From d9785dcd0576029f2c601aa177a2e1ced4989234 Mon Sep 17 00:00:00 2001
From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com>
Date: Wed, 14 Jan 2026 21:33:09 +1100
Subject: [PATCH] feat(upbank2firefly): install as a docker container

---
 modules/nixos/bundles/server.nix          |   1 +
 modules/nixos/features/upbank2firefly.nix |  58 ++++++++++++++++++++++
 secrets/secrets.nix                       |   1 +
 secrets/upbank2firefly.age                | Bin 0 -> 1865 bytes
 4 files changed, 60 insertions(+)
 create mode 100644 modules/nixos/features/upbank2firefly.nix
 create mode 100644 secrets/upbank2firefly.age

diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix
index 669f78e..0e0f13d 100644
--- a/modules/nixos/bundles/server.nix
+++ b/modules/nixos/bundles/server.nix
@@ -28,6 +28,7 @@
     "readarr"
     "sonarr"
     "syncthing"
+    "upbank2firefly"
     "vaultwarden"
     # keep-sorted end
   ];
diff --git a/modules/nixos/features/upbank2firefly.nix b/modules/nixos/features/upbank2firefly.nix
new file mode 100644
index 0000000..fbf18f4
--- /dev/null
+++ b/modules/nixos/features/upbank2firefly.nix
@@ -0,0 +1,58 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+let
+  port = 5021;
+in
+{
+  virtualisation.oci-containers = {
+    backend = "docker";
+    containers.upbank2firefly = {
+      extraOptions = [
+        "--network=host"
+      ];
+      image = "compose2nix/upbank2firefly";
+      environment = {
+        FIREFLY_BASEURL = "https://firefly.fi33.buzz";
+        TZ = "Australia/Melbourne";
+      };
+      environmentFiles = [ config.age.secrets.upbank2firefly.path ];
+      volumes = [
+        "/srv/upbank2firefly/app:/app:rw"
+      ];
+      ports = [
+        "${toString port}:80/tcp"
+      ];
+    };
+  };
+
+  systemd = {
+    services = {
+      "docker-build-upbank2firefly" = {
+        path = with pkgs; [
+          docker
+          git
+        ];
+        serviceConfig = {
+          Type = "oneshot";
+          TimeoutSec = 300;
+        };
+        script = ''
+          cd /srv/upbank2firefly
+          git pull
+          docker build -t compose2nix/upbank2firefly .
+        '';
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."upbank2firefly.fi33.buzz" = {
+    forceSSL = true;
+    useACMEHost = "fi33.buzz";
+    locations."/".proxyPass = "http://localhost:${toString port}";
+  };
+
+  age.secrets.upbank2firefly.file = ../../../secrets/upbank2firefly.age;
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index de24194..5dc6b1d 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -39,6 +39,7 @@ in
   "radicale.age".publicKeys = users;
   "readarr.age".publicKeys = users;
   "sonarr.age".publicKeys = users;
+  "upbank2firefly.age".publicKeys = users;
