From 326fcb10fda100750363634a20f51c69081d01d0 Mon Sep 17 00:00:00 2001 From: tolerryan <105945216+tolerryan@users.noreply.github.com> Date: Sat, 29 Nov 2025 00:06:06 -0600 Subject: [PATCH] n8n first commit --- james.tf | 4 +- n8n.tf | 40 ++++++++++++++ roles/ind/n8n/docker-compose.env | 15 ++++++ roles/ind/n8n/docker-compose.yml | 58 ++++++++++++++++++++ roles/ind/n8n/n8n-install.yml | 92 ++++++++++++++++++++++++++++++++ 5 files changed, 207 insertions(+), 2 deletions(-) create mode 100644 n8n.tf create mode 100644 roles/ind/n8n/docker-compose.env create mode 100644 roles/ind/n8n/docker-compose.yml create mode 100644 roles/ind/n8n/n8n-install.yml diff --git a/james.tf b/james.tf index b89dfbb..c9b7c05 100644 --- a/james.tf +++ b/james.tf @@ -34,7 +34,7 @@ resource "proxmox_lxc" "james" { network { name = "eth0" bridge = "vmbr0" - ip = "192.168.0.63/24" + ip = "192.168.0.65/24" gw = "192.168.0.1" } @@ -42,7 +42,7 @@ resource "proxmox_lxc" "james" { provisioner "local-exec" { command = "./.ansible.d/setup.sh $IP" environment = { - IP = "192.168.0.63" + IP = "192.168.0.65" } } diff --git a/n8n.tf b/n8n.tf new file mode 100644 index 0000000..ab63933 --- /dev/null +++ b/n8n.tf @@ -0,0 +1,40 @@ +resource "proxmox_lxc" "n8n" { + target_node = "ryuk2" + hostname = "n8n" + vmid = 230 + ostemplate = "cephfs:vztmpl/debian-13-standard_13.1-2_amd64.tar.zst" + password = "terraform" + unprivileged = true + cores = 6 + memory = 2096 + swap = 1024 + start = true + tags = "terraform;deb13" + nameserver = "192.168.0.224" + ssh_public_keys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINFw70PrMsilcsqCrwW1I6PAt3anQbhmVg+t/HUfomug ryan@mxDesktop" + + features { + nesting = true + } + + rootfs { + storage = "local-lvm" + size = "42G" + } + + network { + name = "eth0" + bridge = "vmbr0" + ip = "192.168.0.58/24" + gw = "192.168.0.1" + + } + + provisioner "local-exec" { + command = "./.ansible.d/setup.sh $IP" + environment = { + IP = "192.168.0.58" + } + } + +} diff --git a/roles/ind/n8n/docker-compose.env b/roles/ind/n8n/docker-compose.env new file mode 100644 index 0000000..f0830a0 --- /dev/null +++ b/roles/ind/n8n/docker-compose.env @@ -0,0 +1,15 @@ +# DOMAIN_NAME and SUBDOMAIN together determine where n8n will be reachable from +# The top level domain to serve from +DOMAIN_NAME=ryantoler.duckdns.org + +# The subdomain to serve from +SUBDOMAIN=n8n + +# The above example serve n8n at: https://n8n.example.com + +# Optional timezone to set which gets used by Cron and other scheduling nodes +# New York is the default value if not set +GENERIC_TIMEZONE=America/Chicago + +# The email address to use for the TLS/SSL certificate creation +SSL_EMAIL=n8n@noemail.com \ No newline at end of file diff --git a/roles/ind/n8n/docker-compose.yml b/roles/ind/n8n/docker-compose.yml new file mode 100644 index 0000000..19650e9 --- /dev/null +++ b/roles/ind/n8n/docker-compose.yml @@ -0,0 +1,58 @@ +services: + traefik: + image: "traefik" + restart: always + command: + - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.web.http.redirections.entryPoint.to=websecure" + - "--entrypoints.web.http.redirections.entrypoint.scheme=https" + - "--entrypoints.websecure.address=:443" + - "--certificatesresolvers.mytlschallenge.acme.tlschallenge=true" + - "--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}" + - "--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json" + ports: + - "80:80" + - "443:443" + volumes: + - traefik_data:/letsencrypt + - /var/run/docker.sock:/var/run/docker.sock:ro + + n8n: + image: docker.n8n.io/n8nio/n8n + restart: always + ports: + - "127.0.0.1:5678:5678" + labels: + - traefik.enable=true + - traefik.http.routers.n8n.rule=Host(`${SUBDOMAIN}.