From f793bee495f6bc11b95f2235f35ad8e152317f50 Mon Sep 17 00:00:00 2001 From: wi11-holdsworth <83637728+wi11-holdsworth@users.noreply.github.com> Date: Wed, 7 Jan 2026 12:21:35 +1100 Subject: [PATCH] feat(firefly): install --- modules/nixos/bundles/server.nix | 1 + modules/nixos/features/firefly.nix | 65 ++++++++++++++++++++++++++++++ secrets/firefly-db.age | 9 +++++ secrets/firefly.age | 10 +++++ secrets/secrets.nix | 2 + 5 files changed, 87 insertions(+) create mode 100644 modules/nixos/features/firefly.nix create mode 100644 secrets/firefly-db.age create mode 100644 secrets/firefly.age diff --git a/modules/nixos/bundles/server.nix b/modules/nixos/bundles/server.nix index 3789693..669f78e 100644 --- a/modules/nixos/bundles/server.nix +++ b/modules/nixos/bundles/server.nix @@ -8,6 +8,7 @@ "bazarr" "copyparty" "couchdb" + "firefly" "homepage-dashboard" "immich" "jellyfin" diff --git a/modules/nixos/features/firefly.nix b/modules/nixos/features/firefly.nix new file mode 100644 index 0000000..e456886 --- /dev/null +++ b/modules/nixos/features/firefly.nix @@ -0,0 +1,65 @@ +{ + config, + ... +}: +{ + services = { + firefly-iii = { + enable = true; + dataDir = "/srv/firefly"; + group = "nginx"; + settings = { + # keep-sorted start + ALLOW_WEBHOOKS = "true"; + APP_KEY_FILE = config.age.secrets.firefly.path; + APP_URL = "https://firefly.fi33.buzz"; + DEFAULT_LANGUAGE = "en_GB"; + REPORT_ERRORS_ONLINE = "false"; + TRUSTED_PROXIES = "**"; + TZ = "Australia/Melbourne"; + # keep-sorted end + }; + }; + + borgmatic.settings.sqlite_databases = [ + { + name = "firefly"; + path = "/srv/firefly/storage/database/database.sqlite"; + } + ]; + + nginx.virtualHosts."firefly.fi33.buzz" = { + forceSSL = true; + useACMEHost = "fi33.buzz"; + root = "${config.services.firefly-iii.package}/public"; + locations = { + "/" = { + tryFiles = "$uri $uri/ /index.php?$query_string"; + index = "index.php"; + extraConfig = '' + sendfile off; + ''; + }; + "~ \\.php$" = { + extraConfig = '' + include ${config.services.nginx.package}/conf/fastcgi_params ; + fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice + fastcgi_pass unix:${config.services.phpfpm.pools.firefly-iii.socket}; + ''; + }; + }; + }; + }; + + age.secrets = { + firefly = { + file = ../../../secrets/firefly.age; + owner = "firefly-iii"; + }; + firefly-db = { + file = ../../../secrets/firefly-db.age; + owner = "firefly-iii"; + }; + }; +} diff --git a/secrets/firefly-db.age b/secrets/firefly-db.age new file mode 100644 index 0000000..d4cbe78 --- /dev/null +++ b/secrets/firefly-db.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ zL4NAxPigHwUnYz0KUoDXlzXJ3PtnxIYl81oLP3e40M +yricJ+r8OTXwGd0Bt4+CsW7/M8lOSha04i0Fb0QCHGo +-> ssh-ed25519 7+xRyQ 2UhHfwz3DvXT/bEDp8QrluyPa/po5CCB5rUKxBqfn2c +2pWexi7bU3UlOo9SKfw/9k/DJ535tsgPvZXAbLruL00 +-> ssh-ed25519 LtK9yQ 8XOO4u1di+FedjGcaj/Fhna8Y+LRRPa9L4ShAx5dASA +F51SLqQEZ1LQAP2SgXphszVBhKaB+/OAVWEHr/thtFo +--- ovyL3oCODPSbd8Fe7KdS3sKCc+bjcj2y+6aS1qVqQsg + %>IOդ77ZFhu<4)cҚUZ*UCk|xCox P \ No newline at end of file diff --git a/secrets/firefly.age b/secrets/firefly.age new file mode 100644 index 0000000..430908f --- /dev/null +++ b/secrets/firefly.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 qLT+DQ DhWZZ8fB3bwSaI88j9M5Ix/jCwoJWPUVmR56OwxJFUs +/pxA0PTShUGloixcyUoAW5cOKWAjD9M0byLAQUgnPvA +-> ssh-ed25519 7+xRyQ LrUQ5trcyyhcjK8IhGKVOAz6g7HjBI8t0m/snDiVMkE +hi0My/e0Enno50niPMKcy278Wr5z1sq3X1yJn7H8uBo +-> ssh-ed25519 LtK9yQ ke0bLtqFny2oUkCvtawPcHzPlyi2Lvi6WpZP2lDyelE +VFjTwnbTcayuruXVmVnfK97KcwB+luOoLU2x6Ug3HVM +--- NxMB9mtZ480lLRRmk0ne5BaL/tfF81Yr3wGBUvECGQY +HH9?܂獠 |ؽ15i/FlG$EwG +;;߽ݤ$}/[g] \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 70d624e..de24194 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -19,6 +19,8 @@ in "borgmatic-pg.age".publicKeys = users; "borgmatic.age".publicKeys = users; "copyparty-will.age".publicKeys = users; + "firefly-db.age".publicKeys = users; + "firefly.age".publicKeys = users; "immich.age".publicKeys = users; "jellyfin.age".publicKeys = users; "karakeep.age".publicKeys = users; -- 2.53.0