   "vaultwarden-admin.age".publicKeys = users;
   # keep-sorted end
 }
diff --git a/secrets/upbank2firefly.age b/secrets/upbank2firefly.age
new file mode 100644
index 0000000000000000000000000000000000000000..56d99d4befb50ebda4e24758de2e321040c54d66
GIT binary patch
literal 1865
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH^a;^+2~@~Tbo5Hf
zjB<CbEHg1lHTO^Tsz^)@DlaanFmcz<$&V}uHi`&LjxsKHOXqSg@Nmh_)i3cYPYFme
zHu7;wbSg+L49<0`@<`3FaJR^D_NdG&&P~ZO_C>eNT)QHuGEl)OIM}(+(y^d0J2K79
zuqZ6VI5oh_P2Vl6BDvJfRlBId$2=p@(KFmE!j~(wtir;%*vz#oyvjMTxWLK6yVA|g
zDbmu=*EK4_xHu&}+25($DJ{n|&k@}=pAv7&%0LAdlMMZ=K%dG8mvCeEKz;Y{0?#~u
zBcs&ND$@$r(Cj21^W@Y5XZ=d=pir*#$Vd;<a-+nsDA!~UpW*_?ysVN6;|e#U3b)Mg
zMECr%+)90;65p)w6ay|@U0sEw<N!Cb5)Wr1kK){du#~LwDp$|kpa4SygP>AFBlif?
zfC~LgOQ)jza!0P1hNCV1+x+a$$L&=AT&AI)&0juK?tZ1>zaa7B3pNOG2fhEt^!xAs
z>(b|L-OZVGOZv@+veP;p$uYYxdF)TQlOQqU*QRsw6=CiNbA3Zrcrh+@er);5_;5$j
z9FtBBYo)2Xk}b~h_14utt8Be%=%HL?@Biwa_8tKju6$LCBb*m1cYoTqyhuNCd+IFT
zq!}t}+l<%#a(l*}cP#QzsLaweoVD}Rnfjj{Rx`YAnfqUS`#z^o$!hx}JS+V_{A2W%
ztW7<jd*AMF5Yy955i?&lOl36rcd%&RNBj0)3)=g?h;Zfe{!E=esb$$Ji#NWBPqys$
z?K$dZboyH8mD4BfEW}!6ynioyvF+;mrj-}hyb3)h_?-ELfEQ=|^9wEPjPXZ06*MG1
zUpD_Zf3Bd8_<;$pLKg2|5#RA++Qz@p5)*h9R%xc}zU{GeccTBsc`I9)xDE^Po36Th
zY2U#I=e8>DQIc&Al~K5TkoioR@X^?s>6b%!7oFa*d+yZ_U7uf_Q0qKwr1^jHF+QG%
zAMY<6S*_-3By;x4>x-`*#tJDcjCiy4_q%r+3r{?*Kl^`;>gFcT{YA^>E>!)H6ZPni
z-OGm$`uKg9>1h0C;J+c_cjUCFrhx*>MT_^k5+bWFb>}*sslPD!;Ze717lh87FN=`)
zvhVMj{aMdtmidY&a$XTQeU({>%jU7l9;>f02R~%*VE?JKbbV#kl1Q!8SyFP7Q+C8(
z?-p^m`+xJj6Vr^-n6|BR>)gEKMrfnA`p!Gir3deCo_u?D*~{Yp-+nsG^4DDC_vR)4
zgVOrttvV?iY7XD*`Q~P`<<p7N1x*K7Lf0&Om-mRzt|z+M!RUuZmxzH;^Wz;0PdW8G
z`P*^-+h@<oAzL*&Zk}yCZ?RaW^UyNJHj}C?wZ<YZ#Y!@ox7<}`zguf<{r4rq)``>C
zISBadUVq3->(fWRrunKd|6YB}*ZpbW#kY`cbw}*1zM}tcl=+W3?$A%atzC8F$FKXA
z^Zc$X=+<nX^j9bN%sIcEP2REJ-Y=Usx$ACiWp}{V9rl-1R2FnNlqDTMXR|Rsz|{44
zf%2KQsJHGnR~#x(Fx0p4VSG97mo}R>bE?!YcCS0paW?B_-w&G;;OX$~p~gpFqu*La
zmrakfWga-)|2d&1rsVXu?k)S9gr-^Cn_#~A$u#GF?$+`RMq;TyL(Ya4Jy^2g-`_Wr
z1DH}D1UUW8Oy9Zv>8}1`4^#y6tu5IPmQKyj*dKVRrO5pagZA`GYuz$3ax))Eyl%VE
zpFDqRzEt+1j7Re?8z1k<5SsRG#RMU9r>io*@{_-mW*WtxzqcjKdE>pZ>04O7S52%H
zTKjMRv*fnv3k<DX{$+m&nkHwkW2+)dRoe9jUuRj{ROMxCyU;y%McS3G@&X!VFWy^h
z7Msv;`jSSUOy8lG6Ax`W$fUF6{o`qlkwP;jd}xvsEC0|OuE)+Y>FSoAB38}*T{9NV
z>DigY(a;t0qS4x<@7L}*qQ{OE&iLY`Thf**{J%o~ZmIQ;+=T|gW|I0Ue&#{3dga-h
zZdvb62tPFU<kgSfSJ$MjKaf+D#jEm(@606bGi8?=dZs4GsPFsE{Og@afnr1FBZbWi
z*}t?*m+E`05U2gDSZKM)A;zy)<|Isb{LP-}@l<&>$K2}L=sw%~tkd)>pPcDle=#}r
z)=utizk2@}AKq)(T7G8N-xHfN&Hrb*c`@WfUjO^3D`>TJ)+2*O?Y{GL6x9}YeRp@C
zexh%}58-8Q{Y!UW?s}>8^>yD9wp~5CjPV@``tGfc$F4W&b$*X3pS!|Jf^FN;MST_@
z_eSZTSts}TpN(4aCd)2Afpb%Z^CN|?wEs~w7x{MCVdswZ{;Ew}y9_0EeB<3&wEBn*
z!;yL7@#3$Sv@x_FeIe*?eMkCr(JcvO`=g37@1)}X+;e-o^L+4m*1rb@qyL!4_Dp$s
z&hGWb)29w_|Kqzf@8mWC9oFBM#LCPzTP3V!D*StRTFU=W?TtA-+sipS;(FNvv!;Cj
E0H!f-djJ3c

literal 0
HcmV?d00001