harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat(sgx): add firefly-iii personal finance manager

Browse source 
Self-hosted Firefly III with data-importer, SQLite backend, behind
nginx with the existing internal.hoyer.world ACME cert.
This commit is contained in:
Harald Hoyer 2026-04-26 14:09:40 +02:00
parent d56f42820a
commit f4eb0c5939
4 changed files with 88 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

35
.secrets/sgx/firefly.yaml Normal file
View file

@ -0,0 +1,35 @@
firefly:
app_key: ENC[AES256_GCM,data:0BHC54xXb7EJcFBuGWFiDfIh7ZBgVs1R+1GGztOwte4CeD4Olz31umq1At1aRFESLkoC,iv:e3On3x9eSKTo9+SEp/ujFZA0a6o2slqT+atPhd1PDMM=,tag:k2pjyvgM8AcElBBOR95dwg==,type:str]
sops:
age:
- recipient: age149fqcw5jze00vd7jauylrp4j5xyv7amlu57jjfuzghkqtzlnxajs704uz3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Q0dETGx1eFhwTjJGbkxD
Q3lxbmxPQmh3azlWWGJ4enVWZ0RtRXVsSHhJCjhrSmVOakxCcVBUSmJpUkhlVWZH
dklGSzI2YjNZT2lmUTFSWWpFSFJyOXcKLS0tIExrYjRhSFNTUldVbGhlQ1d3LzFy
L2RoQVRWTStZS3AySmY5bklHeGZlaUkKFVhlgFUQ/QghOEyezCr3Bw/Gd4AfkGbN
kLOK5x/lil06ii1LiLe2s2OJd+jU0WH08MiTAjB8u3DdM/MIcApHBg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHN2dQK2laVWlXeHpUT0o0
eldJdEZ0RTFVWWYyVng4OXBjQ05ucEFMVEZVClYralUrTWJzam1DR3QrL1Azd05v
UlBhK1htK25JVWhPUnNVRDBvRWMwS0kKLS0tIEdlL09FK2NTUVNKa21TeFNQcUtE
VFF5YTNrV0FUL3NMK1RQbkEzbnc2Y3cKJCuahHlYCH13VRr9LDJRazQYvmS4LV5E
DJ3LfX1VU/46/qgMS66dmaEefbiEUkbUbpGJY99dDNIHsD9lGFjS6w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1cpm9xhgue7sjvq7zyeeaxwr96c93sfzxxxj76sxsq7s7kgnygvcq5jxren
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyODVnbHVxdTJJM3UrQ3BS
cVdlbENhM1MrRWJvL3hxWTJZSFFDdFAvUGlnCjFhb2JuNElVdjkvRm9tV3NNeW9o
b043STZyR0s4NnNDSTgyd0JhZzVST1EKLS0tIE0zR0J5MlFBVm1mYmVDRktDOEZP
SGRyL01ISlltVG5YdWw4dWV0RGpPNEEK855vVFGwxgBrl0scAla980fd3XSiUjfP
ULMGGQK06z1Oh6+bvPyfzbILjFkzlrel06yajpcvdSQgJZXpzQgJUA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-26T12:06:15Z"
mac: ENC[AES256_GCM,data:EEPwsBNOZQSgVuL/Ahz870bI01o6v+bdzbKOzAq6ZzXoLS5kmSvG3q384bL3fGcv1lDSHu4FKR+PoToKYYwxrZjR95ZAN1nYlro8rU42fF3cdpZRLS5bPeYz/ZmZud4XXFQX95ltgyWAScM0JqAyEPa3ji9DP33HAg3WiSV6dNM=,iv:3m7lL63aKh8O60gv/NzaewEnigm999w+HD2TbljmvlQ=,tag:0IHm7zeXOUFcNcq/smqpGA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.1

2
systems/x86_64-linux/sgx/acme.nix
View file

@ -16,6 +16,8 @@
"syncthing.hoyer.world"
"home.hoyer.world"
"status.hoyer.world"
"firefly.hoyer.world"
"firefly-import.hoyer.world"
];
};
};

1
systems/x86_64-linux/sgx/default.nix
View file

@ -12,6 +12,7 @@
./wyoming.nix
./searx.nix
./uptime-kuma.nix
./firefly.nix
];
boot.tmp.useTmpfs = false;

50
systems/x86_64-linux/sgx/firefly.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, ... }:
let
domain = "firefly.hoyer.world";
importDomain = "firefly-import.hoyer.world";
vhostBase = {
enableACME = false;
useACMEHost = "internal.hoyer.world";
forceSSL = true;
};
in
{
sops.secrets."firefly/app_key" = {
sopsFile = ../../../.secrets/sgx/firefly.yaml;
owner = "firefly-iii";
};
services = {
firefly-iii = {
enable = true;
enableNginx = true;
virtualHost = domain;
settings = {
APP_ENV = "production";
APP_KEY_FILE = config.sops.secrets."firefly/app_key".path;
SITE_OWNER = "harald.hoyer@gmail.com";
TZ = "Europe/Berlin";
DEFAULT_LANGUAGE = "de_DE";
DEFAULT_LOCALE = "de_DE";
TRUSTED_PROXIES = "**";
LOG_CHANNEL = "stack";
};
};
firefly-iii-data-importer = {
enable = true;
enableNginx = true;
virtualHost = importDomain;
settings = {
FIREFLY_III_URL = "https://${domain}";
VANITY_URL = "https://${importDomain}";
TZ = "Europe/Berlin";
};
};
nginx.virtualHosts = {
${domain} = vhostBase;
${importDomain} = vhostBase;
};
};
}