aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: aciceri:9ff8e22074463035518e2577e9dd36795eb8ed5c
Branches Tags
aciceri:master
aciceri:update-flake-lock
aciceri:aaa
aciceri:wip
aciceri:test
..
compare: aciceri:a4719cff3dc68074d0ae98bc047b8e728097a062
Branches Tags
aciceri:update-flake-lock
aciceri:master
aciceri:aaa
aciceri:wip
aciceri:test

3 commits
9ff8e22074 ... a4719cff3d

Author SHA1 Message Date
Seven of Nine
a4719cff3d flake.lock: Update
Some checks failed
EVAL x86_64-linux.picard
Details
BUILD x86_64-linux.picard
Details
UPLOAD x86_64-linux.picard
Details
DOWNLOAD x86_64-linux.picard
Details
CACHIX x86_64-linux.picard
Details
ATTIC x86_64-linux.picard
Details
/ test (push) Successful in 53m30s
Details 
Flake lock file updates:

• Updated input 'catppuccin':
    'github:catppuccin/nix/7413a65b3ed37964c16e2fbe20145b55bcda8281' (2024-12-30)
  → 'github:catppuccin/nix/63290ea1d2a28e65195017ed78a81cfc242ef0df' (2024-12-31)
• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/eab2ed354a88a6870ffca4980abb470bba0e4452' (2024-12-30)
  → 'github:nix-community/emacs-overlay/d467023596c548b43277215365020906697c00a2' (2025-01-02)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/3ffbbdbac0566a0977da3d2657b89cbcfe9a173b' (2024-12-30)
  → 'github:NixOS/nixpkgs/edf04b75c13c2ac0e54df5ec5c543e300f76f1c9' (2024-12-31)
• Updated input 'flakeParts':
    'github:hercules-ci/flake-parts/205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9' (2024-12-04)
  → 'github:hercules-ci/flake-parts/f2f7418ce0ab4a5309a4596161d154cfc877af66' (2025-01-01)
• Updated input 'flakeParts/nixpkgs-lib':
    '5487e69da4.tar.gz?narHash=sha256-1qRH7uAUsyQI7R1Uwl4T%2BXvdNv778H0Nb5njNrqvylY%3D' (2024-12-01)
  → 'e9b5173191.tar.gz?narHash=sha256-CewEm1o2eVAnoqb6Ml%2BQi9Gg/EfNAxbRx1lANGVyoLI%3D' (2025-01-01)
• Updated input 'homeManager':
    'github:nix-community/home-manager/10e99c43cdf4a0713b4e81d90691d22c6a58bdf2' (2024-12-28)
  → 'github:nix-community/home-manager/5f6aa268e419d053c3d5025da740e390b12ac936' (2025-01-01)
• Updated input 'nixDarwin':
    'github:LnL7/nix-darwin/71a3a075e3229a7518d76636bb762aef2bcb73ac' (2024-12-29)
  → 'github:LnL7/nix-darwin/6a1fdb2a1204c0de038847b601cff5012e162b5e' (2024-12-31)
• Updated input 'nixThePlanet/nixpkgs':
    'github:nixos/nixpkgs/88195a94f390381c6afcdaa933c2f6ff93959cb4' (2024-12-29)
  → 'github:nixos/nixpkgs/6df37dc6a77654682fe9f071c62b4242b5342e04' (2023-12-22)
• Updated input 'treefmt-nix':
    'github:numtide/treefmt-nix/9e09d30a644c57257715902efbb3adc56c79cf28' (2024-12-25)
  → 'github:numtide/treefmt-nix/246639a1ec081bb40941a25e9eb8481a66d71b49' (2025-01-02)
 2025-01-02 15:01:37 +00:00
Andrea Ciceri
61fecf3bdb
Add firefly to sisko
Some checks failed
EVAL x86_64-linux.picard
Details
BUILD x86_64-linux.picard
Details
UPLOAD x86_64-linux.picard
Details
DOWNLOAD x86_64-linux.picard
Details
CACHIX x86_64-linux.picard
Details
ATTIC x86_64-linux.picard
Details
/ test (push) Successful in 2m48s
Details
2025-01-01 17:04:05 +01:00
Andrea Ciceri
9590b879ed
Add firefly-app-key agenix secret 2025-01-01 17:02:29 +01:00
7 changed files with 111 additions and 46 deletions
Show stats Expand all files Collapse all files

