harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sgx/firefly: switch Firefly III backend from sqlite to postgres

Browse source 
SQLite was slow under btrfs CoW, and the no-CoW migration path turned
out to be fragile (WAL deletion without checkpoint = data loss). Move
to PostgreSQL on Unix-socket peer auth — no password needed for the
local-host setup, NixOS provisions the database+user declaratively.

Drop the now-unused +C tmpfiles rule on the sqlite directory; the
leftover database.sqlite* files at /var/lib/firefly-iii/storage/database/
are harmless and can be removed manually after switch is verified.

Migration of existing Firefly III data is not preserved by this
commit — fresh-start path: re-register admin, re-issue PAT, re-POST
the bulk CSV through the importer.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Harald Hoyer 2026-05-01 21:44:12 +02:00
parent 90324605b9
commit 491a7b38e4
1 changed files with 16 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

22
systems/x86_64-linux/sgx/firefly.nix
View file

@ -53,12 +53,6 @@ in
"d ${inbox} 0700 firefly-iii-data-importer nginx -" "d ${inbox} 0700 firefly-iii-data-importer nginx -"
"d ${importerHome}/.aqbanking/imexporters/csv/profiles 0700 firefly-iii-data-importer nginx -" "d ${importerHome}/.aqbanking/imexporters/csv/profiles 0700 firefly-iii-data-importer nginx -"
"L+ ${importerHome}/.aqbanking/imexporters/csv/profiles/firefly.conf - - - - ${fireflyCsvProfile}" "L+ ${importerHome}/.aqbanking/imexporters/csv/profiles/firefly.conf - - - - ${fireflyCsvProfile}"
# Disable btrfs CoW on Firefly's SQLite directory — random-write
# SQLite traffic fragments CoW filesystems quickly. New files in
# this dir inherit the +C attribute. Existing database.sqlite,
# -wal, -shm need a one-time recreate to apply (use sqlite3 .backup
# into a fresh +C file). No-op on non-btrfs filesystems.
"h /var/lib/firefly-iii/storage/database - - - - +C"
]; ];
services.firefly-sparda-fetch = { services.firefly-sparda-fetch = {
@ -140,6 +134,17 @@ in
}; };
services = { services = {
postgresql = {
enable = true;
ensureDatabases = [ "firefly-iii" ];
ensureUsers = [
{
name = "firefly-iii";
ensureDBOwnership = true;
}
];
};
firefly-iii = { firefly-iii = {
enable = true; enable = true;
enableNginx = true; enableNginx = true;
@ -153,6 +158,11 @@ in
DEFAULT_LOCALE = "de_DE"; DEFAULT_LOCALE = "de_DE";
TRUSTED_PROXIES = "**"; TRUSTED_PROXIES = "**";
LOG_CHANNEL = "stack"; LOG_CHANNEL = "stack";
# PostgreSQL via Unix socket peer auth — no password needed.
DB_CONNECTION = "pgsql";
DB_HOST = "/run/postgresql";
DB_DATABASE = "firefly-iii";
DB_USERNAME = "firefly-iii";
}; };
}; };