From 61fecf3bdb7452c087cb28b8f4dcd1aceb1cb559 Mon Sep 17 00:00:00 2001
From: Andrea Ciceri <andrea.ciceri@autistici.org>
Date: Wed, 1 Jan 2025 17:03:05 +0100
Subject: [PATCH] Add `firefly` to `sisko`

---
 hosts/default.nix                     |  2 +-
 hosts/sisko/default.nix               |  1 +
 modules/cloudflare-dyndns/default.nix |  2 +
 modules/firefly/default.nix           | 67 +++++++++++++++++++++++++++
 4 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 modules/firefly/default.nix

diff --git a/hosts/default.nix b/hosts/default.nix
index aa8d2fb..7488615 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -116,7 +116,7 @@
             owner = "grafana";
             group = "forgejo";
           };
-
+          "firefly-app-key".owner = "firefly-iii";
         };
       };
 
diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix
index e5d6e87..e69404e 100644
--- a/hosts/sisko/default.nix
+++ b/hosts/sisko/default.nix
@@ -32,6 +32,7 @@
       "syncthing"
       "atticd"
       "jellyfin"
+      "firefly"
     ]
     ++ [
       ./disko.nix
diff --git a/modules/cloudflare-dyndns/default.nix b/modules/cloudflare-dyndns/default.nix
index 9aaab39..77f1e46 100644
--- a/modules/cloudflare-dyndns/default.nix
+++ b/modules/cloudflare-dyndns/default.nix
@@ -15,6 +15,8 @@
       "photos.aciceri.dev"
       "status.aciceri.dev"
       "jelly.aciceri.dev"
+      "firefly.aciceri.dev"
+      "import.firefly.aciceri.dev"
     ];
     apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path;
   };
diff --git a/modules/firefly/default.nix b/modules/firefly/default.nix
new file mode 100644
index 0000000..cb4becd
--- /dev/null
+++ b/modules/firefly/default.nix
@@ -0,0 +1,67 @@
+{ pkgs, config, ... }:
+let
+  domain = "firefly.aciceri.dev";
+  domainImporter = "import.firefly.aciceri.dev";
+  dbUser = config.services.firefly-iii.user;
+in
+{
+  services.firefly-iii = {
+    enable = true;
+    package = pkgs.firefly-iii;
+    virtualHost = domain;
+    enableNginx = true;
+    settings = {
+      APP_ENV = "production";
+      APP_KEY_FILE = config.age.secrets.firefly-app-key.path;
+      SITE_OWNER = "andrea.ciceri@autistici.org";
+      DB_CONNECTION = "pgsql";
+      DEFAULT_LANGUAGE = "en_US";
+      TZ = "Europe/Rome";
+    };
+  };
+
+  services.firefly-iii-data-importer = {
+    enable = true;
+    enableNginx = true;
+    virtualHost = domainImporter;
+    settings = {
+      IGNORE_DUPLICATE_ERRORS = "false";
+      APP_ENV = "production";
+      APP_DEBUG = "false";
+      LOG_CHANNEL = "stack";
+      TRUSTED_PROXIES = "**";
+      TZ = "Europe/Rome";
+      FIREFLY_III_URL = "https://${domain}";
+      VANITY_URL = "https://${domain}";
+    };
+  };
+
+  imports = [ ../nginx-base ];
+
+  services.nginx.virtualHosts = {
+    ${domain} = {
+      enableACME = true;
+      forceSSL = true;
+    };
+    ${domainImporter} = {
+      enableACME = true;
+      forceSSL = true;
+    };
+  };
+
+  services.postgresql = {
+    ensureUsers = [
+      {
+        name = dbUser;
+        ensureDBOwnership = true;
+        ensureClauses.login = true;
+      }
+    ];
+    ensureDatabases = [ dbUser ];
+  };
+
+  environment.persistence."/persist".directories = [
+    config.services.firefly-iii.dataDir
+    config.services.firefly-iii-data-importer.dataDir
+  ];
+}