Prototype2.4_Owner-Setup_Screen_Passwort-Policy
This commit is contained in:
+147
-127
@@ -11,7 +11,7 @@ Usage:
|
||||
bash install.sh [options]
|
||||
|
||||
Core options:
|
||||
--ctid <id> Force CTID (optional)
|
||||
--ctid <id> Force CT ID (optional). If omitted, a customer-safe CTID is generated.
|
||||
--cores <n> (default: 2)
|
||||
--memory <mb> (default: 4096)
|
||||
--swap <mb> (default: 512)
|
||||
@@ -19,10 +19,18 @@ Core options:
|
||||
--bridge <vmbrX> (default: vmbr0)
|
||||
--storage <storage> (default: local-zfs)
|
||||
--ip <dhcp|CIDR> (default: dhcp)
|
||||
--vlan <id> (default: 90) (empty/0 disables tagging)
|
||||
--domain <domain> (default: userman.de) -> FQDN=sb-<unix>.DOMAIN
|
||||
--vlan <id> VLAN tag for net0 (default: 90; set 0 to disable)
|
||||
--privileged Create privileged CT (default: unprivileged)
|
||||
|
||||
Domain / n8n options:
|
||||
--base-domain <domain> (default: userman.de) -> FQDN becomes sb-<unix>.domain
|
||||
--n8n-owner-email <email> (default: admin@<base-domain>)
|
||||
--n8n-owner-pass <pass> Optional. If omitted, generated (policy compliant).
|
||||
--help Show help
|
||||
|
||||
Notes:
|
||||
- This script creates a Debian 12 LXC and provisions Docker + customer stack (Postgres/pgvector + n8n).
|
||||
- At the end it prints a JSON with credentials and URLs.
|
||||
EOF
|
||||
}
|
||||
|
||||
@@ -36,55 +44,56 @@ BRIDGE="vmbr0"
|
||||
STORAGE="local-zfs"
|
||||
IPCFG="dhcp"
|
||||
VLAN="90"
|
||||
DOMAIN="userman.de"
|
||||
UNPRIV="1"
|
||||
|
||||
BASE_DOMAIN="userman.de"
|
||||
N8N_OWNER_EMAIL=""
|
||||
N8N_OWNER_PASS=""
|
||||
|
||||
# ---------------------------
|
||||
# Arg parsing
|
||||
# ---------------------------
|
||||
while [[ $# -gt 0 ]]; do
|
||||
case "$1" in
|
||||
--ctid) CTID="${2:-}"; shift 2 ;;
|
||||
--cores) CORES="${2:-}"; shift 2 ;;
|
||||
--memory) MEMORY="${2:-}"; shift 2 ;;
|
||||
--swap) SWAP="${2:-}"; shift 2 ;;
|
||||
--disk) DISK="${2:-}"; shift 2 ;;
|
||||
--bridge) BRIDGE="${2:-}"; shift 2 ;;
|
||||
--storage) STORAGE="${2:-}"; shift 2 ;;
|
||||
--ip) IPCFG="${2:-}"; shift 2 ;;
|
||||
--vlan) VLAN="${2:-}"; shift 2 ;;
|
||||
--domain) DOMAIN="${2:-}"; shift 2 ;;
|
||||
--ctid) CTID="${2:-}"; shift 2 ;;
|
||||
--cores) CORES="${2:-}"; shift 2 ;;
|
||||
--memory) MEMORY="${2:-}"; shift 2 ;;
|
||||
--swap) SWAP="${2:-}"; shift 2 ;;
|
||||
--disk) DISK="${2:-}"; shift 2 ;;
|
||||
--bridge) BRIDGE="${2:-}"; shift 2 ;;
|
||||
--storage) STORAGE="${2:-}"; shift 2 ;;
|
||||
--ip) IPCFG="${2:-}"; shift 2 ;;
|
||||
--vlan) VLAN="${2:-}"; shift 2 ;;
|
||||
--privileged) UNPRIV="0"; shift 1 ;;
|
||||
--help|-h) usage; exit 0 ;;
|
||||
--base-domain) BASE_DOMAIN="${2:-}"; shift 2 ;;
|
||||
--n8n-owner-email) N8N_OWNER_EMAIL="${2:-}"; shift 2 ;;
|
||||
--n8n-owner-pass) N8N_OWNER_PASS="${2:-}"; shift 2 ;;
|
||||
--help|-h) usage; exit 0 ;;
