upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-06 21:17:14 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

feat: spun up firefly-iii

Browse source
This commit is contained in:
Nick 2025-11-17 05:46:55 -06:00
parent 83aab0bc63
commit 6c010d9f10
4 changed files with 1424 additions and 842 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/nixos/default.nix
View file

@ -53,7 +53,7 @@ in
caddy caddy
comfyui comfyui
# filesorter # filesorter
# firefly-iii firefly-iii
forgejo forgejo
# glance # glance
jellyfin jellyfin

82
modules/nixos/guests/firefly-iii/default.nix
View file

@ -1,6 +1,6 @@
{ {
config,
flake, flake,
config,
... ...
}: }:
let let
@ -12,8 +12,8 @@ let
smtpCfg = instances.smtp; smtpCfg = instances.smtp;
hostCfg = instances.web; hostCfg = instances.web;
host = serviceCfg.domains.url0; host = serviceCfg.domains.url0;
dns0 = instances.web.dns.provider0; dns = instances.web.dns.provider0;
dns0Path = "dns/${dns0}"; dnsPath = "dns/${dns}";
in in
{ {
microvm.vms = { microvm.vms = {
@ -27,7 +27,6 @@ in
services = { services = {
firefly-iii = { firefly-iii = {
enable = true; enable = true;
# dataDir = serviceCfg.varPaths.path0;
enableNginx = false; enableNginx = false;
poolConfig = { poolConfig = {
"listen.owner" = config.services.caddy.user; "listen.owner" = config.services.caddy.user;
@ -40,18 +39,18 @@ in
}; };
settings = { settings = {
APP_URL = "https://${host}"; APP_URL = "https://${host}";
APP_KEY_FILE = "/run/secrets/pass"; APP_KEY_FILE = "/etc/firefly-secrets/pass";
# DB_PASSWORD_FILE = "/run/secrets/data"; DB_PASSWORD_FILE = "/etc/firefly-secrets/data";
# DB_CONNECTION = "pgsql"; DB_CONNECTION = "pgsql";
# DB_HOST = "db"; DB_HOST = "/run/postgresql";
# DB_DATABASE = "firefly"; DB_DATABASE = "firefly-iii";
# DB_USERNAME = "firefly"; DB_USERNAME = "firefly-iii";
MAIL_MAILER = smtpCfg.name; MAIL_MAILER = smtpCfg.name;
MAIL_HOST = smtpCfg.hostname; MAIL_HOST = smtpCfg.hostname;
MAIL_PORT = smtpCfg.ports.port0; MAIL_PORT = smtpCfg.ports.port0;
MAIL_FROM = smtpCfg.email.address0; MAIL_FROM = smtpCfg.email.address0;
MAIL_USERNAME = smtpCfg.email.address0; MAIL_USERNAME = smtpCfg.email.address0;
MAIL_PASSWORD_FILE = "/run/secrets/smtp"; MAIL_PASSWORD_FILE = "/etc/firefly-secrets/smtp";
MAIL_ENCRYPTION = "tls"; MAIL_ENCRYPTION = "tls";
SITE_OWNER = email.address2; SITE_OWNER = email.address2;
}; };
@ -63,7 +62,7 @@ in
caddy = { caddy = {
enable = true; enable = true;
virtualHosts."${serviceCfg.interface.ip}" = { virtualHosts.":80" = {
extraConfig = '' extraConfig = ''
root * ${config.services.firefly-iii.package}/public root * ${config.services.firefly-iii.package}/public
@ -76,16 +75,16 @@ in
}; };
}; };
# postgresql = { postgresql = {
# enable = true; enable = true;
# ensureDatabases = [ "firefly" ]; ensureDatabases = [ "firefly-iii" ];
# ensureUsers = [ ensureUsers = [
# { {
# name = "firefly"; name = "firefly-iii";
# ensureDBOwnership = true; ensureDBOwnership = true;
# } }
# ]; ];
# }; };
openssh = { openssh = {
enable = true; enable = true;
@ -117,10 +116,12 @@ in
RemainAfterExit = true; RemainAfterExit = true;
}; };
script = '' script = ''
chown root:firefly-iii /run/secrets/pass mkdir -p /etc/firefly-secrets
chown root:firefly-iii /run/secrets/smtp cp /run/secrets/pass /etc/firefly-secrets/pass
chmod 0640 /run/secrets/pass cp /run/secrets/data /etc/firefly-secrets/data
chmod 0640 /run/secrets/smtp cp /run/secrets/smtp /etc/firefly-secrets/smtp
