[n8n] Add n8n service with host-mounted backups path

[finallyjay]

Overview

Adds n8n (workflow automation) as a new self-hosted service, following the repo's 3-file convention (docker-compose.yml, .env.example, README.md).

Design

• SQLite storage at /data.
• Backups folder bind-mounted at /backups via ${N8N_BACKUPS_PATH}, with rslave mount propagation.
• The same compose file runs on two hosts, differing only by env:
  • Host with network storage → N8N_BACKUPS_PATH points to an OS-level NFS automount.
  • Host without it (e.g. a VPS) → N8N_BACKUPS_PATH points to a local directory.

Why OS-level NFS automount instead of a Docker NFS volume

Mounting NFS via the OS (fstab with x-systemd.automount,nofail) decouples n8n's startup from storage availability: after a power outage the container boots immediately even if the storage server is slower to come up, and rslave propagation makes the on-demand mount visible inside the running container. While the share is down, backups fail cleanly rather than writing to local disk and being silently lost.

Notes

• Uses dokploy-network (external), restart: unless-stopped, Watchtower opt-in label, and the standard compose property order.
• Docs/examples use generic placeholders — no internal IPs, exports, hostnames, or UIDs.
• Real values live only in each Dokploy app's .env (not committed).

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation

  • Added a deployment guide for n8n covering environment variables, backup modes and bind-mounted backup guidance, timezone and UID/GID notes, reverse-proxy/TLS cookie recommendations, keeping the encryption key stable, and enabling filesystem access for Function nodes.

• Chores

  • Added a Docker Compose example for running n8n with persistent storage, published port, restart policy, security-hardening options, and log rotation settings.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 581ef51f-381d-40ea-824c-6cb8a56d70a3

📥 Commits

Reviewing files that changed from the base of the PR and between 68fbb1e and a69ac6a.

📒 Files selected for processing (2)

• n8n/README.md
• n8n/docker-compose.yml

💤 Files with no reviewable changes (1)

• n8n/docker-compose.yml

✅ Files skipped from review due to trivial changes (1)

• n8n/README.md

---

📝 Walkthrough

Walkthrough

Adds an n8n Docker Compose deployment: an example .env with runtime and backup variables, a docker-compose.yml service using those variables, and a README documenting storage, backup modes, networking, encryption key handling, and runtime notes.

Changes

n8n Docker Compose Deployment

Layer / File(s)	Summary
n8n service configuration and environment variables n8n/.env.example, n8n/docker-compose.yml	Environment template defines persistent data path, user UID/GID, web port, timezone, public URL/security settings, encryption key, and backup mount path. Docker Compose service applies these variables, configures port mapping, volume mounts with rslave propagation for backups, security hardening with no-new-privileges, and JSON-file logging with rotation.
Deployment and operational documentation n8n/README.md	Deployment guide covering NFS-backed vs local backup directory modes, full environment variable reference, note that no external network is declared in the compose file, volume bind-mount mappings with propagation flags, host directory permissions, NFS resilient mounting via fstab, TLS/cookie configuration behind reverse proxies, encryption key stability, and enabling Function-node filesystem access.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 I found a workflow bed of logs and queues,
I planted keys and mounts with careful hues,
Backups bound and data snug and tight,
Containers hum through day and night,
Hop — automations now take flight!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: adding an n8n service with host-mounted backups path, which is the primary objective of this PR.
Description check	✅ Passed	The PR description exceeds template requirements with a comprehensive Overview, Design section explaining the two-host strategy, detailed rationale for NFS automounting, and implementation notes. However, it lacks a Test plan section as specified in the template.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch n8n-add-service

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

n8n/README.md (1)

30-32: ⚠️ Potential issue | 🟠 Major

Documentation inconsistency with docker-compose.yml.