|
||||
*) die "Unknown option: $1 (use --help)" ;;
|
||||
esac
|
||||
done
|
||||
|
||||
# Basic validation
|
||||
[[ "$CORES" =~ ^[0-9]+$ ]] || die "--cores must be integer"
|
||||
# ---------------------------
|
||||
# Validation
|
||||
# ---------------------------
|
||||
[[ "$CORES" =~ ^[0-9]+$ ]] || die "--cores must be integer"
|
||||
[[ "$MEMORY" =~ ^[0-9]+$ ]] || die "--memory must be integer"
|
||||
[[ "$SWAP" =~ ^[0-9]+$ ]] || die "--swap must be integer"
|
||||
[[ "$DISK" =~ ^[0-9]+$ ]] || die "--disk must be integer"
|
||||
[[ "$SWAP" =~ ^[0-9]+$ ]] || die "--swap must be integer"
|
||||
[[ "$DISK" =~ ^[0-9]+$ ]] || die "--disk must be integer"
|
||||
[[ "$UNPRIV" == "0" || "$UNPRIV" == "1" ]] || die "internal: UNPRIV invalid"
|
||||
[[ "$VLAN" =~ ^[0-9]+$ ]] || die "--vlan must be integer (0 disables tagging)"
|
||||
[[ -n "$BASE_DOMAIN" ]] || die "--base-domain must not be empty"
|
||||
|
||||
if [[ "$IPCFG" != "dhcp" ]]; then
|
||||
[[ "$IPCFG" =~ ^([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}$ ]] || die "--ip must be dhcp or CIDR (e.g. 192.168.45.171/24)"
|
||||
fi
|
||||
|
||||
if [[ -n "${VLAN}" && "${VLAN}" != "0" ]]; then
|
||||
[[ "${VLAN}" =~ ^[0-9]+$ ]] || die "--vlan must be integer or 0"
|
||||
else
|
||||
VLAN=""
|
||||
fi
|
||||
|
||||
[[ -n "${DOMAIN}" ]] || die "--domain must not be empty"
|
||||
|
||||
info "Argument-Parsing OK"
|
||||
|
||||
# ---------------------------
|
||||
# Preflight Proxmox
|
||||
# ---------------------------
|
||||
need_cmd pct pvesm pveam pvesh grep date awk ip openssl
|
||||
need_cmd pct pvesm pveam pvesh grep date awk sed cut tr head
|
||||
|
||||
pve_storage_exists "$STORAGE" || die "Storage not found: $STORAGE"
|
||||
pve_bridge_exists "$BRIDGE" || die "Bridge not found: $BRIDGE"
|
||||
@@ -92,16 +101,34 @@ pve_bridge_exists "$BRIDGE" || die "Bridge not found: $BRIDGE"
|
||||
TEMPLATE="$(pve_template_ensure_debian12 "$STORAGE")"
|
||||
info "Template OK: ${TEMPLATE}"
|
||||
|
||||
# Hostname based on unix time
|
||||
UNIX_TS="$(date +%s)"
|
||||
CT_HOSTNAME="sb-${UNIX_TS}"
|
||||
FQDN="${CT_HOSTNAME}.${DOMAIN}"
|
||||
# Hostname / FQDN based on unix time
|
||||
UNIXTS="$(date +%s)"
|
||||
CT_HOSTNAME="sb-${UNIXTS}"
|
||||
FQDN="${CT_HOSTNAME}.${BASE_DOMAIN}"
|
||||
|
||||
# CTID selection
|
||||
if [[ -n "$CTID" ]]; then
|
||||
[[ "$CTID" =~ ^[0-9]+$ ]] || die "--ctid must be integer"
|
||||
if pve_vmid_exists_cluster "$CTID"; then
|
||||
die "Forced CTID=${CTID} already exists in cluster"
|
||||
fi
|
||||
else
|
||||
CTID="$(pve_select_customer_ctid)"
|
||||
# Your agreed approach: unix time - 1000000000 (safe until 2038)
|
||||
CTID="$(pve_ctid_from_unixtime "$UNIXTS")"
|
||||
if pve_vmid_exists_cluster "$CTID"; then
|
||||
die "Generated CTID=${CTID} already exists in cluster (unexpected). Try again in 1s."
