feat(sgx): add firefly-iii personal finance manager

Self-hosted Firefly III with data-importer, SQLite backend, behind nginx with the existing internal.hoyer.world ACME cert.
2026-04-26 14:09:40 +02:00 · 2026-04-26 14:09:40 +02:00 · f4eb0c5939
commit f4eb0c5939
parent d56f42820a
4 changed files with 88 additions and 0 deletions
--- a/systems/x86_64-linux/sgx/firefly.nix
+++ b/systems/x86_64-linux/sgx/firefly.nix
@ -0,0 +1,50 @@
+{ config, ... }:
+let
+  domain = "firefly.hoyer.world";
+  importDomain = "firefly-import.hoyer.world";
+  vhostBase = {
+    enableACME = false;
+    useACMEHost = "internal.hoyer.world";
+    forceSSL = true;
+  };
+in
+{
+  sops.secrets."firefly/app_key" = {
+    sopsFile = ../../../.secrets/sgx/firefly.yaml;
+    owner = "firefly-iii";
+  };
+
+  services = {
+    firefly-iii = {
+      enable = true;
+      enableNginx = true;
+      virtualHost = domain;
+      settings = {
+        APP_ENV = "production";
+        APP_KEY_FILE = config.sops.secrets."firefly/app_key".path;
+        SITE_OWNER = "harald.hoyer@gmail.com";
+        TZ = "Europe/Berlin";
+        DEFAULT_LANGUAGE = "de_DE";
+        DEFAULT_LOCALE = "de_DE";
+        TRUSTED_PROXIES = "**";
+        LOG_CHANNEL = "stack";
+      };
+    };
+
+    firefly-iii-data-importer = {
+      enable = true;
+      enableNginx = true;
+      virtualHost = importDomain;
+      settings = {
+        FIREFLY_III_URL = "https://${domain}";
+        VANITY_URL = "https://${importDomain}";
+        TZ = "Europe/Berlin";
+      };
+    };
+
+    nginx.virtualHosts = {
+      ${domain} = vhostBase;
+      ${importDomain} = vhostBase;
+    };
+  };
+}