harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(sgx): add aqbanking + sparda PIN slot for FinTS bank sync

Browse source 
Lays the groundwork for Sparda-Bank Südwest transaction sync via
direct FinTS (no third-party data proxy). aqbanking-cli in the system
PATH, persistent state at /var/lib/firefly-aqbanking, sops slot for
the online-banking PIN. Initial enrollment must be done interactively
on the host; systemd timer for automated fetches comes in a follow-up.
This commit is contained in:
Harald Hoyer 2026-04-26 16:36:52 +02:00
parent 4833551a3b
commit 06d26311fd
1 changed files with 19 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

23
systems/x86_64-linux/sgx/firefly.nix
View file

@ -1,7 +1,9 @@
{ config, ... }: { config, pkgs, ... }:
let let
domain = "firefly.hoyer.world"; domain = "firefly.hoyer.world";
importDomain = "firefly-import.hoyer.world"; importDomain = "firefly-import.hoyer.world";
aqHome = "/var/lib/firefly-aqbanking";
inbox = "/var/lib/firefly-iii-data-importer/inbox";
vhostBase = { vhostBase = {
enableACME = false; enableACME = false;
useACMEHost = "internal.hoyer.world"; useACMEHost = "internal.hoyer.world";
@ -9,11 +11,24 @@ let
}; };
in in
{ {
sops.secrets."firefly/app_key" = { sops.secrets = {
sopsFile = ../../../.secrets/sgx/firefly.yaml; "firefly/app_key" = {
owner = "firefly-iii"; sopsFile = ../../../.secrets/sgx/firefly.yaml;
owner = "firefly-iii";
};
"firefly/sparda_pin" = {
sopsFile = ../../../.secrets/sgx/firefly.yaml;
owner = "firefly-iii-data-importer";
};
}; };
environment.systemPackages = [ pkgs.aqbanking ];
systemd.tmpfiles.rules = [
"d ${aqHome} 0700 firefly-iii-data-importer firefly-iii-data-importer -"
"d ${inbox} 0700 firefly-iii-data-importer firefly-iii-data-importer -"
];
services = { services = {
firefly-iii = { firefly-iii = {
enable = true; enable = true;