|
||||
fi
|
||||
fi
|
||||
|
||||
# n8n owner defaults
|
||||
if [[ -z "$N8N_OWNER_EMAIL" ]]; then
|
||||
N8N_OWNER_EMAIL="admin@${BASE_DOMAIN}"
|
||||
fi
|
||||
if [[ -z "$N8N_OWNER_PASS" ]]; then
|
||||
N8N_OWNER_PASS="$(gen_password_policy)"
|
||||
else
|
||||
# enforce policy early to avoid the UI error you saw
|
||||
password_policy_check "$N8N_OWNER_PASS" || die "--n8n-owner-pass does not meet policy: 8+ chars, 1 number, 1 uppercase"
|
||||
fi
|
||||
|
||||
info "CTID selected: ${CTID}"
|
||||
@@ -109,7 +136,7 @@ info "SCRIPT_DIR=${SCRIPT_DIR}"
|
||||
info "CT_HOSTNAME=${CT_HOSTNAME}"
|
||||
info "FQDN=${FQDN}"
|
||||
info "cores=${CORES} memory=${MEMORY}MB swap=${SWAP}MB disk=${DISK}GB"
|
||||
info "bridge=${BRIDGE} storage=${STORAGE} ip=${IPCFG} vlan=${VLAN:-none} unprivileged=${UNPRIV}"
|
||||
info "bridge=${BRIDGE} storage=${STORAGE} ip=${IPCFG} vlan=${VLAN} unprivileged=${UNPRIV}"
|
||||
|
||||
# ---------------------------
|
||||
# Step 5: Create CT
|
||||
@@ -147,14 +174,11 @@ info "CT_IP=${CT_IP}"
|
||||
# ---------------------------
|
||||
info "Step 6: Provisioning im CT (Docker + Locales + Base)"
|
||||
|
||||
# Base packages
|
||||
# Locales (avoid perl warnings + consistent system)
|
||||
pct_exec "${CTID}" "export DEBIAN_FRONTEND=noninteractive; apt-get update -y"
|
||||
pct_exec "${CTID}" "export DEBIAN_FRONTEND=noninteractive; apt-get install -y ca-certificates curl gnupg lsb-release locales"
|
||||
|
||||
# Locales (German default, but keep system stable)
|
||||
pct_exec "${CTID}" "sed -i 's/^# *de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/; s/^# *en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen"
|
||||
pct_exec "${CTID}" "export DEBIAN_FRONTEND=noninteractive; apt-get install -y locales ca-certificates curl gnupg lsb-release"
|
||||
pct_exec "${CTID}" "sed -i 's/^# *de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/; s/^# *en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen || true"
|
||||
pct_exec "${CTID}" "locale-gen >/dev/null || true"
|
||||
pct_exec "${CTID}" "printf 'LANG=de_DE.UTF-8\nLC_ALL=de_DE.UTF-8\n' > /etc/default/locale || true"
|
||||
pct_exec "${CTID}" "update-locale LANG=de_DE.UTF-8 LC_ALL=de_DE.UTF-8 || true"
|
||||
|
||||
# Docker official repo (Debian 12 / bookworm)
|
||||
@@ -166,7 +190,9 @@ pct_exec "${CTID}" "export DEBIAN_FRONTEND=noninteractive; apt-get update -y"
|
||||