38
flake.lock generated
View file

@ -156,11 +156,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1735722864,
"narHash": "sha256-fMOZzocD+7nl0346oyFmln+C3yq1OUU2n/kCSfp5j60=",
"lastModified": 1735809468,
"narHash": "sha256-ahutc7YYOSqOPPkzyWLYjPJ//TsPHm3u/u82VDfzPKg=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "665b9fb1235c5cca2125623bd2078d19c8093d2e",
"rev": "d467023596c548b43277215365020906697c00a2",
"type": "github"
},
"original": {
@ -378,11 +378,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"lastModified": 1735774679,
"narHash": "sha256-soePLBazJk0qQdDVhdbM98vYdssfs3WFedcq+raipRI=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"rev": "f2f7418ce0ab4a5309a4596161d154cfc877af66",
"type": "github"
},
"original": {
@ -583,11 +583,11 @@
]
},
"locked": {
"lastModified": 1735735907,
"narHash": "sha256-/AOGn9qJMjrZQyWYbObHTKmWDUP0q9+0TAXOJnq6ik0=",
"lastModified": 1735774425,
"narHash": "sha256-C73gLFnEh8ZI0uDijUgCDWCd21T6I6tsaWgIBHcfAXg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "59a4c43e9ba6db24698c112720a58a334117de83",
"rev": "5f6aa268e419d053c3d5025da740e390b12ac936",
"type": "github"
},
"original": {
@ -964,14 +964,14 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1733096140,
"narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=",
"lastModified": 1735774519,
"narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz"
"url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
}
},
"nixpkgs-lib_2": {
@ -1010,11 +1010,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1735531152,
"narHash": "sha256-As8I+ebItDKtboWgDXYZSIjGlKeqiLBvjxsQHUmAf1Q=",
"lastModified": 1735669367,
"narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3ffbbdbac0566a0977da3d2657b89cbcfe9a173b",
"rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9",
"type": "github"
},
"original": {
@ -1534,11 +1534,11 @@
]
},
"locked": {
"lastModified": 1735653038,
"narHash": "sha256-Q6xAmciTXDtZfUxf6c15QqtRR8BvX4edYPstF/uoqMk=",
"lastModified": 1735827994,
"narHash": "sha256-Y3IBRGmza5YKiHgNwEbVQkETQPir+lrJj4ErbVHktO0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "56c0ecd79f7ba01a0ec027da015df751d6ca3ae7",
"rev": "246639a1ec081bb40941a25e9eb8481a66d71b49",
"type": "github"
},
"original": {

2
hosts/default.nix
View file

@ -116,7 +116,7 @@
owner = "grafana";
group = "forgejo";
};
"firefly-app-key".owner = "firefly-iii";
};
};

1
hosts/sisko/default.nix
View file

@ -32,6 +32,7 @@
"syncthing"
"atticd"
"jellyfin"
"firefly"
]
++ [
./disko.nix

2
modules/cloudflare-dyndns/default.nix
View file

@ -15,6 +15,8 @@
"photos.aciceri.dev"
"status.aciceri.dev"
"jelly.aciceri.dev"
"firefly.aciceri.dev"
"import.firefly.aciceri.dev"
];
apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path;
};

67
modules/firefly/default.nix Normal file
View file

@ -0,0 +1,67 @@
{ pkgs, config, ... }:
let
domain = "firefly.aciceri.dev";
domainImporter = "import.firefly.aciceri.dev";
dbUser = config.services.firefly-iii.user;
in
{
services.firefly-iii = {
enable = true;
package = pkgs.firefly-iii;
virtualHost = domain;
enableNginx = true;
settings = {
APP_ENV = "production";
APP_KEY_FILE = config.age.secrets.firefly-app-key.path;
SITE_OWNER = "andrea.ciceri@autistici.org";
DB_CONNECTION = "pgsql";
DEFAULT_LANGUAGE = "en_US";
TZ = "Europe/Rome";
};
};
services.firefly-iii-data-importer = {
enable = true;
enableNginx = true;
virtualHost = domainImporter;
settings = {
IGNORE_DUPLICATE_ERRORS = "false";
APP_ENV = "production";
APP_DEBUG = "false";
LOG_CHANNEL = "stack";
TRUSTED_PROXIES = "**";
TZ = "Europe/Rome";
FIREFLY_III_URL = "https://${domain}";
VANITY_URL = "https://${domain}";
};
};
imports = [ ../nginx-base ];
services.nginx.virtualHosts = {
${domain} = {
enableACME = true;
forceSSL = true;
};
${domainImporter} = {
enableACME = true;
forceSSL = true;
};
};
services.postgresql = {
ensureUsers = [
{
name = dbUser;
ensureDBOwnership = true;
ensureClauses.login = true;
}
];
ensureDatabases = [ dbUser ];
};
environment.persistence."/persist".directories = [
config.services.firefly-iii.dataDir
config.services.firefly-iii-data-importer.dataDir
];
}

