From 491a7b38e4500108f77b03f4988ca5bcbf1ebd41 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Fri, 1 May 2026 21:44:12 +0200 Subject: [PATCH] sgx/firefly: switch Firefly III backend from sqlite to postgres MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit SQLite was slow under btrfs CoW, and the no-CoW migration path turned out to be fragile (WAL deletion without checkpoint = data loss). Move to PostgreSQL on Unix-socket peer auth — no password needed for the local-host setup, NixOS provisions the database+user declaratively. Drop the now-unused +C tmpfiles rule on the sqlite directory; the leftover database.sqlite* files at /var/lib/firefly-iii/storage/database/ are harmless and can be removed manually after switch is verified. Migration of existing Firefly III data is not preserved by this commit — fresh-start path: re-register admin, re-issue PAT, re-POST the bulk CSV through the importer. Co-Authored-By: Claude Opus 4.7 (1M context) --- systems/x86_64-linux/sgx/firefly.nix | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/systems/x86_64-linux/sgx/firefly.nix b/systems/x86_64-linux/sgx/firefly.nix index 7b03607..cef398a 100644 --- a/systems/x86_64-linux/sgx/firefly.nix +++ b/systems/x86_64-linux/sgx/firefly.nix @@ -53,12 +53,6 @@ in "d ${inbox} 0700 firefly-iii-data-importer nginx -" "d ${importerHome}/.aqbanking/imexporters/csv/profiles 0700 firefly-iii-data-importer nginx -" "L+ ${importerHome}/.aqbanking/imexporters/csv/profiles/firefly.conf - - - - ${fireflyCsvProfile}" - # Disable btrfs CoW on Firefly's SQLite directory — random-write - # SQLite traffic fragments CoW filesystems quickly. New files in - # this dir inherit the +C attribute. Existing database.sqlite, - # -wal, -shm need a one-time recreate to apply (use sqlite3 .backup - # into a fresh +C file). No-op on non-btrfs filesystems. - "h /var/lib/firefly-iii/storage/database - - - - +C" ]; services.firefly-sparda-fetch = { @@ -140,6 +134,17 @@ in }; services = { + postgresql = { + enable = true; + ensureDatabases = [ "firefly-iii" ]; + ensureUsers = [ + { + name = "firefly-iii"; + ensureDBOwnership = true; + } + ]; + }; + firefly-iii = { enable = true; enableNginx = true; @@ -153,6 +158,11 @@ in DEFAULT_LOCALE = "de_DE"; TRUSTED_PROXIES = "**"; LOG_CHANNEL = "stack"; + # PostgreSQL via Unix socket peer auth — no password needed. + DB_CONNECTION = "pgsql"; + DB_HOST = "/run/postgresql"; + DB_DATABASE = "firefly-iii"; + DB_USERNAME = "firefly-iii"; }; };