diff --git a/flake.lock b/flake.lock
index a669b89..05b55b5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -156,11 +156,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
- "lastModified": 1735722864,
- "narHash": "sha256-fMOZzocD+7nl0346oyFmln+C3yq1OUU2n/kCSfp5j60=",
+ "lastModified": 1735809468,
+ "narHash": "sha256-ahutc7YYOSqOPPkzyWLYjPJ//TsPHm3u/u82VDfzPKg=",
"owner": "nix-community",
"repo": "emacs-overlay",
- "rev": "665b9fb1235c5cca2125623bd2078d19c8093d2e",
+ "rev": "d467023596c548b43277215365020906697c00a2",
"type": "github"
},
"original": {
@@ -378,11 +378,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
- "lastModified": 1733312601,
- "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
+ "lastModified": 1735774679,
+ "narHash": "sha256-soePLBazJk0qQdDVhdbM98vYdssfs3WFedcq+raipRI=",
"owner": "hercules-ci",
"repo": "flake-parts",
- "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
+ "rev": "f2f7418ce0ab4a5309a4596161d154cfc877af66",
"type": "github"
},
"original": {
@@ -583,11 +583,11 @@
]
},
"locked": {
- "lastModified": 1735735907,
- "narHash": "sha256-/AOGn9qJMjrZQyWYbObHTKmWDUP0q9+0TAXOJnq6ik0=",
+ "lastModified": 1735774425,
+ "narHash": "sha256-C73gLFnEh8ZI0uDijUgCDWCd21T6I6tsaWgIBHcfAXg=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "59a4c43e9ba6db24698c112720a58a334117de83",
+ "rev": "5f6aa268e419d053c3d5025da740e390b12ac936",
"type": "github"
},
"original": {
@@ -964,14 +964,14 @@
},
"nixpkgs-lib": {
"locked": {
- "lastModified": 1733096140,
- "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
+ "lastModified": 1735774519,
+ "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
"type": "tarball",
- "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+ "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
},
"original": {
"type": "tarball",
- "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
+ "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
}
},
"nixpkgs-lib_2": {
@@ -1010,11 +1010,11 @@
},
"nixpkgs-stable_2": {
"locked": {
- "lastModified": 1735531152,
- "narHash": "sha256-As8I+ebItDKtboWgDXYZSIjGlKeqiLBvjxsQHUmAf1Q=",
+ "lastModified": 1735669367,
+ "narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "3ffbbdbac0566a0977da3d2657b89cbcfe9a173b",
+ "rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9",
"type": "github"
},
"original": {
@@ -1534,11 +1534,11 @@
]
},
"locked": {
- "lastModified": 1735653038,
- "narHash": "sha256-Q6xAmciTXDtZfUxf6c15QqtRR8BvX4edYPstF/uoqMk=",
+ "lastModified": 1735827994,
+ "narHash": "sha256-Y3IBRGmza5YKiHgNwEbVQkETQPir+lrJj4ErbVHktO0=",
"owner": "numtide",
"repo": "treefmt-nix",
- "rev": "56c0ecd79f7ba01a0ec027da015df751d6ca3ae7",
+ "rev": "246639a1ec081bb40941a25e9eb8481a66d71b49",
"type": "github"
},
"original": {
diff --git a/hosts/default.nix b/hosts/default.nix
index aa8d2fb..7488615 100644
--- a/hosts/default.nix
+++ b/hosts/default.nix
@@ -116,7 +116,7 @@
owner = "grafana";
group = "forgejo";
};
-
+ "firefly-app-key".owner = "firefly-iii";
};
};
diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix
index e5d6e87..e69404e 100644
--- a/hosts/sisko/default.nix
+++ b/hosts/sisko/default.nix
@@ -32,6 +32,7 @@
"syncthing"
"atticd"
"jellyfin"
+ "firefly"
]
++ [
./disko.nix
diff --git a/modules/cloudflare-dyndns/default.nix b/modules/cloudflare-dyndns/default.nix
index 9aaab39..77f1e46 100644
--- a/modules/cloudflare-dyndns/default.nix
+++ b/modules/cloudflare-dyndns/default.nix
@@ -15,6 +15,8 @@
"photos.aciceri.dev"
"status.aciceri.dev"
"jelly.aciceri.dev"
+ "firefly.aciceri.dev"
+ "import.firefly.aciceri.dev"
];
apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path;
};
diff --git a/modules/firefly/default.nix b/modules/firefly/default.nix
new file mode 100644
index 0000000..cb4becd
--- /dev/null
+++ b/modules/firefly/default.nix
@@ -0,0 +1,67 @@
+{ pkgs, config, ... }:
+let
+ domain = "firefly.aciceri.dev";
+ domainImporter = "import.firefly.aciceri.dev";
+ dbUser = config.services.firefly-iii.user;
+in
+{
+ services.firefly-iii = {
+ enable = true;
+ package = pkgs.firefly-iii;
+ virtualHost = domain;
+ enableNginx = true;
+ settings = {
+ APP_ENV = "production";
+ APP_KEY_FILE = config.age.secrets.firefly-app-key.path;
+ SITE_OWNER = "andrea.ciceri@autistici.org";
+ DB_CONNECTION = "pgsql";
+ DEFAULT_LANGUAGE = "en_US";
+ TZ = "Europe/Rome";
+ };
+ };
+
+ services.firefly-iii-data-importer = {
+ enable = true;
+ enableNginx = true;
+ virtualHost = domainImporter;
+ settings = {
+ IGNORE_DUPLICATE_ERRORS = "false";
+ APP_ENV = "production";
+ APP_DEBUG = "false";
+ LOG_CHANNEL = "stack";
+ TRUSTED_PROXIES = "**";
+ TZ = "Europe/Rome";
+ FIREFLY_III_URL = "https://${domain}";
+ VANITY_URL = "https://${domain}";
+ };
+ };
+
+ imports = [ ../nginx-base ];
+
+ services.nginx.virtualHosts = {
+ ${domain} = {
+ enableACME = true;
+ forceSSL = true;
+ };
+ ${domainImporter} = {
+ enableACME = true;
+ forceSSL = true;
+ };
+ };
+
+ services.postgresql = {
+ ensureUsers = [
+ {
+ name = dbUser;
+ ensureDBOwnership = true;
+ ensureClauses.login = true;
+ }
+ ];
+ ensureDatabases = [ dbUser ];
+ };
+
+ environment.persistence."/persist".directories = [
+ config.services.firefly-iii.dataDir
+ config.services.firefly-iii-data-importer.dataDir
+ ];
+}
diff --git a/secrets/firefly-app-key.age b/secrets/firefly-app-key.age
new file mode 100644
index 0000000..0560320
--- /dev/null
+++ b/secrets/firefly-app-key.age
@@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-rsa /AagBw
+MmxPeP4hU2l5lrGOzfZk9opd2NoVG8Y2fdSLCZH7bJwHEWexmsSFJN8n6XrmbMwo
+LthbkBhkdANoyeVlCOvz35k5lzTsLcYjizfEYaqliCEIRFvcUxhcyk4HzV1D11jD
+mMEzk1WsqGdd9ejLebqskUkCFRKp4d+W0tODeOo+qoXhDJ/rq/zitXqLQbajK2a1
