feat(sgx): add firefly-iii personal finance manager
Self-hosted Firefly III with data-importer, SQLite backend, behind nginx with the existing internal.hoyer.world ACME cert.
This commit is contained in:
parent
d56f42820a
commit
f4eb0c5939
4 changed files with 88 additions and 0 deletions
35
.secrets/sgx/firefly.yaml
Normal file
35
.secrets/sgx/firefly.yaml
Normal file
|
|
@ -0,0 +1,35 @@
|
||||||
|
firefly:
|
||||||
|
app_key: ENC[AES256_GCM,data:0BHC54xXb7EJcFBuGWFiDfIh7ZBgVs1R+1GGztOwte4CeD4Olz31umq1At1aRFESLkoC,iv:e3On3x9eSKTo9+SEp/ujFZA0a6o2slqT+atPhd1PDMM=,tag:k2pjyvgM8AcElBBOR95dwg==,type:str]
|
||||||
|
sops:
|
||||||
|
age:
|
||||||
|
- recipient: age149fqcw5jze00vd7jauylrp4j5xyv7amlu57jjfuzghkqtzlnxajs704uz3
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1Q0dETGx1eFhwTjJGbkxD
|
||||||
|
Q3lxbmxPQmh3azlWWGJ4enVWZ0RtRXVsSHhJCjhrSmVOakxCcVBUSmJpUkhlVWZH
|
||||||
|
dklGSzI2YjNZT2lmUTFSWWpFSFJyOXcKLS0tIExrYjRhSFNTUldVbGhlQ1d3LzFy
|
||||||
|
L2RoQVRWTStZS3AySmY5bklHeGZlaUkKFVhlgFUQ/QghOEyezCr3Bw/Gd4AfkGbN
|
||||||
|
kLOK5x/lil06ii1LiLe2s2OJd+jU0WH08MiTAjB8u3DdM/MIcApHBg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHN2dQK2laVWlXeHpUT0o0
|
||||||
|
eldJdEZ0RTFVWWYyVng4OXBjQ05ucEFMVEZVClYralUrTWJzam1DR3QrL1Azd05v
|
||||||
|
UlBhK1htK25JVWhPUnNVRDBvRWMwS0kKLS0tIEdlL09FK2NTUVNKa21TeFNQcUtE
|
||||||
|
VFF5YTNrV0FUL3NMK1RQbkEzbnc2Y3cKJCuahHlYCH13VRr9LDJRazQYvmS4LV5E
|
||||||
|
DJ3LfX1VU/46/qgMS66dmaEefbiEUkbUbpGJY99dDNIHsD9lGFjS6w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1cpm9xhgue7sjvq7zyeeaxwr96c93sfzxxxj76sxsq7s7kgnygvcq5jxren
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyODVnbHVxdTJJM3UrQ3BS
|
||||||
|
cVdlbENhM1MrRWJvL3hxWTJZSFFDdFAvUGlnCjFhb2JuNElVdjkvRm9tV3NNeW9o
|
||||||
|
b043STZyR0s4NnNDSTgyd0JhZzVST1EKLS0tIE0zR0J5MlFBVm1mYmVDRktDOEZP
|
||||||
|
SGRyL01ISlltVG5YdWw4dWV0RGpPNEEK855vVFGwxgBrl0scAla980fd3XSiUjfP
|
||||||
|
ULMGGQK06z1Oh6+bvPyfzbILjFkzlrel06yajpcvdSQgJZXpzQgJUA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2026-04-26T12:06:15Z"
|
||||||
|
mac: ENC[AES256_GCM,data:EEPwsBNOZQSgVuL/Ahz870bI01o6v+bdzbKOzAq6ZzXoLS5kmSvG3q384bL3fGcv1lDSHu4FKR+PoToKYYwxrZjR95ZAN1nYlro8rU42fF3cdpZRLS5bPeYz/ZmZud4XXFQX95ltgyWAScM0JqAyEPa3ji9DP33HAg3WiSV6dNM=,iv:3m7lL63aKh8O60gv/NzaewEnigm999w+HD2TbljmvlQ=,tag:0IHm7zeXOUFcNcq/smqpGA==,type:str]
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.12.1
|
||||||
|
|
@ -16,6 +16,8 @@
|
||||||
"syncthing.hoyer.world"
|
"syncthing.hoyer.world"
|
||||||
"home.hoyer.world"
|
"home.hoyer.world"
|
||||||
"status.hoyer.world"
|
"status.hoyer.world"
|
||||||
|
"firefly.hoyer.world"
|
||||||
|
"firefly-import.hoyer.world"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -12,6 +12,7 @@
|
||||||
./wyoming.nix
|
./wyoming.nix
|
||||||
./searx.nix
|
./searx.nix
|
||||||
./uptime-kuma.nix
|
./uptime-kuma.nix
|
||||||
|
./firefly.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.tmp.useTmpfs = false;
|
boot.tmp.useTmpfs = false;
|
||||||
|
|
|
||||||
50
systems/x86_64-linux/sgx/firefly.nix
Normal file
50
systems/x86_64-linux/sgx/firefly.nix
Normal file
|
|
@ -0,0 +1,50 @@
|
||||||
|
{ config, ... }:
|
||||||
|
let
|
||||||
|
domain = "firefly.hoyer.world";
|
||||||
|
importDomain = "firefly-import.hoyer.world";
|
||||||
|
vhostBase = {
|
||||||
|
enableACME = false;
|
||||||
|
useACMEHost = "internal.hoyer.world";
|
||||||
|
forceSSL = true;
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
sops.secrets."firefly/app_key" = {
|
||||||
|
sopsFile = ../../../.secrets/sgx/firefly.yaml;
|
||||||
|
owner = "firefly-iii";
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
firefly-iii = {
|
||||||
|
enable = true;
|
||||||
|
enableNginx = true;
|
||||||
|
virtualHost = domain;
|
||||||
|
settings = {
|
||||||
|
APP_ENV = "production";
|
||||||
|
APP_KEY_FILE = config.sops.secrets."firefly/app_key".path;
|
||||||
|
SITE_OWNER = "harald.hoyer@gmail.com";
|
||||||
|
TZ = "Europe/Berlin";
|
||||||
|
DEFAULT_LANGUAGE = "de_DE";
|
||||||
|
DEFAULT_LOCALE = "de_DE";
|
||||||
|
TRUSTED_PROXIES = "**";
|
||||||
|
LOG_CHANNEL = "stack";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
firefly-iii-data-importer = {
|
||||||
|
enable = true;
|
||||||
|
enableNginx = true;
|
||||||
|
virtualHost = importDomain;
|
||||||
|
settings = {
|
||||||
|
FIREFLY_III_URL = "https://${domain}";
|
||||||
|
VANITY_URL = "https://${importDomain}";
|
||||||
|
TZ = "Europe/Berlin";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nginx.virtualHosts = {
|
||||||
|
${domain} = vhostBase;
|
||||||
|
${importDomain} = vhostBase;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue