sgx/firefly: switch Firefly III backend from sqlite to postgres

SQLite was slow under btrfs CoW, and the no-CoW migration path turned out to be fragile (WAL deletion without checkpoint = data loss). Move to PostgreSQL on Unix-socket peer auth — no password needed for the local-host setup, NixOS provisions the database+user declaratively. Drop the now-unused +C tmpfiles rule on the sqlite directory; the leftover database.sqlite* files at /var/lib/firefly-iii/storage/database/ are harmless and can be removed manually after switch is verified. Migration of existing Firefly III data is not preserved by this commit — fresh-start path: re-register admin, re-issue PAT, re-POST the bulk CSV through the importer. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 21:44:12 +02:00 · 2026-05-01 21:44:12 +02:00 · 491a7b38e4
commit 491a7b38e4
parent 90324605b9
1 changed files with 16 additions and 6 deletions
--- a/systems/x86_64-linux/sgx/firefly.nix
+++ b/systems/x86_64-linux/sgx/firefly.nix
@ -53,12 +53,6 @@ in
      "d ${inbox} 0700 firefly-iii-data-importer nginx -"
      "d ${importerHome}/.aqbanking/imexporters/csv/profiles 0700 firefly-iii-data-importer nginx -"
      "L+ ${importerHome}/.aqbanking/imexporters/csv/profiles/firefly.conf - - - - ${fireflyCsvProfile}"
-      # Disable btrfs CoW on Firefly's SQLite directory — random-write
-      # SQLite traffic fragments CoW filesystems quickly. New files in
-      # this dir inherit the +C attribute. Existing database.sqlite,
-      # -wal, -shm need a one-time recreate to apply (use sqlite3 .backup
-      # into a fresh +C file). No-op on non-btrfs filesystems.
-      "h /var/lib/firefly-iii/storage/database - - - - +C"
    ];

    services.firefly-sparda-fetch = {
@ -140,6 +134,17 @@ in
  };

  services = {
+    postgresql = {
+      enable = true;
+      ensureDatabases = [ "firefly-iii" ];
+      ensureUsers = [
+        {
+          name = "firefly-iii";
+          ensureDBOwnership = true;
+        }
+      ];
+    };
+
    firefly-iii = {
      enable = true;
      enableNginx = true;
@ -153,6 +158,11 @@ in
        DEFAULT_LOCALE = "de_DE";
        TRUSTED_PROXIES = "**";
        LOG_CHANNEL = "stack";
+        # PostgreSQL via Unix socket peer auth — no password needed.
+        DB_CONNECTION = "pgsql";
+        DB_HOST = "/run/postgresql";
+        DB_DATABASE = "firefly-iii";
+        DB_USERNAME = "firefly-iii";
      };
    };