diff --git a/flake.lock b/flake.lock index 05b55b5..a669b89 100644 --- a/flake.lock +++ b/flake.lock @@ -156,11 +156,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1735809468, - "narHash": "sha256-ahutc7YYOSqOPPkzyWLYjPJ//TsPHm3u/u82VDfzPKg=", + "lastModified": 1735722864, + "narHash": "sha256-fMOZzocD+7nl0346oyFmln+C3yq1OUU2n/kCSfp5j60=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "d467023596c548b43277215365020906697c00a2", + "rev": "665b9fb1235c5cca2125623bd2078d19c8093d2e", "type": "github" }, "original": { @@ -378,11 +378,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1735774679, - "narHash": "sha256-soePLBazJk0qQdDVhdbM98vYdssfs3WFedcq+raipRI=", + "lastModified": 1733312601, + "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f2f7418ce0ab4a5309a4596161d154cfc877af66", + "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9", "type": "github" }, "original": { @@ -583,11 +583,11 @@ ] }, "locked": { - "lastModified": 1735774425, - "narHash": "sha256-C73gLFnEh8ZI0uDijUgCDWCd21T6I6tsaWgIBHcfAXg=", + "lastModified": 1735735907, + "narHash": "sha256-/AOGn9qJMjrZQyWYbObHTKmWDUP0q9+0TAXOJnq6ik0=", "owner": "nix-community", "repo": "home-manager", - "rev": "5f6aa268e419d053c3d5025da740e390b12ac936", + "rev": "59a4c43e9ba6db24698c112720a58a334117de83", "type": "github" }, "original": { @@ -964,14 +964,14 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1735774519, - "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", + "lastModified": 1733096140, + "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" }, "original": { "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + "url": "https://github.com/NixOS/nixpkgs/archive/5487e69da40cbd611ab2cadee0b4637225f7cfae.tar.gz" } }, "nixpkgs-lib_2": { @@ -1010,11 +1010,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1735669367, - "narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=", + "lastModified": 1735531152, + "narHash": "sha256-As8I+ebItDKtboWgDXYZSIjGlKeqiLBvjxsQHUmAf1Q=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", + "rev": "3ffbbdbac0566a0977da3d2657b89cbcfe9a173b", "type": "github" }, "original": { @@ -1534,11 +1534,11 @@ ] }, "locked": { - "lastModified": 1735827994, - "narHash": "sha256-Y3IBRGmza5YKiHgNwEbVQkETQPir+lrJj4ErbVHktO0=", + "lastModified": 1735653038, + "narHash": "sha256-Q6xAmciTXDtZfUxf6c15QqtRR8BvX4edYPstF/uoqMk=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "246639a1ec081bb40941a25e9eb8481a66d71b49", + "rev": "56c0ecd79f7ba01a0ec027da015df751d6ca3ae7", "type": "github" }, "original": { diff --git a/hosts/default.nix b/hosts/default.nix index 7488615..aa8d2fb 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -116,7 +116,7 @@ owner = "grafana"; group = "forgejo"; }; - "firefly-app-key".owner = "firefly-iii"; + }; }; diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index e69404e..e5d6e87 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -32,7 +32,6 @@ "syncthing" "atticd" "jellyfin" - "firefly" ] ++ [ ./disko.nix diff --git a/modules/cloudflare-dyndns/default.nix b/modules/cloudflare-dyndns/default.nix index 77f1e46..9aaab39 100644 --- a/modules/cloudflare-dyndns/default.nix +++ b/modules/cloudflare-dyndns/default.nix @@ -15,8 +15,6 @@ "photos.aciceri.dev" "status.aciceri.dev" "jelly.aciceri.dev" - "firefly.aciceri.dev" - "import.firefly.aciceri.dev" ]; apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path; }; diff --git a/modules/firefly/default.nix b/modules/firefly/default.nix deleted file mode 100644 index cb4becd..0000000 --- a/modules/firefly/default.nix +++ /dev/null @@ -1,67 +0,0 @@ -{ pkgs, config, ... }: -let - domain = "firefly.aciceri.dev"; - domainImporter = "import.firefly.aciceri.dev"; - dbUser = config.services.firefly-iii.user; -in -{ - services.firefly-iii = { - enable = true; - package = pkgs.firefly-iii; - virtualHost = domain; - enableNginx = true; - settings = { - APP_ENV = "production"; - APP_KEY_FILE = config.age.secrets.firefly-app-key.path; - SITE_OWNER = "andrea.ciceri@autistici.org"; - DB_CONNECTION = "pgsql"; - DEFAULT_LANGUAGE = "en_US"; - TZ = "Europe/Rome"; - }; - }; - - services.firefly-iii-data-importer = { - enable = true; - enableNginx = true; - virtualHost = domainImporter; - settings = { - IGNORE_DUPLICATE_ERRORS = "false"; - APP_ENV = "production"; - APP_DEBUG = "false"; - LOG_CHANNEL = "stack"; - TRUSTED_PROXIES = "**"; - TZ = "Europe/Rome"; - FIREFLY_III_URL = "https://${domain}"; - VANITY_URL = "https://${domain}"; - }; - }; - - imports = [ ../nginx-base ]; - - services.nginx.virtualHosts = { - ${domain} = { - enableACME = true; - forceSSL = true; - }; - ${domainImporter} = { - enableACME = true; - forceSSL = true; - }; - }; - - services.postgresql = { - ensureUsers = [ - { - name = dbUser; - ensureDBOwnership = true; - ensureClauses.login = true; - } - ]; - ensureDatabases = [ dbUser ]; - }; - - environment.persistence."/persist".directories = [ - config.services.firefly-iii.dataDir - config.services.firefly-iii-data-importer.dataDir - ]; -} diff --git a/secrets/firefly-app-key.age b/secrets/firefly-app-key.age deleted file mode 100644 index 0560320..0000000 --- a/secrets/firefly-app-key.age +++ /dev/null @@ -1,17 +0,0 @@ -age-encryption.org/v1 --> ssh-rsa /AagBw -MmxPeP4hU2l5lrGOzfZk9opd2NoVG8Y2fdSLCZH7bJwHEWexmsSFJN8n6XrmbMwo -LthbkBhkdANoyeVlCOvz35k5lzTsLcYjizfEYaqliCEIRFvcUxhcyk4HzV1D11jD -mMEzk1WsqGdd9ejLebqskUkCFRKp4d+W0tODeOo+qoXhDJ/rq/zitXqLQbajK2a1 -11S/UhOElizE65Onv2PgLKMiRkpjdVwAzf2CMnGKJ0E9CSwBLgHeqdDHooxzXPMb -OGWdg3xTxLALfbeEBgfxmTGafe44cFjq/T80qte9Q2eWzboO8GqvxTgF/Cx4nVgF -InJhD7cdubO31CfdZGb6pIHgRs2De9MRjQ7oO4F8N1q79Wh/3NSAaeItyHM7AnK6 -Yc0lO2HQF8NhDfeu+dca5G6TF8Zi7ehLe1tv6WNOC3OVo/11X12M3Nqu6oKhRiGz -VXiJ8EHwGm4MHcBP8j8ulBkHJUR9MERZuVengROYl4TkT/bWKYu+4ISjl8sLJorh -jHmfjViGtAD1sqrYpCzylm7ufZeZ4sv38EwEpMneG/1SIpIwP47wkzKUjb8RdXrc -xWqFzLP0Lj4PAwT1lB0awTc2+niko+3P+ABpxnJ3QLNJLOtXJuuVAcsLl5EsEFKc -VDmwA/tzgfXkNI3eGXukrM/GiwpRYMfkWzz6/ijvLug --> ssh-ed25519 +vdRnA m9PlgKXpW2mKUt+S1mgWrbVvv3LDzVUKg0u22QMmXis -3rdA1dsQ26+vacNk+5j/+uMfG/zE2pE21zMKZy6MxsI ---- CDzukG+NpxaQvo7SFGfBbS8MV5yCl/tmla59lpSaT5s -:}n4q}'6EEc+!i_Ĵ$ |ȏefEՌ!(I/D놢btYS :Tb \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index fb4a4c4..a322a52 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -37,52 +37,62 @@ with keys.users; ]; "autistici-password.age".publicKeys = [ ccr-ssh + kirk picard sisko ]; "hercules-ci-join-token.age".publicKeys = [ ccr-ssh + mothership sisko picard ]; "hercules-ci-binary-caches.age".publicKeys = [ ccr-ssh + mothership sisko picard ]; "hercules-ci-secrets-json.age".publicKeys = [ ccr-ssh + mothership sisko picard ]; "minio-credentials.age".publicKeys = [ ccr-ssh + picard sisko ]; "aws-credentials.age".publicKeys = [ ccr-ssh + picard sisko ]; "nextcloud-admin-pass.age".publicKeys = [ ccr-ssh + sisko ]; "home-planimetry.age".publicKeys = [ ccr-ssh + sisko ]; "home-assistant-token.age".publicKeys = [ ccr-ssh + sisko ]; "chatgpt-token.age".publicKeys = [ ccr-ssh + kirk mothership picard @@ -90,74 +100,86 @@ with keys.users; ]; "cloudflare-dyndns-api-token.age".publicKeys = [ ccr-ssh + sisko ]; "restic-hetzner-password.age".publicKeys = [ ccr-ssh + picard sisko kirk ]; "hass-ssh-key.age".publicKeys = [ ccr-ssh + sisko ]; "grafana-password.age".publicKeys = [ ccr-ssh + sisko ]; "matrix-registration-shared-secret.age".publicKeys = [ ccr-ssh + sisko ]; "matrix-sliding-sync-secret.age".publicKeys = [ ccr-ssh + sisko ]; "forgejo-runners-token.age".publicKeys = [ ccr-ssh + picard ]; "forgejo-nix-access-tokens.age".publicKeys = [ ccr-ssh + picard ]; "garmin-collector-environment.age".publicKeys = [ ccr-ssh + sisko ]; "hetzner-storage-box-sisko-ssh-password.age".publicKeys = [ ccr-ssh + sisko ]; "sisko-restic-password.age".publicKeys = [ ccr-ssh + sisko ]; "sisko-attic-environment-file.age".publicKeys = [ ccr-ssh - sisko - ]; - "firefly-app-key.age".publicKeys = [ - ccr-ssh + sisko ]; # WireGuard "picard-wireguard-private-key.age".publicKeys = [ ccr-ssh + picard ]; "sisko-wireguard-private-key.age".publicKeys = [ ccr-ssh + sisko ]; "kirk-wireguard-private-key.age".publicKeys = [ ccr-ssh + kirk ]; "deltaflyer-wireguard-private-key.age".publicKeys = [ ccr-ssh + deltaflyer ]; "tpol-wireguard-private-key.age".publicKeys = [