From 54fc411e137c761e1640ad417780da5cd42c682a Mon Sep 17 00:00:00 2001 From: pazpi Date: Wed, 3 Dec 2025 15:48:10 +0100 Subject: [PATCH] Add n8n service --- hosts/caddy/default.nix | 6 + hosts/default.nix | 288 ++++++++--------------------------- hosts/deployments.nix | 9 ++ hosts/n8n/default.nix | 23 +++ hosts/parameters.nix | 1 + modules/services/default.nix | 1 + modules/services/n8n.nix | 80 ++++++++++ ssh-keys.nix | 1 + 8 files changed, 186 insertions(+), 223 deletions(-) create mode 100644 hosts/n8n/default.nix create mode 100644 modules/services/n8n.nix diff --git a/hosts/caddy/default.nix b/hosts/caddy/default.nix index 5203067..b3a7655 100644 --- a/hosts/caddy/default.nix +++ b/hosts/caddy/default.nix @@ -62,6 +62,12 @@ in host = p.hosts.immich; }; + n8n.proxy = { + enable = true; + domain = p.domain.public; + host = p.hosts.n8n; + }; + media-mgr.proxy = { enable = true; domain = p.domains.public; diff --git a/hosts/default.nix b/hosts/default.nix index 2d9d391..66c1ee0 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -17,9 +17,9 @@ let } ); - pkgs = - system: - import nixpkgs { + mkPkgs = + nixpkgsSrc: system: + import nixpkgsSrc { inherit system; overlays = [ agenixOverlay @@ -28,243 +28,85 @@ let config.allowUnfree = true; }; - pkgs-unstable = - system: - import nixpkgs-unstable { - inherit system; - overlays = [ - agenixOverlay - customOverlays - ]; - config.allowUnfree = true; + # Helper function to create a Proxmox LXC host + mkLXC = + { + hostModule, + unstable ? false, + system ? "x86_64-linux", + extraModules ? [ ], + specialArgs ? { }, + }: + let + nixpkgsSrc = if unstable then nixpkgs-unstable else nixpkgs; + in + nixpkgsSrc.lib.nixosSystem { + pkgs = mkPkgs nixpkgsSrc system; + modules = [ + # Base modules for all hosts + authentik-nix.nixosModules.default + ../modules + + # Proxmox LXC support + "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" + ../modules/virtualisation/proxmox.nix + + # Agenix for secrets + agenix.nixosModules.default + + # Host-specific module + hostModule + ] + ++ extraModules; + inherit specialArgs; }; - nodeBaseModules = { - imports = [ - # lix-module.nixosModules.default - authentik-nix.nixosModules.default - ../modules - ]; - }; - - proxmoxModule = { - imports = [ - "${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix" - ../modules/virtualisation/proxmox.nix - ]; - }; in { # deadbeef = nixpkgs.lib.nixosSystem { - # pkgs = pkgs "x86_64-linux"; + # pkgs = mkPkgs nixpkgs "x86_64-linux"; # modules = [ - # nodeBaseModules # ./deadbeef # nixos-hardware.nixosModules.dell-xps-15-9560 # home-manager.nixosModules.home-manager # agenix.nixosModules.default # ]; - # # specialArgs = { }; # }; - # baseLXC = nixpkgs.lib.nixosSystem { - # pkgs = pkgs "x86_64-linux"; - # modules = [ - # nodeBaseModules - # proxmoxModule - # ./base-lxc.nix - # agenix.nixosModules.default - # ]; - # specialArgs = { - # inherit self; - # }; - # }; - - arr = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./arr - agenix.nixosModules.default - ]; - # specialArgs = { }; + baseLXC = mkLXC { + hostModule = ./base-lxc.nix; + specialArgs = { inherit self; }; }; - caddy = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./caddy - agenix.nixosModules.default - ]; - # specialArgs = { }; + arr = mkLXC { hostModule = ./arr; }; + caddy = mkLXC { hostModule = ./caddy; }; + colmena = mkLXC { hostModule = ./colmena; }; + dns01 = mkLXC { hostModule = ./dns/dns-01.nix; }; + dns02 = mkLXC { hostModule = ./dns/dns-02.nix; }; + firefly-iii = mkLXC { hostModule = ./firefly-iii; }; + forgejo = mkLXC { hostModule = ./forgejo; }; + immich = mkLXC { hostModule = ./immich; }; + metrics = mkLXC { hostModule = ./metrics; }; + n8n = mkLXC { hostModule = ./n8n; }; + nextcloud = mkLXC { hostModule = ./nextcloud; }; + plex = mkLXC { hostModule = ./plex; }; + portainer = mkLXC { hostModule = ./portainer; }; + shadowsocks = mkLXC { hostModule = ./shadowsocks; }; + vaultwarden = mkLXC { hostModule = ./vaultwarden; }; + + # Hosts requiring nixpkgs-unstable + authentik = mkLXC { + hostModule = ./authentik; + unstable = true; }; - metrics = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./metrics - agenix.nixosModules.default - ]; - # specialArgs = { }; + paperless = mkLXC { + hostModule = ./paperless; + unstable = true; }; - - nextcloud = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./nextcloud - agenix.nixosModules.default - ]; - # specialArgs = { }; + + zigbee2mqtt = mkLXC { + hostModule = ./zigbee2mqtt; + unstable = true; }; - - plex = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./plex - agenix.nixosModules.default - ]; - # specialArgs = { }; - }; - - vaultwarden = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./vaultwarden - agenix.nixosModules.default - ]; - # specialArgs = { }; - }; - - portainer = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./portainer - agenix.nixosModules.default - ]; - # specialArgs = { }; - }; - - authentik = nixpkgs-unstable.lib.nixosSystem { - pkgs = pkgs-unstable "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./authentik - agenix.nixosModules.default - ]; - # specialArgs = { }; - }; - - colmena = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./colmena - agenix.nixosModules.default - ]; - # specialArgs = { }; - }; - - dns01 = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./dns/dns-01.nix - agenix.nixosModules.default - ]; - # specialArgs = { }; - }; - - dns02 = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./dns/dns-02.nix - agenix.nixosModules.default - ]; - # specialArgs = { }; - }; - - shadowsocks = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./shadowsocks - agenix.nixosModules.default - ]; - # specialArgs = { }; - }; - - immich = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./immich - agenix.nixosModules.default - ]; - # specialArgs = { }; - }; - - firefly-iii = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./firefly-iii - agenix.nixosModules.default - ]; - # specialArgs = { }; - }; - - paperless = nixpkgs-unstable.lib.nixosSystem { - pkgs = pkgs-unstable "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./paperless - agenix.nixosModules.default - ]; - # specialArgs = { }; - }; - - zigbee2mqtt = nixpkgs-unstable.lib.nixosSystem { - pkgs = pkgs-unstable "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./zigbee2mqtt - agenix.nixosModules.default - ]; - # specialArgs = { }; - }; - - forgejo = nixpkgs.lib.nixosSystem { - pkgs = pkgs "x86_64-linux"; - modules = [ - nodeBaseModules - proxmoxModule - ./forgejo - agenix.nixosModules.default - ]; - # specialArgs = { }; - }; - } diff --git a/hosts/deployments.nix b/hosts/deployments.nix index f1adba7..83617cc 100644 --- a/hosts/deployments.nix +++ b/hosts/deployments.nix @@ -175,6 +175,15 @@ in ]; }; + n8n.deployment = { + targetHost = hosts.n8n; + tags = [ + "lxc" + "bacco" + "n8n" + ]; + }; + deadbeef.deployment = { allowLocalDeployment = true; targetHost = null; diff --git a/hosts/n8n/default.nix b/hosts/n8n/default.nix new file mode 100644 index 0000000..86c4754 --- /dev/null +++ b/hosts/n8n/default.nix @@ -0,0 +1,23 @@ +{ + config, + pkgs, + lib, + ... +}: +{ + + my = { + + services.n8n.enable = true; + + utils = { + commons.enable = true; + commons.gc.enable = true; + lxc-standard.enable = true; + }; + + virtualisation.proxmox.enable = true; + }; + + system.stateVersion = "25.11"; +} diff --git a/hosts/parameters.nix b/hosts/parameters.nix index 1aae9c2..958c736 100644 --- a/hosts/parameters.nix +++ b/hosts/parameters.nix @@ -29,6 +29,7 @@ in paperless = "paperless.${private-domain}"; zigbee2mqtt = "zigbee2mqtt.${private-domain}"; forgejo = "forgejo.${private-domain}"; + n8n = "n8n.${private-domain}"; }; email = "davide@${public-domain}"; } diff --git a/modules/services/default.nix b/modules/services/default.nix index e72c071..31fc954 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -6,6 +6,7 @@ ./forgejo.nix ./immich.nix ./media-mgr.nix + ./n8n.nix ./nextcloud.nix ./paperless-ngx.nix ./plex.nix diff --git a/modules/services/n8n.nix b/modules/services/n8n.nix new file mode 100644 index 0000000..a7b0d49 --- /dev/null +++ b/modules/services/n8n.nix @@ -0,0 +1,80 @@ +{ + lib, + config, + pkgs, + ... +}: +let + cfg = config.my.services.n8n; +in +{ + + options.my.services.n8n = { + enable = lib.mkEnableOption "Enable n8n module"; + + environment = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; + description = "Extra environment variables for n8n"; + example = { + N8N_PROTOCOL = "https"; + WEBHOOK_URL = "https://n8n.example.com/"; + }; + }; + + proxy = { + enable = lib.mkEnableOption "Set the proxy entry for this service"; + + domain = lib.mkOption { + default = "example.com"; + type = lib.types.str; + description = '' + The domain where Caddy is reachable + ''; + }; + + subdomain = lib.mkOption { + default = "n8n"; + type = lib.types.str; + description = '' + n8n subdomain + ''; + }; + + host = lib.mkOption { + default = "localhost"; + type = lib.types.str; + description = '' + host name where the service is running + ''; + }; + + }; + }; + + config = lib.mkMerge [ + (lib.mkIf cfg.enable { + + services.n8n = { + enable = true; + openFirewall = true; + environment = { + GENERIC_TIMEZONE = "Europe/Rome"; + N8N_PROTOCOL = "https"; + WEBHOOK_URL = "https://${cfg.proxy.subdomain}.${cfg.proxy.domain}/"; + } // cfg.environment; + }; + + }) + + (lib.mkIf cfg.proxy.enable { + services.caddy = with cfg.proxy; { + virtualHosts."${subdomain}.${domain}".extraConfig = '' + reverse_proxy http://${host}:${services.n8n.environment.N8N_PORT} + import cloudflare_${domain} + ''; + + }; + }) + ]; +} diff --git a/ssh-keys.nix b/ssh-keys.nix index 2ed0650..3d524f8 100644 --- a/ssh-keys.nix +++ b/ssh-keys.nix @@ -22,6 +22,7 @@ rec { paperless = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRNgDyk3TuMooG4ZCv7SOgXh0ql1/1hhhng7uSnsLeK"; zigbee2mqtt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN0z+RxfAIARVMFgtF9olJrL5lt95IoC0Mtzg0MKd3g"; forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO0MTOCgMoAFjYDEq1gU+XBSUNNcJenoHXagOgFuP1ZN"; + n8n = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP18IdsIxK7EdIOLSONJ4NA6AfLnM/3NkR3+OCDvJWXJ"; }; # Machines able to provisioning other machines