From 06d26311fda5af1f517d6d5722c0f8c9f6c08a81 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Sun, 26 Apr 2026 16:36:52 +0200 Subject: [PATCH] feat(sgx): add aqbanking + sparda PIN slot for FinTS bank sync MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Lays the groundwork for Sparda-Bank Südwest transaction sync via direct FinTS (no third-party data proxy). aqbanking-cli in the system PATH, persistent state at /var/lib/firefly-aqbanking, sops slot for the online-banking PIN. Initial enrollment must be done interactively on the host; systemd timer for automated fetches comes in a follow-up. --- systems/x86_64-linux/sgx/firefly.nix | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) diff --git a/systems/x86_64-linux/sgx/firefly.nix b/systems/x86_64-linux/sgx/firefly.nix index 4331f11..8a077b7 100644 --- a/systems/x86_64-linux/sgx/firefly.nix +++ b/systems/x86_64-linux/sgx/firefly.nix @@ -1,7 +1,9 @@ -{ config, ... }: +{ config, pkgs, ... }: let domain = "firefly.hoyer.world"; importDomain = "firefly-import.hoyer.world"; + aqHome = "/var/lib/firefly-aqbanking"; + inbox = "/var/lib/firefly-iii-data-importer/inbox"; vhostBase = { enableACME = false; useACMEHost = "internal.hoyer.world"; @@ -9,11 +11,24 @@ let }; in { - sops.secrets."firefly/app_key" = { - sopsFile = ../../../.secrets/sgx/firefly.yaml; - owner = "firefly-iii"; + sops.secrets = { + "firefly/app_key" = { + sopsFile = ../../../.secrets/sgx/firefly.yaml; + owner = "firefly-iii"; + }; + "firefly/sparda_pin" = { + sopsFile = ../../../.secrets/sgx/firefly.yaml; + owner = "firefly-iii-data-importer"; + }; }; + environment.systemPackages = [ pkgs.aqbanking ]; + + systemd.tmpfiles.rules = [ + "d ${aqHome} 0700 firefly-iii-data-importer firefly-iii-data-importer -" + "d ${inbox} 0700 firefly-iii-data-importer firefly-iii-data-importer -" + ]; + services = { firefly-iii = { enable = true;