72 lines
1.7 KiB
Nix
72 lines
1.7 KiB
Nix
{ config, lib, ... }:
|
|
let
|
|
secrets = config.sops.secrets;
|
|
|
|
host = "n8n.dtth.ch";
|
|
db = "n8n";
|
|
user = db;
|
|
port = 23412;
|
|
|
|
dataFolder = "/mnt/data/n8n";
|
|
in
|
|
{
|
|
sops.secrets."n8n/env" = { reloadUnits = [ "n8n.service" ]; };
|
|
cloud.postgresql.databases = [ db ];
|
|
cloud.traefik.hosts.n8n = {
|
|
inherit port host;
|
|
};
|
|
|
|
# users
|
|
users.users."${user}" = {
|
|
group = "${user}";
|
|
isSystemUser = true;
|
|
};
|
|
users.groups."${user}" = { };
|
|
|
|
services.n8n = {
|
|
enable = true;
|
|
webhookUrl = "https://${host}";
|
|
};
|
|
|
|
systemd.services.n8n = {
|
|
environment = {
|
|
# Database
|
|
DB_TYPE = "postgresdb";
|
|
DB_POSTGRESDB_DATABASE = db;
|
|
DB_POSTGRESDB_HOST = "/var/run/postgresql";
|
|
DB_POSTGRESDB_USER = db;
|
|
# Deployment
|
|
N8N_EDITOR_BASE_URL = "https://${host}";
|
|
N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS = "true";
|
|
N8N_USER_FOLDER = lib.mkForce dataFolder;
|
|
HOME = lib.mkForce dataFolder;
|
|
N8N_HOST = host;
|
|
N8N_PORT = toString port;
|
|
N8N_LISTEN_ADDRESS = "127.0.0.1";
|
|
N8N_HIRING_BANNER_ENABLED = "false";
|
|
N8N_PROXY_HOPS = "1";
|
|
# Logs
|
|
N8N_LOG_LEVEL = "debug";
|
|
# License
|
|
N8N_HIDE_USAGE_PAGE = "true";
|
|
# Security
|
|
N8N_BLOCK_ENV_ACCESS_IN_NODE = "true";
|
|
# Timezone
|
|
GENERIC_TIMEZONE = "Europe/Berlin";
|
|
};
|
|
serviceConfig = {
|
|
EnvironmentFile = [ secrets."n8n/env".path ];
|
|
User = user;
|
|
DynamicUser = lib.mkForce false;
|
|
ReadWritePaths = [ dataFolder ];
|
|
# ReadOnlyPaths = [ "/var/run/postgresql" ];
|
|
};
|
|
unitConfig.RequiresMountsFor = [ dataFolder ];
|
|
};
|
|
systemd.tmpfiles.settings."10-n8n".${dataFolder}.d = {
|
|
user = user;
|
|
group = user;
|
|
mode = "0700";
|
|
};
|
|
}
|