The README states the service "Connects to dokploy-network", but the docker-compose.yml file does not include a networks: key under the service definition, so the container will not actually connect to dokploy-network. This inconsistency was flagged in the docker-compose.yml review.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@n8n/README.md` around lines 30 - 32, The README claims the service connects
to "dokploy-network" but the docker-compose.yml service is missing a networks:
declaration; update the docker-compose.yml service block for the n8n service to
include networks: - dokploy-network and ensure a top-level networks:
dokploy-network: external: true (or alternatively update n8n/README.md to
remove/adjust the network claim) so the docs and compose file match; reference
"dokploy-network", "docker-compose.yml" and the n8n service name when making the
change.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@n8n/docker-compose.yml`:
- Around line 9-17: Service is missing a networks key so it won't attach to
dokploy-network and property order violates guidelines; add a networks: entry
referencing dokploy-network above ports (i.e., place networks before ports and
volumes) in the service definition so the container attaches to dokploy-network
and follows the required property order; ensure the networks key lists
dokploy-network exactly (matching the top-level dokploy-network declaration).

---

Duplicate comments:
In `@n8n/README.md`:
- Around line 30-32: The README claims the service connects to "dokploy-network"
but the docker-compose.yml service is missing a networks: declaration; update
the docker-compose.yml service block for the n8n service to include networks: -
dokploy-network and ensure a top-level networks: dokploy-network: external: true
(or alternatively update n8n/README.md to remove/adjust the network claim) so
the docs and compose file match; reference "dokploy-network",
"docker-compose.yml" and the n8n service name when making the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 313bbae6-5a75-4363-8637-99ac041bc7e4

📥 Commits

Reviewing files that changed from the base of the PR and between a119577 and 68fbb1e.

📒 Files selected for processing (3)

• n8n/.env.example
• n8n/README.md
• n8n/docker-compose.yml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Missing networks: key causes the service to ignore dokploy-network.

The dokploy-network is declared at the file level (lines 38-40) but the service definition lacks a networks: key, so the container will connect to the default bridge network instead of dokploy-network as intended by the PR and documented in the README.

Additionally, the coding guidelines require the property order: networks > ports > volumes, but here ports and volumes appear before any networks key.

🔧 Proposed fix

     security_opt:
       - no-new-privileges:true
+    networks:
+      - dokploy-network
     ports:
       - "${N8N_PORT}:5678"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	ports:
	- "${N8N_PORT}:5678"
	volumes:
	- ${N8N_DATA}/data:/data
	- type: bind
	source: ${N8N_BACKUPS_PATH}
	target: /backups
	bind:
	propagation: rslave
	networks:
	- dokploy-network
	ports:
	- "${N8N_PORT}:5678"
	volumes:
	- ${N8N_DATA}/data:/data
	- type: bind
	source: ${N8N_BACKUPS_PATH}
	target: /backups
	bind:
	propagation: rslave

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@n8n/docker-compose.yml` around lines 9 - 17, Service is missing a networks
key so it won't attach to dokploy-network and property order violates
guidelines; add a networks: entry referencing dokploy-network above ports (i.e.,
place networks before ports and volumes) in the service definition so the
container attaches to dokploy-network and follows the required property order;
ensure the networks key lists dokploy-network exactly (matching the top-level
dokploy-network declaration).

Source: Coding guidelines

[Copilot]

Pull request overview

Adds a new n8n self-hosted stack to this repository, intended to be deployed as an independent Dokploy application while bind-mounting a host backups directory (optionally backed by an OS-level NFS automount).

Changes:

• Added n8n/docker-compose.yml defining the n8n container, host port mapping, and bind mounts for /data and /backups (with rslave propagation for backups).
• Added n8n/.env.example documenting required configuration (data path, user, host/protocol, encryption key, backups path).
• Added n8n/README.md describing deployment model (two hosts differing only by env) and the NFS automount approach.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
n8n/docker-compose.yml	Introduces the n8n Compose stack, volumes, env, and external network declaration.
n8n/.env.example	Provides example environment variables for configuring the stack on different hosts.
n8n/README.md	Documents configuration, volumes, and the OS-level NFS automount design rationale.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.