n8n fix firewall

2026-01-23 11:26:18 -06:00
parent 8e07c32238
commit cc0b9cef25
1 changed files with 20 additions and 12 deletions
--- a/system/virtualization/docker/n8n/default.nix
+++ b/system/virtualization/docker/n8n/default.nix
@@ -1,11 +1,19 @@
-{ config, lib, ... }: {
+{ config, lib, ... }: let

-    options.sysconfig.docker.n8n.enable = with lib; mkOption {
+    hostPort = 9004;
+
+    subdomain = "n8n";
+
+    name = "n8n";
+
+in {
+
+    options.sysconfig.docker."${name}".enable = with lib; mkOption {
        type = with types; bool;
        default = false;
    };

-    config = lib.mkIf (config.sysconfig.docker.n8n.enable && config.sysconfig.docker.enable) {
+    config = lib.mkIf (config.sysconfig.docker."${name}".enable && config.sysconfig.docker.enable) {

        environment.etc."resolv.conf" = {
            enable = true;
@@ -22,29 +30,29 @@
 
        networking.firewall.interfaces = {
            "ve-traefik" = {
-                allowedTCPPorts = [ 9001 ];
+                allowedTCPPorts = [ hostPort ];
            };
        };

-        virtualisation.oci-containers.containers.n8n = {
+        virtualisation.oci-containers.containers."${name}" = {
            image = "docker.n8n.io/n8nio/n8n";

            # unstable, waiting for 26.05
            #pull = "newer";

-            hostname = "n8n.esotericbytes.com";
+            hostname = "${subdomain}.esotericbytes.com";

            networks = [
                "docker-main"
            ];

            labels = {
-                "traefik.http.routers.n8n.entrypoints" = "localsecure";
-                "traefik.http.routers.n8n.rule" = "Host(`n8n.esotericbytes.com`)";
-                "traefik.http.routers.n8n.service" = "n8n";
-                "traefik.http.routers.n8n.tls.certResolver" = "cloudflare";
+                "traefik.http.routers.${name}.entrypoints" = "localsecure";
+                "traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
+                "traefik.http.routers.${name}.service" = "${name}";
+                "traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
                
-                "traefik.http.services.n8n.loadbalancer.server.url" = "http://192.168.100.10:9004";
+                "traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${hostPort}";
            };

            extraOptions = lib.mkIf config.sysconfig.docker.nvidia [
@@ -52,7 +60,7 @@
            ];

            ports = [
-                "9004:5678"
+                "${hostPort}:5678"
            ];

            volumes = [