aciceri/nixfleet
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Compare commits

base: aciceri:a3d1233ad19e47a4a4f23fc6516b21d570bd8b54
Branches Tags
aciceri:master
aciceri:update-flake-lock
aciceri:aaa
aciceri:wip
aciceri:test
...
compare: aciceri:61fecf3bdb7452c087cb28b8f4dcd1aceb1cb559
Branches Tags
aciceri:update-flake-lock
aciceri:master
aciceri:aaa
aciceri:wip
aciceri:test

2 commits
a3d1233ad1 ... 61fecf3bdb

Author SHA1 Message Date
Andrea Ciceri
61fecf3bdb
Add firefly to sisko
Some checks failed
EVAL x86_64-linux.picard
Details
BUILD x86_64-linux.picard
Details
UPLOAD x86_64-linux.picard
Details
DOWNLOAD x86_64-linux.picard
Details
CACHIX x86_64-linux.picard
Details
ATTIC x86_64-linux.picard
Details
/ test (push) Successful in 2m48s
Details
2025-01-01 17:04:05 +01:00
Andrea Ciceri
9590b879ed
Add firefly-app-key agenix secret 2025-01-01 17:02:29 +01:00
6 changed files with 92 additions and 27 deletions
Show stats Expand all files Collapse all files

2
hosts/default.nix
View file

@ -116,7 +116,7 @@
owner = "grafana";
group = "forgejo";
};
"firefly-app-key".owner = "firefly-iii";
};
};

1
hosts/sisko/default.nix
View file

@ -32,6 +32,7 @@
"syncthing"
"atticd"
"jellyfin"
"firefly"
]
++ [
./disko.nix

2
modules/cloudflare-dyndns/default.nix
View file

@ -15,6 +15,8 @@
"photos.aciceri.dev"
"status.aciceri.dev"
"jelly.aciceri.dev"
"firefly.aciceri.dev"
"import.firefly.aciceri.dev"
];
apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path;
};

67
modules/firefly/default.nix Normal file
View file

@ -0,0 +1,67 @@
{ pkgs, config, ... }:
let
domain = "firefly.aciceri.dev";
domainImporter = "import.firefly.aciceri.dev";
dbUser = config.services.firefly-iii.user;
in
{
services.firefly-iii = {
enable = true;
package = pkgs.firefly-iii;
virtualHost = domain;
enableNginx = true;
settings = {
APP_ENV = "production";
APP_KEY_FILE = config.age.secrets.firefly-app-key.path;
SITE_OWNER = "andrea.ciceri@autistici.org";
DB_CONNECTION = "pgsql";
DEFAULT_LANGUAGE = "en_US";
TZ = "Europe/Rome";
};
};
services.firefly-iii-data-importer = {
enable = true;
enableNginx = true;
virtualHost = domainImporter;
settings = {
IGNORE_DUPLICATE_ERRORS = "false";
APP_ENV = "production";
APP_DEBUG = "false";
LOG_CHANNEL = "stack";
TRUSTED_PROXIES = "**";
TZ = "Europe/Rome";
FIREFLY_III_URL = "https://${domain}";
VANITY_URL = "https://${domain}";
};
};
imports = [ ../nginx-base ];
services.nginx.virtualHosts = {
${domain} = {
enableACME = true;
forceSSL = true;
};
${domainImporter} = {
enableACME = true;
forceSSL = true;
};
};
services.postgresql = {
ensureUsers = [
{
name = dbUser;
ensureDBOwnership = true;
ensureClauses.login = true;
}
];
ensureDatabases = [ dbUser ];
};
environment.persistence."/persist".directories = [
config.services.firefly-iii.dataDir
config.services.firefly-iii-data-importer.dataDir
];
}

