add Container n8n

ansible/playbooks/heyer.systems/docker1.yml

@@ -60,4 +60,8 @@
     - role: deploy_container_loki
       tags:
         - loki
-        - docker-container
+        - docker-container
+    - role: deploy_container_n8n
+      tags:
+        - n8n
+        - docker-container

ansible/roles/deploy_container_n8n/defaults/main.yml

@@ -0,0 +1,11 @@
+#######
+# N8N #
+#######
+container_n8n_version: "latest"
+container_n8n_postgres_version: "16"
+container_n8n_domain: "n8n.example.com"
+container_n8n_postgres_user: "changeUser"
+container_n8n_postgres_password: "changePassword"
+container_n8n_postgres_db: "n8n"
+container_n8n_postgres_non_root_user: "changeUser"
+container_n8n_postgres_non_root_password: "changePassword"

ansible/roles/deploy_container_n8n/files/init-data.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+set -e;
+
+
+if [ -n "${POSTGRES_NON_ROOT_USER:-}" ] && [ -n "${POSTGRES_NON_ROOT_PASSWORD:-}" ]; then
+	psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
+		CREATE USER ${POSTGRES_NON_ROOT_USER} WITH PASSWORD '${POSTGRES_NON_ROOT_PASSWORD}';
+		GRANT ALL PRIVILEGES ON DATABASE ${POSTGRES_DB} TO ${POSTGRES_NON_ROOT_USER};
+		GRANT CREATE ON SCHEMA public TO ${POSTGRES_NON_ROOT_USER};
+	EOSQL
+else
+	echo "SETUP INFO: No Environment variables given!"
+fi

ansible/roles/deploy_container_n8n/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+- name: Ensure data directories exist
+  ansible.builtin.file:
+    path: "{{ container_base_dir }}/data/{{ item }}"
+    state: directory
+    mode: '0755'
+  loop:
+    - "db"
+  become: false
+
+- name: Deploy Docker Compose and .env files
+  ansible.builtin.template:
+    src: "{{ item.src }}"
+    dest: "{{ container_base_dir }}/{{ item.dest }}"
+    mode: '0644'
+  loop:
+    - { src: 'docker-compose.yml.j2', dest: 'docker-compose.yml' }
+    - { src: '.env.j2', dest: '.env' }
+  become: false
+
+- name: Copy postgres init-data file
+  ansible.builtin.copy:
+    src: "{{ item.src }}"
+    dest: "{{ container_base_dir }}/data/{{ item.dest }}"
+    mode: '0644'
+  loop:
+  - { src: "init-data.sh", dest: "init-data.sh"}
+  become: false
+
+- name: Start Container
+  community.docker.docker_compose_v2:
+    project_src: "{{ container_base_dir }}"
+    pull: always
+    docker_host: "unix:///run/user/1000/docker.sock"
+  become: false

ansible/roles/deploy_container_n8n/templates/.env.j2

@@ -0,0 +1,15 @@
+# N8N Version (Standard: latest)
+N8N_VERSION={{ container_n8n_version | default('latest') }}
+
+# N8N PostgreSQL Version
+N8N_POSTGRES_VERSION={{ container_n8n_postgres_version | default('16') }}
+
+# N8N Domain
+N8N_DOMAIN={{ container_n8n_domain }}
+
+# N8N Database Config
+N8N_POSTGRES_USER={{ container_n8n_postgres_user }}
+N8N_POSTGRES_PASSWORD={{ container_n8n_postgres_password }}
+N8N_POSTGRES_DB={{ container_n8n_postgres_db }}
+N8N_POSTGRES_NON_ROOT_USER={{ container_n8n_postgres_non_root_user }}
+N8N_POSTGRES_NON_ROOT_PASSWORD={{ container_n8n_postgres_non_root_password }}

ansible/roles/deploy_container_n8n/templates/docker-compose.yml.j2

@@ -0,0 +1,75 @@
+---
+services:
+  postgres:
+    image: postgres:${N8N_POSTGRES_VERSION}
+    container_name: n8n-db
+    networks:
+      - n8n
+    restart: always
+    environment:
+      - POSTGRES_USER=${N8N_POSTGRES_USER}
+      - POSTGRES_PASSWORD=${N8N_POSTGRES_PASSWORD}
+      - POSTGRES_DB=${N8N_POSTGRES_DB}
+      - POSTGRES_NON_ROOT_USER=${N8N_POSTGRES_NON_ROOT_USER}
+      - POSTGRES_NON_ROOT_PASSWORD=${N8N_POSTGRES_NON_ROOT_PASSWORD}
+    volumes:
+      - ./data/db:/var/lib/postgresql/data
+      - ./data/init-data.sh:/docker-entrypoint-initdb.d/init-data.sh
+    healthcheck:
+      test: ['CMD-SHELL', 'pg_isready -h localhost -U ${N8N_POSTGRES_USER} -d ${N8N_POSTGRES_DB}']
+      interval: 5s
+      timeout: 5s
+      retries: 10
+
+  n8n:
+    image: docker.n8n.io/n8nio/n8n:${N8N_VERSION}
+    restart: always
+    container_name: n8n
+    networks:
+      - traefik
+      - n8n
+    environment:
+      - DB_TYPE=postgresdb
+      - DB_POSTGRESDB_HOST=postgres
+      - DB_POSTGRESDB_PORT=5432
+      - DB_POSTGRESDB_DATABASE=${N8N_POSTGRES_DB}
+      - DB_POSTGRESDB_USER=${N8N_POSTGRES_NON_ROOT_USER}
+      - DB_POSTGRESDB_PASSWORD=${N8N_POSTGRES_NON_ROOT_PASSWORD}
+      - N8N_RUNNERS_ENABLED=true
+      - N8N_HOST=${N8N_DOMAIN:?error}
+      - N8N_PORT=5678
+      - N8N_PROTOCOL=https
+      - NODE_ENV=production
+      - N8N_TRUST_PROXY=true
+      - WEBHOOK_URL=https://${N8N_DOMAIN:?error}
+      - GENERIC_TIMEZONE=Europe/Berlin
+      - TZ=Europe/Berlin
+    links:
+      - postgres
+    volumes:
+      - data:/home/node/.n8n
+    labels:
+      - "traefik.enable=true"
+      - "traefik.docker.network=traefik"
+      - "traefik.http.routers.n8n.entrypoints=http"
+      - "traefik.http.routers.n8n.rule=Host(`${N8N_DOMAIN:?error}`)"
+      - "traefik.http.middlewares.n8n-https-redirect.redirectscheme.scheme=https"
+      - "traefik.http.routers.n8n.middlewares=n8n-https-redirect"
+      - "traefik.http.routers.n8n-secure.entrypoints=https"
+      - "traefik.http.routers.n8n-secure.rule=Host(`${N8N_DOMAIN:?error}`)"
+      - "traefik.http.routers.n8n-secure.tls=true"
+      - "traefik.http.routers.n8n-secure.service=n8n"
+      - "traefik.http.services.n8n.loadbalancer.server.port=5678"
+
+    depends_on:
+      postgres:
+        condition: service_healthy
+
+networks:
+  traefik:
+    external: true
+  n8n:
+    driver: bridge
+
+volumes:
+  data:

ansible/roles/deploy_container_n8n/vars/main.yml

@@ -0,0 +1 @@
+container_base_dir: /opt/docker/n8n