upRootNutrition/dotfiles
upRootNutrition/dotfiles
1
0
Fork 0
mirror of https://gitlab.com/upRootNutrition/dotfiles.git synced 2025-12-06 21:17:14 -06:00
Code Issues Projects 1 Releases Packages Wiki Activity Actions

feat: spun up firefly-iii

Browse source
This commit is contained in:
Nick 2025-11-17 05:46:55 -06:00
parent 83aab0bc63
commit 6c010d9f10
4 changed files with 1424 additions and 842 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/nixos/default.nix
View file

@ -53,7 +53,7 @@ in
caddy
comfyui
# filesorter
# firefly-iii
firefly-iii
forgejo
# glance
jellyfin

82
modules/nixos/guests/firefly-iii/default.nix
View file

@ -1,6 +1,6 @@
{
config,
flake,
config,
...
}:
let
@ -12,8 +12,8 @@ let
smtpCfg = instances.smtp;
hostCfg = instances.web;
host = serviceCfg.domains.url0;
dns0 = instances.web.dns.provider0;
dns0Path = "dns/${dns0}";
dns = instances.web.dns.provider0;
dnsPath = "dns/${dns}";
in
{
microvm.vms = {
@ -27,7 +27,6 @@ in
services = {
firefly-iii = {
enable = true;
# dataDir = serviceCfg.varPaths.path0;
enableNginx = false;
poolConfig = {
"listen.owner" = config.services.caddy.user;
@ -40,18 +39,18 @@ in
};
settings = {
APP_URL = "https://${host}";
APP_KEY_FILE = "/run/secrets/pass";
# DB_PASSWORD_FILE = "/run/secrets/data";
# DB_CONNECTION = "pgsql";
# DB_HOST = "db";
# DB_DATABASE = "firefly";
# DB_USERNAME = "firefly";
APP_KEY_FILE = "/etc/firefly-secrets/pass";
DB_PASSWORD_FILE = "/etc/firefly-secrets/data";
DB_CONNECTION = "pgsql";
DB_HOST = "/run/postgresql";
DB_DATABASE = "firefly-iii";
DB_USERNAME = "firefly-iii";
MAIL_MAILER = smtpCfg.name;
MAIL_HOST = smtpCfg.hostname;
MAIL_PORT = smtpCfg.ports.port0;
MAIL_FROM = smtpCfg.email.address0;
MAIL_USERNAME = smtpCfg.email.address0;
MAIL_PASSWORD_FILE = "/run/secrets/smtp";
MAIL_PASSWORD_FILE = "/etc/firefly-secrets/smtp";
MAIL_ENCRYPTION = "tls";
SITE_OWNER = email.address2;
};
@ -63,7 +62,7 @@ in
caddy = {
enable = true;
virtualHosts."${serviceCfg.interface.ip}" = {
virtualHosts.":80" = {
extraConfig = ''
root * ${config.services.firefly-iii.package}/public
@ -76,16 +75,16 @@ in
};
};
# postgresql = {
# enable = true;
# ensureDatabases = [ "firefly" ];
# ensureUsers = [
# {
# name = "firefly";
# ensureDBOwnership = true;
# }
# ];
# };
postgresql = {
enable = true;
ensureDatabases = [ "firefly-iii" ];
ensureUsers = [
{
name = "firefly-iii";
ensureDBOwnership = true;
}
];
};
openssh = {
enable = true;
@ -117,10 +116,12 @@ in
RemainAfterExit = true;
};
script = ''
chown root:firefly-iii /run/secrets/pass
chown root:firefly-iii /run/secrets/smtp
chmod 0640 /run/secrets/pass
chmod 0640 /run/secrets/smtp
mkdir -p /etc/firefly-secrets
cp /run/secrets/pass /etc/firefly-secrets/pass
cp /run/secrets/data /etc/firefly-secrets/data
cp /run/secrets/smtp /etc/firefly-secrets/smtp
chmod 755 /etc/firefly-secrets
chmod 644 /etc/firefly-secrets/*
'';
};
systemd-networkd.wantedBy = [ "multi-user.target" ];
@ -128,7 +129,7 @@ in
network = {
enable = true;
networks."20-lan" = {
matchConfig.Name = "enp0s5";
matchConfig.Name = "enp0s6";
addresses = [
{ Address = "${serviceCfg.interface.ip}/24"; }
];
@ -183,15 +184,15 @@ in
{
mountPoint = "/var/lib/${serviceCfg.name}";
proto = "virtiofs";
source = "${serviceCfg.mntPaths.path0}";
source = "${serviceCfg.mntPaths.path0}/data";
tag = "${serviceCfg.name}_data";
}
# {
# mountPoint = "/var/lib/postgresql";
# proto = "virtiofs";
# source = "${serviceCfg.mntPaths.path0}/database";
# tag = "${serviceCfg.name}_database";
# }
{
mountPoint = "/var/lib/postgresql";
proto = "virtiofs";
source = "${serviceCfg.mntPaths.path0}/database";
tag = "${serviceCfg.name}_database";
}
{
mountPoint = "/run/secrets";
proto = "virtiofs";
@ -207,15 +208,15 @@ in
users.users.caddy.extraGroups = [ "acme" ];
security.acme.certs."${host}" = {
dnsProvider = dns0;
environmentFile = config.sops.secrets.${dns0Path}.path;
dnsProvider = dns;
environmentFile = config.sops.secrets.${dnsPath}.path;
group = "caddy";
};
systemd.tmpfiles.rules = [
"d ${serviceCfg.mntPaths.path0} 0751 microvm wheel - -"
# "d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -"
# "d ${serviceCfg.mntPaths.path0}/database 0751 microvm wheel - -"
"d ${serviceCfg.mntPaths.path0}/data 0751 microvm wheel - -"
"d ${serviceCfg.mntPaths.path0}/database 0751 microvm wheel - -"
];
sops = {
@ -225,7 +226,8 @@ in
name = "${serviceCfg.name}/${secret}";
value = {
owner = "root";
mode = "600";
group = "root";
mode = "0644";
};
})
[
@ -237,7 +239,7 @@ in
};
services.caddy.virtualHosts."${host}" = {
extraConfig = ''
reverse_proxy ${serviceCfg.interface.ip}:80
reverse_proxy http://${serviceCfg.interface.ip}:80
tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key}

2177
modules/nixos/guests/mastodon/config/twitter.txt
View file

File diff suppressed because one or more lines are too long

5
modules/nixos/guests/mastodon/default.nix
View file

@ -281,6 +281,11 @@ in
"Z /var/lib/mastodon 0755 mastodon mastodon -"
"Z /var/lib/postgresql 0755 postgres postgres -"
"d /var/cache/mastodon/precompile 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system/accounts 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system/media_attachments 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system/media_attachments/files 0755 mastodon mastodon -"
"d /var/lib/mastodon/public-system/site_uploads 0755 mastodon mastodon -"
];
};