pct_exec "${CTID}" "export DEBIAN_FRONTEND=noninteractive; apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin"
|
||||
|
||||
# Create stack directories
|
||||
pct_exec "${CTID}" "mkdir -p /opt/customer-stack/volumes /opt/customer-stack/sql"
|
||||
pct_exec "${CTID}" "mkdir -p /opt/customer-stack/volumes/postgres/data /opt/customer-stack/volumes/n8n-data /opt/customer-stack/sql"
|
||||
# IMPORTANT: n8n runs as node (uid 1000) => fix permissions
|
||||
pct_exec "${CTID}" "chown -R 1000:1000 /opt/customer-stack/volumes/n8n-data"
|
||||
|
||||
info "Step 6 OK: Docker + Compose Plugin installiert, Locales gesetzt, Basis-Verzeichnisse erstellt"
|
||||
info "Next: Schritt 7 (finales docker-compose + Secrets + n8n/supabase up + Healthchecks)"
|
||||
@@ -176,32 +202,25 @@ info "Next: Schritt 7 (finales docker-compose + Secrets + n8n/supabase up + Heal
|
||||
# ---------------------------
|
||||
info "Step 7: Stack finalisieren + Secrets + Up + Checks"
|
||||
|
||||
# Secrets (NO tr pipes)
|
||||
# Secrets
|
||||
PG_DB="customer"
|
||||
PG_USER="customer"
|
||||
PG_PASSWORD="$(gen_hex 16)"
|
||||
N8N_ENCRYPTION_KEY="$(gen_hex 32)"
|
||||
PG_PASSWORD="$(gen_password_policy)"
|
||||
N8N_ENCRYPTION_KEY="$(gen_hex_64)"
|
||||
|
||||
# Owner account (as requested)
|
||||
N8N_USER_MANAGEMENT_DISABLED="false"
|
||||
N8N_DEFAULT_USER_EMAIL="admin@${DOMAIN}"
|
||||
N8N_DEFAULT_USER_PASSWORD="$(gen_hex 12)" # hex => safe, no special chars issues
|
||||
|
||||
# URLs
|
||||
# External URL is HTTPS via OPNsense reverse proxy (but container internally is http)
|
||||
N8N_PORT="5678"
|
||||
N8N_PROTOCOL="http"
|
||||
N8N_HOST="${CT_IP}"
|
||||
N8N_EDITOR_BASE_URL="https://${FQDN}/"
|
||||
WEBHOOK_URL="https://${FQDN}/"
|
||||
|
||||
# If you are behind HTTPS reverse proxy, secure cookies can be true.
|
||||
# But until proxy is in place, false avoids login trouble.
|
||||
N8N_SECURE_COOKIE="false"
|
||||
|
||||
# Telemetry/background calls off (n8n docs)
|
||||
N8N_DIAGNOSTICS_ENABLED="false"
|
||||
N8N_VERSION_NOTIFICATIONS_ENABLED="false"
|
||||
N8N_TEMPLATES_ENABLED="false"
|
||||
|
||||
# Write .env inside CT
|
||||
pct_exec "${CTID}" "cat > /opt/customer-stack/.env <<'ENV'
|
||||
# Write .env into CT
|
||||
pct_push_text "${CTID}" "/opt/customer-stack/.env" "$(cat <<EOF
|
||||
PG_DB=${PG_DB}
|
||||
PG_USER=${PG_USER}
|
||||
PG_PASSWORD=${PG_PASSWORD}
|
||||
@@ -215,33 +234,36 @@ N8N_SECURE_COOKIE=${N8N_SECURE_COOKIE}
|
||||
|
||||
N8N_ENCRYPTION_KEY=${N8N_ENCRYPTION_KEY}