chmod 755 /etc/firefly-secrets
chmod 644 /etc/firefly-secrets/*
''; '';
}; };
systemd-networkd.wantedBy = [ "multi-user.target" ]; systemd-networkd.wantedBy = [ "multi-user.target" ];
@ -128,7 +129,7 @@ in
network = { network = {
enable = true; enable = true;
networks."20-lan" = { networks."20-lan" = {
matchConfig.Name = "enp0s5"; matchConfig.Name = "enp0s6";
addresses = [ addresses = [
{ Address = "${serviceCfg.interface.ip}/24"; } { Address = "${serviceCfg.interface.ip}/24"; }
]; ];
@ -183,15 +184,15 @@ in
{ {
mountPoint = "/var/lib/${serviceCfg.name}"; mountPoint = "/var/lib/${serviceCfg.name}";
proto = "virtiofs"; proto = "virtiofs";
source = "${serviceCfg.mntPaths.path0}"; source = "${serviceCfg.mntPaths.path0}/data";
tag = "${serviceCfg.name}_data"; tag = "${serviceCfg.name}_data";
} }
# { {
# mountPoint = "/var/lib/postgresql"; mountPoint = "/var/lib/postgresql";
# proto = "virtiofs"; proto = "virtiofs";
# source = "${serviceCfg.mntPaths.path0}/database"; source = "${serviceCfg.mntPaths.path0}/database";
# tag = "${serviceCfg.name}_database"; tag = "${serviceCfg.name}_database";
# } }
{ {
mountPoint = "/run/secrets"; mountPoint = "/run/secrets";
proto = "virtiofs"; proto = "virtiofs";
@ -207,15 +208,15 @@ in
users.users.caddy.extraGroups = [ "acme" ]; users.users.caddy.extraGroups = [ "acme" ];
security.acme.certs."${host}" = { security.acme.certs."${host}" = {
dnsProvider = dns0; dnsProvider = dns;
environmentFile = config.sops.secrets.${dns0Path}.path; environmentFile = config.sops.secrets.${dnsPath}.path;
group = "caddy"; group = "caddy";
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -" "d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
# "d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -" "d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -"
# "d ${serviceCfg.mntPaths.path0}/database 0751 microvm wheel - -" "d ${serviceCfg.mntPaths.path0}/database 0751 microvm wheel - -"
]; ];
sops = { sops = {
@ -225,7 +226,8 @@ in
name = "${serviceCfg.name}/${secret}"; name = "${serviceCfg.name}/${secret}";
value = { value = {
owner = "root"; owner = "root";
mode = "600"; group = "root";
mode = "0644";
}; };
}) })
[ [
@ -237,7 +239,7 @@ in
}; };
services.caddy.virtualHosts."${host}" = { services.caddy.virtualHosts."${host}" = {
extraConfig = '' extraConfig = ''
reverse_proxy ${serviceCfg.interface.ip}:80 reverse_proxy http://${serviceCfg.interface.ip}:80
tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key} tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key}

2177
modules/nixos/guests/mastodon/config/twitter.txt
View file

File diff suppressed because one or more lines are too long

5
modules/nixos/guests/mastodon/default.nix
View file

@ -281,6 +281,11 @@ in
"Z /var/lib/mastodon 0755 mastodon mastodon -" "Z /var/lib/mastodon 0755 mastodon mastodon -"
"Z /var/lib/postgresql 0755 postgres postgres -" "Z /var/lib/postgresql 0755 postgres postgres -"
"d /var/cache/mastodon/precompile 0755 mastodon mastodon -" "d /var/cache/mastodon/precompile 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system/accounts 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system/media_attachments 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system/media_attachments/files 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system/site_uploads 0755 mastodon mastodon -"
]; ];
}; };