diff --git a/hosts/default.nix b/hosts/default.nix index 7488615..aa8d2fb 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -116,7 +116,7 @@ owner = "grafana"; group = "forgejo"; }; - "firefly-app-key".owner = "firefly-iii"; + }; }; diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index e69404e..e5d6e87 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -32,7 +32,6 @@ "syncthing" "atticd" "jellyfin" - "firefly" ] ++ [ ./disko.nix diff --git a/modules/cloudflare-dyndns/default.nix b/modules/cloudflare-dyndns/default.nix index 77f1e46..9aaab39 100644 --- a/modules/cloudflare-dyndns/default.nix +++ b/modules/cloudflare-dyndns/default.nix @@ -15,8 +15,6 @@ "photos.aciceri.dev" "status.aciceri.dev" "jelly.aciceri.dev" - "firefly.aciceri.dev" - "import.firefly.aciceri.dev" ]; apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path; }; diff --git a/modules/firefly/default.nix b/modules/firefly/default.nix deleted file mode 100644 index cb4becd..0000000 --- a/modules/firefly/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ pkgs, config, ... }: -let - domain = "firefly.aciceri.dev"; - domainImporter = "import.firefly.aciceri.dev"; - dbUser = config.services.firefly-iii.user; -in -{ - services.firefly-iii = { - enable = true; - package = pkgs.firefly-iii; - virtualHost = domain; - enableNginx = true; - settings = { - APP_ENV = "production"; - APP_KEY_FILE = config.age.secrets.firefly-app-key.path; - SITE_OWNER = "andrea.ciceri@autistici.org"; - DB_CONNECTION = "pgsql"; - DEFAULT_LANGUAGE = "en_US"; - TZ = "Europe/Rome"; - }; - }; - - services.firefly-iii-data-importer = { - enable = true; - enableNginx = true; - virtualHost = domainImporter; - settings = { - IGNORE_DUPLICATE_ERRORS = "false"; - APP_ENV = "production"; - APP_DEBUG = "false"; - LOG_CHANNEL = "stack"; - TRUSTED_PROXIES = "**"; - TZ = "Europe/Rome"; - FIREFLY_III_URL = "https://${domain}"; - VANITY_URL = "https://${domain}"; - }; - }; - - imports = [ ../nginx-base ]; - - services.nginx.virtualHosts = { - ${domain} = { - enableACME = true; - forceSSL = true; - }; - ${domainImporter} = { - enableACME = true; - forceSSL = true; - }; - }; - - services.postgresql = { - ensureUsers = [ - { - name = dbUser; - ensureDBOwnership = true; - ensureClauses.login = true; - } - ]; - ensureDatabases = [ dbUser ]; - }; - - environment.persistence."/persist".directories = [ - config.services.firefly-iii.dataDir - config.services.firefly-iii-data-importer.dataDir - ]; -} diff --git a/secrets/firefly-app-key.age b/secrets/firefly-app-key.age deleted file mode 100644 index 0560320..0000000 --- a/secrets/firefly-app-key.age +++ /dev/null @@ -1,17 +0,0 @@ -age-encryption.org/v1 --> ssh-rsa /AagBw -MmxPeP4hU2l5lrGOzfZk9opd2NoVG8Y2fdSLCZH7bJwHEWexmsSFJN8n6XrmbMwo -LthbkBhkdANoyeVlCOvz35k5lzTsLcYjizfEYaqliCEIRFvcUxhcyk4HzV1D11jD -mMEzk1WsqGdd9ejLebqskUkCFRKp4d+W0tODeOo+qoXhDJ/rq/zitXqLQbajK2a1 -11S/UhOElizE65Onv2PgLKMiRkpjdVwAzf2CMnGKJ0E9CSwBLgHeqdDHooxzXPMb -OGWdg3xTxLALfbeEBgfxmTGafe44cFjq/T80qte9Q2eWzboO8GqvxTgF/Cx4nVgF -InJhD7cdubO31CfdZGb6pIHgRs2De9MRjQ7oO4F8N1q79Wh/3NSAaeItyHM7AnK6 -Yc0lO2HQF8NhDfeu+dca5G6TF8Zi7ehLe1tv6WNOC3OVo/11X12M3Nqu6oKhRiGz -VXiJ8EHwGm4MHcBP8j8ulBkHJUR9MERZuVengROYl4TkT/bWKYu+4ISjl8sLJorh -jHmfjViGtAD1sqrYpCzylm7ufZeZ4sv38EwEpMneG/1SIpIwP47wkzKUjb8RdXrc -xWqFzLP0Lj4PAwT1lB0awTc2+niko+3P+ABpxnJ3QLNJLOtXJuuVAcsLl5EsEFKc -VDmwA/tzgfXkNI3eGXukrM/GiwpRYMfkWzz6/ijvLug --> ssh-ed25519 +vdRnA m9PlgKXpW2mKUt+S1mgWrbVvv3LDzVUKg0u22QMmXis -3rdA1dsQ26+vacNk+5j/+uMfG/zE2pE21zMKZy6MxsI ---- CDzukG+NpxaQvo7SFGfBbS8MV5yCl/tmla59lpSaT5s -:}n4q}'6EEc+!i_Ĵ$ |ȏefEՌ!(I/D놢btYS :Tb \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index fb4a4c4..a322a52 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -37,52 +37,62 @@ with keys.users; ]; "autistici-password.age".publicKeys = [ ccr-ssh + kirk picard sisko ]; "hercules-ci-join-token.age".publicKeys = [ ccr-ssh + mothership sisko picard ]; "hercules-ci-binary-caches.age".publicKeys = [ ccr-ssh + mothership sisko picard ]; "hercules-ci-secrets-json.age".publicKeys = [ ccr-ssh + mothership sisko picard ]; "minio-credentials.age".publicKeys = [ ccr-ssh + picard sisko ]; "aws-credentials.age".publicKeys = [ ccr-ssh + picard sisko ]; "nextcloud-admin-pass.age".publicKeys = [ ccr-ssh + sisko ]; "home-planimetry.age".publicKeys = [ ccr-ssh + sisko ]; "home-assistant-token.age".publicKeys = [ ccr-ssh + sisko ]; "chatgpt-token.age".publicKeys = [ ccr-ssh + kirk mothership picard @@ -90,74 +100,86 @@ with keys.users; ]; "cloudflare-dyndns-api-token.age".publicKeys = [ ccr-ssh + sisko ]; "restic-hetzner-password.age".publicKeys = [ ccr-ssh + picard sisko kirk ]; "hass-ssh-key.age".publicKeys = [ ccr-ssh + sisko ]; "grafana-password.age".publicKeys = [ ccr-ssh + sisko ]; "matrix-registration-shared-secret.age".publicKeys = [ ccr-ssh + sisko ]; "matrix-sliding-sync-secret.age".publicKeys = [ ccr-ssh + sisko ]; "forgejo-runners-token.age".publicKeys = [ ccr-ssh + picard ]; "forgejo-nix-access-tokens.age".publicKeys = [ ccr-ssh + picard ]; "garmin-collector-environment.age".publicKeys = [ ccr-ssh + sisko ]; "hetzner-storage-box-sisko-ssh-password.age".publicKeys = [ ccr-ssh + sisko ]; "sisko-restic-password.age".publicKeys = [ ccr-ssh + sisko ]; "sisko-attic-environment-file.age".publicKeys = [ ccr-ssh - sisko - ]; - "firefly-app-key.age".publicKeys = [ - ccr-ssh + sisko ]; # WireGuard "picard-wireguard-private-key.age".publicKeys = [ ccr-ssh + picard ]; "sisko-wireguard-private-key.age".publicKeys = [ ccr-ssh + sisko ]; "kirk-wireguard-private-key.age".publicKeys = [ ccr-ssh + kirk ]; "deltaflyer-wireguard-private-key.age".publicKeys = [ ccr-ssh + deltaflyer ]; "tpol-wireguard-private-key.age".publicKeys = [