.com`)";
tls = {certResolver = "ionos";};
service = "ptrg";
entrypoints = "websecure";
};
services.AZHA.loadBalancer.servers = [{url = "http://192.168.153.194:8123/";}];
routers.AZHA = {
rule = "Host(`ha.l.az-gruppe.com`)";
tls = {certResolver = "ionos";};
service = "AZHA";
entrypoints = "websecure";
};
};
}

2
hosts/AZ-PRM-1/services/n8n.nix
View File

@@ -1,7 +1,7 @@
{config, ...}: {
services.n8n = {
enable = true;
environment.WEBHOOK_URL = "https://wf.az-group.com";
environment.WEBHOOK_URL = "https://wf.l.az-gruppe.com";
};
systemd.services.n8n.serviceConfig = {
EnvironmentFile = ["${config.age.secrets.n8n-env.path}"];

18
hosts/AZ-PRM-1/services/pgadmin.nix Normal file
View File

@@ -0,0 +1,18 @@
{config, ...}: {
services.pgadmin = {
enable = true;
initialPasswordFile = "${config.age.secrets.pgadmin-pw.path}";
initialEmail = "sascha.koenig@azintec.com";
};
# Traefik configuration specific to baserow
services.traefik.dynamicConfigOptions.http = {
services.pgadmin.loadBalancer.servers = [{url = "http://localhost:5050/";}];
routers.pgadmin = {
rule = "Host(`pg.l.az-gruppe.com`)";
tls.certResolver = "ionos";
service = "pgadmin";
entrypoints = "websecure";
};
};
}

6
hosts/AZ-PRM-1/services/postgres.nix
View File

@@ -36,7 +36,6 @@
# Local connections (Unix socket)
local all postgres peer
local n8n n8n scram-sha-256
local vaultwarden vaultwarden scram-sha-256
# Localhost connections (IPv4 and IPv6)
host all postgres 127.0.0.1/32 scram-sha-256
@@ -45,9 +44,6 @@
host n8n n8n 127.0.0.1/32 scram-sha-256
host n8n n8n ::1/128 scram-sha-256
host vaultwarden vaultwarden 127.0.0.1/32 scram-sha-256
host vaultwarden vaultwarden ::1/128 scram-sha-256
# Podman network connections
host baserow baserow 10.89.0.0/24 scram-sha-256
host kestra kestra 10.89.0.0/24 scram-sha-256
@@ -61,7 +57,7 @@
services.postgresqlBackup = {
enable = true;
startAt = "03:10:00";
databases = ["baserow" "kestra" "n8n" "vaultwarden"];
databases = ["baserow" "kestra" "n8n"];
};
networking.firewall = {
extraCommands = ''

20
hosts/AZ-PRM-1/services/traefik.nix
View File

@@ -31,6 +31,15 @@
};
websecure = {
address = ":443";
http.tls = {
certResolver = "ionos";
domains = [
{
main = "l.az-gruppe.com";
sans = ["*.l.az-gruppe.com"];
}
];
};
};
};
};
@@ -39,7 +48,7 @@
services = {
dummy = {
loadBalancer.servers = [
{url = "http://192.168.0.1";} # Diese URL wird nie verwendet
{url = "http://192.168.0.1";}
];
};
};
@@ -50,15 +59,20 @@
};
};
};
routers = {
api = {
rule = "Host(`r.az-gruppe.com`)";
rule = "Host(`r.l.az-gruppe.com`)";
service = "api@internal";
middlewares = ["auth"];
entrypoints = ["websecure"];
tls = {
certResolver = "ionos";
domains = [
{
main = "l.az-gruppe.com";
sans = ["*.l.az-gruppe.com"];
}
];
};
};
};