titaniumtown/nixos
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

firefly-iii: init
All checks were successful
Build and Deploy / mreow (push) Successful in 1m14s
Details
Build and Deploy / yarn (push) Successful in 55s
Details
Build and Deploy / muffin (push) Successful in 1m58s
Details

Browse Source
This commit is contained in:
Simon Gardling
2026-05-05 01:40:29 -04:00
parent b248f3592f
commit 82213c2917
6 changed files with 73 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/muffin/default.nix
View File

@@ -53,6 +53,7 @@
# ../../services/llama-cpp.nix # ../../services/llama-cpp.nix
../../services/trilium.nix ../../services/trilium.nix
../../services/firefly-iii.nix
../../services/ups.nix ../../services/ups.nix

5
hosts/muffin/service-configs.nix
View File

@@ -335,6 +335,11 @@ rec {
dataDir = services_dir + "/trilium"; dataDir = services_dir + "/trilium";
}; };
firefly_iii = {
dataDir = services_dir + "/firefly-iii";
domain = "firefly.${site_config.domain}";
};
media = { media = {
moviesDir = torrents_path + "/media/movies"; moviesDir = torrents_path + "/media/movies";
tvDir = torrents_path + "/media/tv"; tvDir = torrents_path + "/media/tv";

8
modules/server-age-secrets.nix
View File

@@ -191,5 +191,13 @@
owner = "caddy"; owner = "caddy";
group = "caddy"; group = "caddy";
}; };
# Firefly III application encryption key (base64:<32 random bytes>)
firefly-iii-app-key = {
file = ../secrets/server/firefly-iii-app-key.age;
mode = "0400";
owner = "firefly-iii";
group = "caddy";
};
}; };
} }

BIN
secrets/secrets.nix
View File

Binary file not shown.

BIN
secrets/server/firefly-iii-app-key.age Normal file
View File

Binary file not shown.

59
services/firefly-iii.nix Normal file
View File

@@ -0,0 +1,59 @@
{
config,
lib,
service_configs,
site_config,
...
}:
{
imports = [
# firefly-iii has no service of its own — phpfpm-firefly-iii.service runs
# the app and firefly-iii-setup.service runs migrations/cache rebuild.
# Wire the zfs mount into firefly-iii-setup so the upstream `requiredBy`
# chain (setup → phpfpm) inherits the dependency.
(lib.serviceMountWithZpool "firefly-iii-setup" service_configs.zpool_ssds [
service_configs.firefly_iii.dataDir
])
];
services.firefly-iii = {
enable = true;
dataDir = service_configs.firefly_iii.dataDir;
# Run under the caddy group so caddy can read the php-fpm unix socket
# (default mode 0660, owner = user, group = group).
group = "caddy";
virtualHost = service_configs.firefly_iii.domain;
settings = {
APP_ENV = "production";
APP_KEY_FILE = config.age.secrets.firefly-iii-app-key.path;
SITE_OWNER = site_config.contact_email;
# PostgreSQL via local Unix socket + peer auth (DB_HOST defaults to
# /run/postgresql for pgsql, no password needed).
DB_CONNECTION = "pgsql";
DB_DATABASE = "firefly-iii";
DB_USERNAME = "firefly-iii";
# Trust X-Forwarded-* from caddy on the loopback.
TRUSTED_PROXIES = "127.0.0.1,::1";
};
};
services.postgresql = {
ensureDatabases = [ "firefly-iii" ];
ensureUsers = [
{
name = "firefly-iii";
ensureDBOwnership = true;
}
];
};
services.caddy.virtualHosts.${service_configs.firefly_iii.domain}.extraConfig = ''
encode zstd gzip
root * ${config.services.firefly-iii.package}/public
php_fastcgi unix/${config.services.phpfpm.pools.firefly-iii.socket}
file_server
'';
}