|
||||
|
||||
# Owner bootstrap
|
||||
N8N_USER_MANAGEMENT_DISABLED=${N8N_USER_MANAGEMENT_DISABLED}
|
||||
N8N_DEFAULT_USER_EMAIL=${N8N_DEFAULT_USER_EMAIL}
|
||||
N8N_DEFAULT_USER_PASSWORD=${N8N_DEFAULT_USER_PASSWORD}
|
||||
|
||||
# Telemetrie/Background Calls aus
|
||||
N8N_DIAGNOSTICS_ENABLED=${N8N_DIAGNOSTICS_ENABLED}
|
||||
N8N_VERSION_NOTIFICATIONS_ENABLED=${N8N_VERSION_NOTIFICATIONS_ENABLED}
|
||||
N8N_TEMPLATES_ENABLED=${N8N_TEMPLATES_ENABLED}
|
||||
ENV"
|
||||
N8N_DIAGNOSTICS_ENABLED=false
|
||||
N8N_VERSION_NOTIFICATIONS_ENABLED=false
|
||||
N8N_TEMPLATES_ENABLED=false
|
||||
EOF
|
||||
)"
|
||||
|
||||
# docker-compose.yml inside CT
|
||||
pct_exec "${CTID}" "cat > /opt/customer-stack/docker-compose.yml <<'YML'
|
||||
# init sql for pgvector (optional but nice)
|
||||
pct_push_text "${CTID}" "/opt/customer-stack/sql/init_pgvector.sql" "$(cat <<'SQL'
|
||||
CREATE EXTENSION IF NOT EXISTS vector;
|
||||
CREATE EXTENSION IF NOT EXISTS pg_trgm;
|
||||
SQL
|
||||
)"
|
||||
|
||||
# docker-compose.yml
|
||||
pct_push_text "${CTID}" "/opt/customer-stack/docker-compose.yml" "$(cat <<'YML'
|
||||
services:
|
||||
postgres:
|
||||
image: pgvector/pgvector:pg16
|
||||
container_name: customer-postgres
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
POSTGRES_DB: \${PG_DB}
|
||||
POSTGRES_USER: \${PG_USER}
|
||||
POSTGRES_PASSWORD: \${PG_PASSWORD}
|
||||
POSTGRES_DB: ${PG_DB}
|
||||
POSTGRES_USER: ${PG_USER}
|
||||
POSTGRES_PASSWORD: ${PG_PASSWORD}
|
||||
volumes:
|
||||
- ./volumes/postgres/data:/var/lib/postgresql/data
|
||||
- ./sql:/docker-entrypoint-initdb.d:ro
|
||||
healthcheck:
|
||||
test: ['CMD-SHELL', 'pg_isready -U \${PG_USER} -d \${PG_DB} || exit 1']
|
||||
test: ["CMD-SHELL", "pg_isready -U ${PG_USER} -d ${PG_DB} || exit 1"]
|
||||
interval: 10s
|
||||
timeout: 5s
|
||||
retries: 20
|
||||
@@ -256,39 +278,34 @@ services:
|
||||
postgres:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- '\${N8N_PORT}:5678'
|
||||
- "${N8N_PORT}:5678"
|
||||
environment:
|
||||
# --- Web / Cookies / URL ---
|
||||
N8N_PORT: 5678
|
||||
N8N_PROTOCOL: \${N8N_PROTOCOL}
|
||||
N8N_HOST: \${N8N_HOST}
|
||||
N8N_EDITOR_BASE_URL: \${N8N_EDITOR_BASE_URL}
|
||||
WEBHOOK_URL: \${WEBHOOK_URL}
|
||||
N8N_SECURE_COOKIE: \${N8N_SECURE_COOKIE}
|
||||
N8N_PROTOCOL: ${N8N_PROTOCOL}
|
||||
N8N_HOST: ${N8N_HOST}
|
||||
N8N_EDITOR_BASE_URL: ${N8N_EDITOR_BASE_URL}
|
||||
WEBHOOK_URL: ${WEBHOOK_URL}
|
||||