${DOMAIN_NAME}`) + - traefik.http.routers.n8n.tls=true + - traefik.http.routers.n8n.entrypoints=web,websecure + - traefik.http.routers.n8n.tls.certresolver=mytlschallenge + - traefik.http.middlewares.n8n.headers.SSLRedirect=true + - traefik.http.middlewares.n8n.headers.STSSeconds=315360000 + - traefik.http.middlewares.n8n.headers.browserXSSFilter=true + - traefik.http.middlewares.n8n.headers.contentTypeNosniff=true + - traefik.http.middlewares.n8n.headers.forceSTSHeader=true + - traefik.http.middlewares.n8n.headers.SSLHost=${DOMAIN_NAME} + - traefik.http.middlewares.n8n.headers.STSIncludeSubdomains=true + - traefik.http.middlewares.n8n.headers.STSPreload=true + - traefik.http.routers.n8n.middlewares=n8n@docker + environment: + - N8N_ENFORCE_SETTINGS_FILE_PERMISSIONS=true + - N8N_HOST=${SUBDOMAIN}.${DOMAIN_NAME} + - N8N_PORT=5678 + - N8N_PROTOCOL=https + - N8N_RUNNERS_ENABLED=true + - NODE_ENV=production + - WEBHOOK_URL=https://${SUBDOMAIN}.${DOMAIN_NAME}/ + - GENERIC_TIMEZONE=${GENERIC_TIMEZONE} + - TZ=${GENERIC_TIMEZONE} + volumes: + - ./n8n_data:/home/node/.n8n + - ./n8n_files:/files + +volumes: + traefik_data: \ No newline at end of file diff --git a/roles/ind/n8n/n8n-install.yml b/roles/ind/n8n/n8n-install.yml new file mode 100644 index 0000000..66da54b --- /dev/null +++ b/roles/ind/n8n/n8n-install.yml @@ -0,0 +1,92 @@ +--- +- hosts: all + become: yes + remote_user: ansible + gather_facts: true + + vars: + + tasks: + - name: set-debcache.yml - Setup apt proxy debcache + import_tasks: ../../lib/set-debcache.yml + + - name: Upgrade-packages.yml - update packages + import_tasks: ../../lib/upgrade-packages.yml + + - name: Install-docker.yml - setting up docker + import_tasks: ../../lib/install-docker.yml + + - name: Setup-netbird.yml - setting up netbird mesh vpn + import_tasks: ../../lib/setup-netbird.yml + + - name: setup-restic.yml - setup restic + import_tasks: ../../lib/setup-restic.yml + + - name: Install Python Packages + apt: + name: + - python3-full + - python3-pip + state: present + update_cache: yes + + - name: Setup Service + copy: + dest: /etc/systemd/system/n8n.service + content: | + [Unit] + Description=Docker Compose service + Requires=docker.service + After=docker.service + + [Service] + Type=oneshot + RemainAfterExit=yes + WorkingDirectory=/home/docker + ExecStart=/usr/bin/docker compose --env-file ./docker-compose.env -f docker-compose.yml up -d + ExecStop=/usr/bin/docker compose --env-file ./docker-compose.env -f docker-compose.yml down + + [Install] + WantedBy=multi-user.target + owner: root + group: root + mode: '0644' + + - name: Write docker-compose.yml + ansible.builtin.copy: + src: docker-compose.yml + dest: /home/docker/docker-compose.yml + owner: docker + group: docker + mode: u=rw,g=r,o=r + + - name: Write docker-compose.env + ansible.builtin.copy: + src: docker-compose.env + dest: /home/docker/docker-compose.env + owner: docker + group: docker + mode: u=rw,g=r,o=r + + - name: Check if docker config directory exists + stat: + path: /home/docker/data + register: data_stat + + - name: Restore docker config Dir + shell: | + restic --password-file /home/restic/.resticpassword -r sftp:misamisa://home/restic/$(hostname) --target / restore latest + args: + chdir: /home/docker/ + creates: /home/docker/data + when: not data_stat.stat.exists or not data_stat.stat.isdir + + - name: Reload systemd daemon + systemd: + daemon_reload: yes + + - name: Start downloader Service + systemd: + name: downloader + state: started + enabled: yes \ No newline at end of file