17
secrets/firefly-app-key.age Normal file
View file

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-rsa /AagBw
MmxPeP4hU2l5lrGOzfZk9opd2NoVG8Y2fdSLCZH7bJwHEWexmsSFJN8n6XrmbMwo
LthbkBhkdANoyeVlCOvz35k5lzTsLcYjizfEYaqliCEIRFvcUxhcyk4HzV1D11jD
mMEzk1WsqGdd9ejLebqskUkCFRKp4d+W0tODeOo+qoXhDJ/rq/zitXqLQbajK2a1
11S/UhOElizE65Onv2PgLKMiRkpjdVwAzf2CMnGKJ0E9CSwBLgHeqdDHooxzXPMb
OGWdg3xTxLALfbeEBgfxmTGafe44cFjq/T80qte9Q2eWzboO8GqvxTgF/Cx4nVgF
InJhD7cdubO31CfdZGb6pIHgRs2De9MRjQ7oO4F8N1q79Wh/3NSAaeItyHM7AnK6
Yc0lO2HQF8NhDfeu+dca5G6TF8Zi7ehLe1tv6WNOC3OVo/11X12M3Nqu6oKhRiGz
VXiJ8EHwGm4MHcBP8j8ulBkHJUR9MERZuVengROYl4TkT/bWKYu+4ISjl8sLJorh
jHmfjViGtAD1sqrYpCzylm7ufZeZ4sv38EwEpMneG/1SIpIwP47wkzKUjb8RdXrc
xWqFzLP0Lj4PAwT1lB0awTc2+niko+3P+ABpxnJ3QLNJLOtXJuuVAcsLl5EsEFKc
VDmwA/tzgfXkNI3eGXukrM/GiwpRYMfkWzz6/ijvLug
-> ssh-ed25519 +vdRnA m9PlgKXpW2mKUt+S1mgWrbVvv3LDzVUKg0u22QMmXis
3rdA1dsQ26+vacNk+5j/+uMfG/zE2pE21zMKZy6MxsI
--- CDzukG+NpxaQvo7SFGfBbS8MV5yCl/tmla59lpSaT5s
:}ôàn<C3A0>4q}Ó'”ð6EßEc°+!ñïi_™Ä´$ Í|ùà¥È<C2A5>¥efƒ™´úEâðâÕŒ!(I/D놢Áb»<62>tYS íÔ:Tbø<07>

30
secrets/secrets.nix
View file

@ -37,62 +37,52 @@ with keys.users;
];
"autistici-password.age".publicKeys = [
ccr-ssh
kirk
picard
sisko
];
"hercules-ci-join-token.age".publicKeys = [
ccr-ssh
mothership
sisko
picard
];
"hercules-ci-binary-caches.age".publicKeys = [
ccr-ssh
mothership
sisko
picard
];
"hercules-ci-secrets-json.age".publicKeys = [
ccr-ssh
mothership
sisko
picard
];
"minio-credentials.age".publicKeys = [
ccr-ssh
picard
sisko
];
"aws-credentials.age".publicKeys = [
ccr-ssh
picard
sisko
];
"nextcloud-admin-pass.age".publicKeys = [
ccr-ssh
sisko
];
"home-planimetry.age".publicKeys = [
ccr-ssh
sisko
];
"home-assistant-token.age".publicKeys = [
ccr-ssh
sisko
];
"chatgpt-token.age".publicKeys = [
ccr-ssh
kirk
mothership
picard
@ -100,86 +90,74 @@ with keys.users;
];
"cloudflare-dyndns-api-token.age".publicKeys = [
ccr-ssh
sisko
];
"restic-hetzner-password.age".publicKeys = [
ccr-ssh
picard
sisko
kirk
];
"hass-ssh-key.age".publicKeys = [
ccr-ssh
sisko
];
"grafana-password.age".publicKeys = [
ccr-ssh
sisko
];
"matrix-registration-shared-secret.age".publicKeys = [
ccr-ssh
sisko
];
"matrix-sliding-sync-secret.age".publicKeys = [
ccr-ssh
sisko
];
"forgejo-runners-token.age".publicKeys = [
ccr-ssh
picard
];
"forgejo-nix-access-tokens.age".publicKeys = [
ccr-ssh
picard
];
"garmin-collector-environment.age".publicKeys = [
ccr-ssh
sisko
];
"hetzner-storage-box-sisko-ssh-password.age".publicKeys = [
ccr-ssh
sisko
];
"sisko-restic-password.age".publicKeys = [
ccr-ssh
sisko
];
"sisko-attic-environment-file.age".publicKeys = [
ccr-ssh
sisko
];
"firefly-app-key.age".publicKeys = [
ccr-ssh
sisko
];
# WireGuard
"picard-wireguard-private-key.age".publicKeys = [
ccr-ssh
picard
];
"sisko-wireguard-private-key.age".publicKeys = [
ccr-ssh
sisko
];
"kirk-wireguard-private-key.age".publicKeys = [
ccr-ssh
kirk
];
"deltaflyer-wireguard-private-key.age".publicKeys = [
ccr-ssh
deltaflyer
];
"tpol-wireguard-private-key.age".publicKeys = [