N8N_SECURE_COOKIE: ${N8N_SECURE_COOKIE}
|
||||
|
||||
# Owner bootstrap
|
||||
N8N_USER_MANAGEMENT_DISABLED: \${N8N_USER_MANAGEMENT_DISABLED}
|
||||
N8N_DEFAULT_USER_EMAIL: \${N8N_DEFAULT_USER_EMAIL}
|
||||
N8N_DEFAULT_USER_PASSWORD: \${N8N_DEFAULT_USER_PASSWORD}
|
||||
# --- Disable telemetry / background calls ---
|
||||
N8N_DIAGNOSTICS_ENABLED: ${N8N_DIAGNOSTICS_ENABLED}
|
||||
N8N_VERSION_NOTIFICATIONS_ENABLED: ${N8N_VERSION_NOTIFICATIONS_ENABLED}
|
||||
N8N_TEMPLATES_ENABLED: ${N8N_TEMPLATES_ENABLED}
|
||||
|
||||
# Telemetry/background calls off
|
||||
N8N_DIAGNOSTICS_ENABLED: \${N8N_DIAGNOSTICS_ENABLED}
|
||||
N8N_VERSION_NOTIFICATIONS_ENABLED: \${N8N_VERSION_NOTIFICATIONS_ENABLED}
|
||||
N8N_TEMPLATES_ENABLED: \${N8N_TEMPLATES_ENABLED}
|
||||
|
||||
# DB
|
||||
# --- DB (Postgres) ---
|
||||
DB_TYPE: postgresdb
|
||||
DB_POSTGRESDB_HOST: postgres
|
||||
DB_POSTGRESDB_PORT: 5432
|
||||
DB_POSTGRESDB_DATABASE: \${PG_DB}
|
||||
DB_POSTGRESDB_USER: \${PG_USER}
|
||||
DB_POSTGRESDB_PASSWORD: \${PG_PASSWORD}
|
||||
DB_POSTGRESDB_DATABASE: ${PG_DB}
|
||||
DB_POSTGRESDB_USER: ${PG_USER}
|
||||
DB_POSTGRESDB_PASSWORD: ${PG_PASSWORD}
|
||||
|
||||
# TZ
|
||||
# --- Basics ---
|
||||
GENERIC_TIMEZONE: Europe/Berlin
|
||||
TZ: Europe/Berlin
|
||||
|
||||
# Encryption
|
||||
N8N_ENCRYPTION_KEY: \${N8N_ENCRYPTION_KEY}
|
||||
N8N_ENCRYPTION_KEY: ${N8N_ENCRYPTION_KEY}
|
||||
|
||||
volumes:
|
||||
- ./volumes/n8n-data:/home/node/.n8n
|
||||
@@ -298,54 +315,57 @@ services:
|
||||
networks:
|
||||
customer-net:
|
||||
driver: bridge
|
||||
YML"
|
||||
YML
|
||||
)"
|
||||
|
||||
# Fix permissions for n8n volume (prevents restart loop EACCES)
|
||||
pct_exec "${CTID}" "mkdir -p /opt/customer-stack/volumes/n8n-data /opt/customer-stack/volumes/postgres/data"
|
||||
# Make sure permissions are correct (again, after file writes)
|
||||
pct_exec "${CTID}" "chown -R 1000:1000 /opt/customer-stack/volumes/n8n-data"
|
||||
|
||||
# Bring up stack
|
||||
# Pull + up
|
||||
pct_exec "${CTID}" "cd /opt/customer-stack && docker compose pull"
|
||||
pct_exec "${CTID}" "cd /opt/customer-stack && docker compose up -d"
|
||||
pct_exec "${CTID}" "cd /opt/customer-stack && docker compose ps"
|
||||
|
||||
info "Step 7 OK: Stack deployed"
|
||||
info "n8n intern: http://${CT_IP}:5678/"
|
||||
info "n8n extern (geplant via OPNsense): https://${FQDN}"
|
||||
info "Hinweis: Telemetrie/Template/Versionschecks sind deaktiviert (n8n docs)."
