From d35ba60c694737f37500ac963432df129c7fbd99 Mon Sep 17 00:00:00 2001
From: Richie Cahill <Richie@tmmworkshop.com>
Date: Fri, 17 Oct 2025 12:35:19 -0400
Subject: [PATCH] adding n8n

---
 systems/jeeves/services/haproxy.cfg   |  6 +++++
 systems/jeeves/services/n8n.nix       | 37 +++++++++++++++++++++++++++
 systems/jeeves/services/postgress.nix |  3 ++-
 3 files changed, 45 insertions(+), 1 deletion(-)
 create mode 100644 systems/jeeves/services/n8n.nix

diff --git a/systems/jeeves/services/haproxy.cfg b/systems/jeeves/services/haproxy.cfg
index 63b6eba..aae387b 100644
--- a/systems/jeeves/services/haproxy.cfg
+++ b/systems/jeeves/services/haproxy.cfg
@@ -32,6 +32,7 @@ frontend ContentSwitching
   acl host_jellyfin  hdr(host) -i jellyfin.tmmworkshop.com
   acl host_share  hdr(host) -i share.tmmworkshop.com
   acl host_gcw  hdr(host) -i gcw.tmmworkshop.com
+  acl host_n8n  hdr(host) -i n8n.tmmworkshop.com
 
   use_backend audiobookshelf_nodes if host_audiobookshelf
   use_backend cache_nodes  if host_cache
@@ -40,6 +41,7 @@ frontend ContentSwitching
   use_backend jellyfin if host_jellyfin
   use_backend share_nodes  if host_share
   use_backend gcw_nodes  if host_gcw
+  use_backend n8n  if host_n8n
 
 backend audiobookshelf_nodes
   mode http
@@ -71,3 +73,7 @@ backend share_nodes
 backend gcw_nodes
   mode http
   server server 127.0.0.1:8092
+
+backend n8n
+  mode http
+  server server 127.0.0.1:5678
diff --git a/systems/jeeves/services/n8n.nix b/systems/jeeves/services/n8n.nix
new file mode 100644
index 0000000..4a5ea0e
--- /dev/null
+++ b/systems/jeeves/services/n8n.nix
@@ -0,0 +1,37 @@
+{
+  services.n8n = {
+    enable = true;
+
+    settings = {
+      N8N_HOST = "127.0.0.1";
+      N8N_PORT = "5678";
+      N8N_PROTOCOL = "https";
+
+      WEBHOOK_URL = "https://n8n.tmmworkshop.com/";
+      N8N_EDITOR_BASE_URL = "https://n8n.tmmworkshop.com/";
+
+      DB_TYPE = "postgresdb";
+      DB_POSTGRESDB_HOST = "/run/postgresql";
+      DB_POSTGRESDB_DATABASE = "n8n";
+      DB_POSTGRESDB_USER = "richie";
+
+      N8N_ENCRYPTION_KEY = "generate-a-long-random-key";
+      N8N_SECURE_COOKIE = "true";
+      N8N_USER_MANAGEMENT_DISABLED = "false";
+      N8N_DEFAULT_LOCALE = "en";
+      GENERIC_TIMEZONE = "America/New_York";
+
+      N8N_DIAGNOSTICS_ENABLED = "false";
+      N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
+    };
+
+    # Optional: hardening toggles you might like
+    # serviceConfig = {
+    #   ProtectHome = "read-only";
+    #   ProtectKernelTunables = true;
+    #   ProtectKernelModules = true;
+    #   PrivateTmp = true;
+    #   NoNewPrivileges = true;
+    # };
+  };
+}
diff --git a/systems/jeeves/services/postgress.nix b/systems/jeeves/services/postgress.nix
index 1abc9fe..160de4c 100644
--- a/systems/jeeves/services/postgress.nix
+++ b/systems/jeeves/services/postgress.nix
@@ -128,12 +128,13 @@ in
       }
     ];
     ensureDatabases = [
-      "math"
       "gcw"
       "hass"
+      "math"
       "megan"
       "mxr_dev"
       "mxr_prod"
+      "n8n"
       "richie"
     ];
     # Thank you NotAShelf