+11S/UhOElizE65Onv2PgLKMiRkpjdVwAzf2CMnGKJ0E9CSwBLgHeqdDHooxzXPMb
+OGWdg3xTxLALfbeEBgfxmTGafe44cFjq/T80qte9Q2eWzboO8GqvxTgF/Cx4nVgF
+InJhD7cdubO31CfdZGb6pIHgRs2De9MRjQ7oO4F8N1q79Wh/3NSAaeItyHM7AnK6
+Yc0lO2HQF8NhDfeu+dca5G6TF8Zi7ehLe1tv6WNOC3OVo/11X12M3Nqu6oKhRiGz
+VXiJ8EHwGm4MHcBP8j8ulBkHJUR9MERZuVengROYl4TkT/bWKYu+4ISjl8sLJorh
+jHmfjViGtAD1sqrYpCzylm7ufZeZ4sv38EwEpMneG/1SIpIwP47wkzKUjb8RdXrc
+xWqFzLP0Lj4PAwT1lB0awTc2+niko+3P+ABpxnJ3QLNJLOtXJuuVAcsLl5EsEFKc
+VDmwA/tzgfXkNI3eGXukrM/GiwpRYMfkWzz6/ijvLug
+-> ssh-ed25519 +vdRnA m9PlgKXpW2mKUt+S1mgWrbVvv3LDzVUKg0u22QMmXis
+3rdA1dsQ26+vacNk+5j/+uMfG/zE2pE21zMKZy6MxsI
+--- CDzukG+NpxaQvo7SFGfBbS8MV5yCl/tmla59lpSaT5s
+:}��n�4q�}�'��6E�E�c��+�!��i_�Ĵ$��|���ȏ�ef����E���Ռ!(I/D놢��b���tYS ���:Tb����
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index a322a52..fb4a4c4 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -37,62 +37,52 @@ with keys.users;
];
"autistici-password.age".publicKeys = [
ccr-ssh
-
kirk
picard
sisko
];
"hercules-ci-join-token.age".publicKeys = [
ccr-ssh
-
mothership
sisko
picard
];
"hercules-ci-binary-caches.age".publicKeys = [
ccr-ssh
-
mothership
sisko
picard
];
"hercules-ci-secrets-json.age".publicKeys = [
ccr-ssh
-
mothership
sisko
picard
];
"minio-credentials.age".publicKeys = [
ccr-ssh
-
picard
sisko
];
"aws-credentials.age".publicKeys = [
ccr-ssh
-
picard
sisko
];
"nextcloud-admin-pass.age".publicKeys = [
ccr-ssh
-
sisko
];
"home-planimetry.age".publicKeys = [
ccr-ssh
-
sisko
];
"home-assistant-token.age".publicKeys = [
ccr-ssh
-
sisko
];
"chatgpt-token.age".publicKeys = [
ccr-ssh
-
kirk
mothership
picard
@@ -100,86 +90,74 @@ with keys.users;
];
"cloudflare-dyndns-api-token.age".publicKeys = [
ccr-ssh
-
sisko
];
"restic-hetzner-password.age".publicKeys = [
ccr-ssh
-
picard
sisko
kirk
];
"hass-ssh-key.age".publicKeys = [
ccr-ssh
-
sisko
];
"grafana-password.age".publicKeys = [
ccr-ssh
-
sisko
];
"matrix-registration-shared-secret.age".publicKeys = [
ccr-ssh
-
sisko
];
"matrix-sliding-sync-secret.age".publicKeys = [
ccr-ssh
-
sisko
];
"forgejo-runners-token.age".publicKeys = [
ccr-ssh
-
picard
];
"forgejo-nix-access-tokens.age".publicKeys = [
ccr-ssh
-
picard
];
"garmin-collector-environment.age".publicKeys = [
ccr-ssh
-
sisko
];
"hetzner-storage-box-sisko-ssh-password.age".publicKeys = [
ccr-ssh
-
sisko
];
"sisko-restic-password.age".publicKeys = [
ccr-ssh
-
sisko
];
"sisko-attic-environment-file.age".publicKeys = [
ccr-ssh
-
+ sisko
+ ];
+ "firefly-app-key.age".publicKeys = [
+ ccr-ssh
sisko
];
# WireGuard
"picard-wireguard-private-key.age".publicKeys = [
ccr-ssh
-
picard
];
"sisko-wireguard-private-key.age".publicKeys = [
ccr-ssh
-
sisko
];
"kirk-wireguard-private-key.age".publicKeys = [
ccr-ssh
-
kirk
];
"deltaflyer-wireguard-private-key.age".publicKeys = [
ccr-ssh
-
deltaflyer
];
"tpol-wireguard-private-key.age".publicKeys = [