feat(firefly): install

modules/nixos/features/firefly.nix

@@ -0,0 +1,65 @@
+{
+  config,
+  ...
+}:
+{
+  services = {
+    firefly-iii = {
+      enable = true;
+      dataDir = "/srv/firefly";
+      group = "nginx";
+      settings = {
+        # keep-sorted start
+        ALLOW_WEBHOOKS = "true";
+        APP_KEY_FILE = config.age.secrets.firefly.path;
+        APP_URL = "https://firefly.fi33.buzz";
+        DEFAULT_LANGUAGE = "en_GB";
+        REPORT_ERRORS_ONLINE = "false";
+        TRUSTED_PROXIES = "**";
+        TZ = "Australia/Melbourne";
+        # keep-sorted end
+      };
+    };
+
+    borgmatic.settings.sqlite_databases = [
+      {
+        name = "firefly";
+        path = "/srv/firefly/storage/database/database.sqlite";
+      }
+    ];
+
+    nginx.virtualHosts."firefly.fi33.buzz" = {
+      forceSSL = true;
+      useACMEHost = "fi33.buzz";
+      root = "${config.services.firefly-iii.package}/public";
+      locations = {
+        "/" = {
+          tryFiles = "$uri $uri/ /index.php?$query_string";
+          index = "index.php";
+          extraConfig = ''
+            sendfile off;
+          '';
+        };
+        "~ \\.php$" = {
+          extraConfig = ''
+            include ${config.services.nginx.package}/conf/fastcgi_params ;
+            fastcgi_param SCRIPT_FILENAME $request_filename;
+            fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
+            fastcgi_pass unix:${config.services.phpfpm.pools.firefly-iii.socket};
+          '';
+        };
+      };
+    };
+  };
+
+  age.secrets = {
+    firefly = {
+      file = ../../../secrets/firefly.age;
+      owner = "firefly-iii";
+    };
+    firefly-db = {
+      file = ../../../secrets/firefly-db.age;
+      owner = "firefly-iii";
+    };
+  };
+}