From f871bbfac1f0066c6c8a6f46dcb27022df4a4912 Mon Sep 17 00:00:00 2001 From: cronekorkn Date: Sat, 23 Nov 2024 17:57:50 +0100 Subject: [PATCH] wip --- bundles/n8n/items.py | 24 ++++++++++ bundles/n8n/metadata.py | 90 +++++++++++++++++++++++++++++++++++++ nodes/htz.mails.py | 7 ++- nodes/mseibert.freescout.py | 1 - nodes/mseibert.n8n.py | 61 +++++++++++++++++++++++++ 5 files changed, 181 insertions(+), 2 deletions(-) create mode 100644 bundles/n8n/items.py create mode 100644 bundles/n8n/metadata.py create mode 100644 nodes/mseibert.n8n.py diff --git a/bundles/n8n/items.py b/bundles/n8n/items.py new file mode 100644 index 0000000..31e6ca2 --- /dev/null +++ b/bundles/n8n/items.py @@ -0,0 +1,24 @@ +assert node.has_bundle('nodejs') +assert node.has_bundle('postgresql') +assert node.has_bundle('zfs') + +# To update: +# +# - systemctl stop n8n postgresql +# - tempsnap pre-n8n-update (for psql, emergency rollback) +# - apply + +version = node.metadata.get("n8n/version") +actions['install_n8n'] = { + 'command': f'cd /opt/n8n && sudo -u n8n npm install n8n@{version}', + 'unless': f'test -e /opt/n8n/node_modules && ' + f'test $(jq -r ".version" < /opt/n8n/node_modules/n8n/package.json) = "{version}"', + 'needs': { + 'directory:/opt/n8n', + 'pkg_apt:nodejs', + 'user:n8n', + }, + 'triggers': { + 'svc_systemd:n8n:restart', + }, +} diff --git a/bundles/n8n/metadata.py b/bundles/n8n/metadata.py new file mode 100644 index 0000000..c7f60ea --- /dev/null +++ b/bundles/n8n/metadata.py @@ -0,0 +1,90 @@ +defaults = { + 'backups': { + 'paths': { + '/opt/n8n', + }, + }, + 'users': { + 'n8n': { + 'home': '/opt/n8n', + }, + }, + 'postgresql': { + 'databases': { + 'n8n': { + 'when_creating': { + 'encoding': 'UTF8', + 'collation': 'C.UTF-8', + 'ctype': 'C.UTF-8', + }, + }, + }, + 'roles': { + 'n8n': { + 'password': repo.vault.password_for(f'{node.name} n8n psql'), + }, + }, + }, + 'zfs': { + 'datasets': { + 'tank/n8n': { + 'compression': 'on', + 'mountpoint': '/opt/n8n', + 'needed_by': {'directory:/opt/n8n'}, + }, + }, + }, +} + + +@metadata_reactor.provides( + 'icinga2_api/n8n/services/N8N UPDATE', +) +def icinga_check_for_new_release(metadata): + return { + 'icinga2_api': { + 'n8n': { + 'services': { + 'N8N UPDATE': { + 'command_on_monitored_host': + f'/usr/local/share/icinga/plugins/check_github_for_new_release ' + f'--repo n8n-io/n8n --current-version n8n@{metadata.get("n8n/version")}', + 'check_interval': '60m', + }, + }, + }, + }, + } + + +@metadata_reactor.provides( + 'systemd/services/n8n', +) +def systemd(metadata): + return { + 'systemd': { + 'services': { + 'n8n': { + 'content': { + 'Unit': { + 'Description': 'n8n', + 'Requires': 'network.target postgresql.service', + 'After': 'postgresql.service', + }, + 'Service': { + 'Restart': 'always', + 'RestartSec': '5', + 'WorkingDirectory': '/opt/n8n', + 'ExecStart': '/usr/bin/npx n8n start', + 'User': 'n8n', + 'Group': 'n8n', + }, + }, + 'env_as_file': metadata.get('n8n/env'), + 'needs': { + 'action:install_n8n', + }, + }, + }, + }, + } diff --git a/nodes/htz.mails.py b/nodes/htz.mails.py index 7dc2574..aafec57 100644 --- a/nodes/htz.mails.py +++ b/nodes/htz.mails.py @@ -221,7 +221,12 @@ }, 'mseibert.freescout': { 'allowed_ips': [ - '10.0.227.0/24', + '10.0.227.2/32', + ], + }, + 'mseibert.n8n': { + 'allowed_ips': [ + '10.0.227.3/32', ], }, }, diff --git a/nodes/mseibert.freescout.py b/nodes/mseibert.freescout.py index 32a257a..c186b08 100644 --- a/nodes/mseibert.freescout.py +++ b/nodes/mseibert.freescout.py @@ -46,7 +46,6 @@ '10.0.2.0/24', '10.0.9.0/24', '10.0.10.0/24', - '10.0.10.0/24', ], }, }, diff --git a/nodes/mseibert.n8n.py b/nodes/mseibert.n8n.py new file mode 100644 index 0000000..384cf06 --- /dev/null +++ b/nodes/mseibert.n8n.py @@ -0,0 +1,61 @@ +# https://teamvault.apps.seibert-media.net/secrets/mkqMRv/ +# https://console.hetzner.cloud/projects/889138/servers/56564150 + +{ + #'dummy': True, + 'hostname': '159.69.178.45', + 'groups': [ + 'backup', + 'debian-12', + 'monitored', + 'webserver', + ], + 'bundles': [ + #'n8n', + #'nodejs', + 'wireguard', + 'zfs', + ], + 'metadata': { + 'id': '4852308e-9d36-4a0e-b533-a291e1495db3', + 'network': { + 'internal': { + 'interface': 'enp7s0', + 'ipv4': '10.0.227.3/24', + }, + 'external': { + 'interface': 'eth0', + 'ipv4': '159.69.178.45/32', + 'gateway4': '172.31.1.1', + 'ipv6': '2a01:4f8:c012:491b::1/64', + 'gateway6': 'fe80::1', + }, + }, + 'vm': { + 'cores': 2, + 'ram': 4096, + }, + 'wireguard': { + 'my_ip': '172.30.0.239/32', + 's2s': { + 'htz.mails': { + 'allowed_ips': [ + '10.0.0.0/24', + '10.0.2.0/24', + '10.0.9.0/24', + '10.0.10.0/24', + ], + }, + }, + }, + 'zfs': { + 'pools': { + 'tank': { + 'devices': [ + '/var/lib/tank.img', + ], + }, + }, + }, + }, +}