17
secrets/firefly-app-key.age Normal file
View file

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-rsa /AagBw
MmxPeP4hU2l5lrGOzfZk9opd2NoVG8Y2fdSLCZH7bJwHEWexmsSFJN8n6XrmbMwo
LthbkBhkdANoyeVlCOvz35k5lzTsLcYjizfEYaqliCEIRFvcUxhcyk4HzV1D11jD
mMEzk1WsqGdd9ejLebqskUkCFRKp4d+W0tODeOo+qoXhDJ/rq/zitXqLQbajK2a1
11S/UhOElizE65Onv2PgLKMiRkpjdVwAzf2CMnGKJ0E9CSwBLgHeqdDHooxzXPMb
OGWdg3xTxLALfbeEBgfxmTGafe44cFjq/T80qte9Q2eWzboO8GqvxTgF/Cx4nVgF
InJhD7cdubO31CfdZGb6pIHgRs2De9MRjQ7oO4F8N1q79Wh/3NSAaeItyHM7AnK6
Yc0lO2HQF8NhDfeu+dca5G6TF8Zi7ehLe1tv6WNOC3OVo/11X12M3Nqu6oKhRiGz
VXiJ8EHwGm4MHcBP8j8ulBkHJUR9MERZuVengROYl4TkT/bWKYu+4ISjl8sLJorh
jHmfjViGtAD1sqrYpCzylm7ufZeZ4sv38EwEpMneG/1SIpIwP47wkzKUjb8RdXrc
xWqFzLP0Lj4PAwT1lB0awTc2+niko+3P+ABpxnJ3QLNJLOtXJuuVAcsLl5EsEFKc
VDmwA/tzgfXkNI3eGXukrM/GiwpRYMfkWzz6/ijvLug
-> ssh-ed25519 +vdRnA m9PlgKXpW2mKUt+S1mgWrbVvv3LDzVUKg0u22QMmXis
3rdA1dsQ26+vacNk+5j/+uMfG/zE2pE21zMKZy6MxsI
--- CDzukG+NpxaQvo7SFGfBbS8MV5yCl/tmla59lpSaT5s
:}ôàn<C3A0>4q}Ó'”ð6EßEc°+!ñïi_™Ä´$ Í|ùà¥È<C2A5>¥efƒ™´úEâðâÕŒ!(I/D놢Áb»<62>tYS íÔ:Tbø<07>

30
secrets/secrets.nix
View file

@ -37,62 +37,52 @@ with keys.users;
];
"autistici-password.age".publicKeys = [
ccr-ssh
kirk
picard
sisko
];
"hercules-ci-join-token.age".publicKeys = [
ccr-ssh
mothership
sisko
picard
];
"hercules-ci-binary-caches.age".publicKeys = [
ccr-ssh
mothership
sisko
picard
];
"hercules-ci-secrets-json.age".publicKeys = [
ccr-ssh
mothership
sisko
picard
];
"minio-credentials.age".publicKeys = [
ccr-ssh
picard
sisko
];
"aws-credentials.age".publicKeys = [
ccr-ssh
picard
sisko
];
"nextcloud-admin-pass.age".publicKeys = [
ccr-ssh
sisko
];
"home-planimetry.age".publicKeys = [
ccr-ssh
sisko
];
"home-assistant-token.age".publicKeys = [
ccr-ssh
sisko
];
"chatgpt-token.age".publicKeys = [
ccr-ssh
kirk
mothership
picard
@ -100,86 +90,74 @@ with keys.users;
];
"cloudflare-dyndns-api-token.age".publicKeys = [
ccr-ssh
sisko
];
"restic-hetzner-password.age".publicKeys = [
ccr-ssh
picard
sisko
kirk
];
"hass-ssh-key.age".publicKeys = [
ccr-ssh
sisko
];
"grafana-password.age".publicKeys = [
ccr-ssh
sisko
];
"matrix-registration-shared-secret.age".publicKeys = [
ccr-ssh
sisko
];
"matrix-sliding-sync-secret.age".publicKeys = [
ccr-ssh
sisko
];
"forgejo-runners-token.age".publicKeys = [
ccr-ssh
picard
];
"forgejo-nix-access-tokens.age".publicKeys = [
ccr-ssh
picard
];
"garmin-collector-environment.age".publicKeys = [
ccr-ssh
sisko
];
"hetzner-storage-box-sisko-ssh-password.age".publicKeys = [
ccr-ssh
sisko
];
"sisko-restic-password.age".publicKeys = [
ccr-ssh
sisko
];
"sisko-attic-environment-file.age".publicKeys = [
ccr-ssh
sisko
];
"firefly-app-key.age".publicKeys = [
ccr-ssh
sisko
];
# WireGuard
"picard-wireguard-private-key.age".publicKeys = [
ccr-ssh
picard
];
"sisko-wireguard-private-key.age".publicKeys = [
ccr-ssh
sisko
];
"kirk-wireguard-private-key.age".publicKeys = [
ccr-ssh
kirk
];
"deltaflyer-wireguard-private-key.age".publicKeys = [
ccr-ssh
deltaflyer
];
"tpol-wireguard-private-key.age".publicKeys = [