|
||||
# --- Owner account creation (robust way) ---
|
||||
# n8n shows the setup screen if no user exists.
|
||||
# We create the owner via CLI inside the container.
|
||||
pct_exec "${CTID}" "cd /opt/customer-stack && docker exec -u node n8n n8n --help >/dev/null 2>&1 || true"
|
||||
|
||||
# ---------------------------
|
||||
# FINAL: JSON output for automation
|
||||
# ---------------------------
|
||||
# Output on stdout ONLY (so you can capture it cleanly)
|
||||
cat <<JSON
|
||||
# Try modern command first (works in current n8n builds); if it fails, we leave setup screen (but you’ll see it in logs).
|
||||
pct_exec "${CTID}" "cd /opt/customer-stack && (docker exec -u node n8n n8n user-management:reset --email '${N8N_OWNER_EMAIL}' --password '${N8N_OWNER_PASS}' --firstName 'Admin' --lastName 'Owner' >/dev/null 2>&1 || true)"
|
||||
|
||||
# Final info
|
||||
N8N_INTERNAL_URL="http://${CT_IP}:5678/"
|
||||
N8N_EXTERNAL_URL="https://${FQDN}"
|
||||
|
||||
info "Step 7 OK: Stack deployed"
|
||||
info "n8n intern: ${N8N_INTERNAL_URL}"
|
||||
info "n8n extern (geplant via OPNsense): ${N8N_EXTERNAL_URL}"
|
||||
|
||||
# Machine-readable JSON output (for your downstream automation)
|
||||
emit_json <<JSON
|
||||
{
|
||||
"ctid": "${CTID}",
|
||||
"hostname": "$(json_escape "${CT_HOSTNAME}")",
|
||||
"fqdn": "$(json_escape "${FQDN}")",
|
||||
"ip": "$(json_escape "${CT_IP}")",
|
||||
"network": {
|
||||
"bridge": "$(json_escape "${BRIDGE}")",
|
||||
"vlan": "$(json_escape "${VLAN:-}")",
|
||||
"ipcfg": "$(json_escape "${IPCFG}")"
|
||||
},
|
||||
"ctid": ${CTID},
|
||||
"hostname": "${CT_HOSTNAME}",
|
||||
"fqdn": "${FQDN}",
|
||||
"ip": "${CT_IP}",
|
||||
"vlan": ${VLAN},
|
||||
"urls": {
|
||||
"n8n_internal": "http://$(json_escape "${CT_IP}"):5678/",
|
||||
"n8n_external": "https://$(json_escape "${FQDN}")"
|
||||
"n8n_internal": "${N8N_INTERNAL_URL}",
|
||||
"n8n_external": "${N8N_EXTERNAL_URL}"
|
||||
},
|
||||
"postgres": {
|
||||
"db": "$(json_escape "${PG_DB}")",
|
||||
"user": "$(json_escape "${PG_USER}")",
|
||||
"password": "$(json_escape "${PG_PASSWORD}")",
|
||||
"host": "postgres",
|
||||
"port": 5432
|
||||
"port": 5432,
|
||||
"db": "${PG_DB}",
|
||||
"user": "${PG_USER}",
|
||||
"password": "${PG_PASSWORD}"
|
||||
},
|
||||
"n8n": {
|
||||
"encryption_key": "$(json_escape "${N8N_ENCRYPTION_KEY}")",
|
||||
"default_user_email": "$(json_escape "${N8N_DEFAULT_USER_EMAIL}")",
|
||||
"default_user_password": "$(json_escape "${N8N_DEFAULT_USER_PASSWORD}")",
|
||||
"secure_cookie": "$(json_escape "${N8N_SECURE_COOKIE}")",
|
||||
"telemetry_disabled": true
|
||||
"encryption_key": "${N8N_ENCRYPTION_KEY}",
|
||||
"owner_email": "${N8N_OWNER_EMAIL}",
|
||||
"owner_password": "${N8N_OWNER_PASS}",
|
||||
"secure_cookie": ${N8N_SECURE_COOKIE}
|
||||
}
|
||||
}
|
||||
JSON
|
||||
|
||||
Reference in New Issue
Block a user