feat: added firefly-iii

2025-12-07 05:27:13 -06:00 · 2025-10-09 05:41:34 -05:00 · 2025-10-09 05:41:34 -05:00 · e4f47ef2b2
commit e4f47ef2b2
parent 2611ebfa61
1 changed files with 17 additions and 24 deletions
--- a/modules/nixos/services/firefly-iii/default.nix
+++ b/modules/nixos/services/firefly-iii/default.nix
@ -2,9 +2,6 @@
 let
  inherit (flake.config.services.instances) firefly-iii;
  inherit (flake.config.machines.devices) ceres;
-  inherit (flake.config.people) user0;
-  inherit (flake.config.people.users.${user0}) email;
-  # localhost = "${ceres.ip.addess0}:${service.ports.port0}";
  host = service.domains.url0;
  service = firefly-iii;
 in
@ -13,10 +10,8 @@ in
    firefly-iii = {
      enable = true;
      dataDir = service.paths.path0;
-      virtualHost = host;
      poolConfig = {
        "listen.owner" = config.services.caddy.user;
-        "listen.group" = config.services.caddy.group;
        "pm" = "dynamic";
        "pm.max_children" = 32;
        "pm.start_servers" = 2;
@ -25,10 +20,10 @@ in
        "pm.max_requests" = 500;
      };
      settings = {
-        DB_CONNECTION = "sqlite";
+        DB_CONNECTION = "pgsql";
        APP_URL = "https://${host}";
        APP_KEY_FILE = config.sops.secrets."${service.name}-pass".path;
-        SITE_OWNER = email.address0;
+        DB_PASSWORD_FILE = config.sops.secrets."${service.name}-data".path;
      };
    };
    firefly-iii-data-importer = {
@ -39,9 +34,12 @@ in
        ${host} = {
          extraConfig = ''
            root * ${config.services.firefly-iii.package}/public
-            file_server
            encode gzip
-            php_fastcgi unix//run/phpfpm/firefly-iii.sock
+            php_fastcgi unix/run/phpfpm/firefly-iii.sock {
+              try_files {path} /index.php?{query}
+              trusted_proxies private_ranges
+            }
+            file_server
            tls ${service.ssl.cert} ${service.ssl.key}
          '';
        };
@ -70,20 +68,16 @@ in
      );
    };

-  # fileSystems."/var/lib/${service.name}" = {
-  #   device = service.paths.path0;
-  #   fsType = "none";
-  #   options = [
-  #     "bind"
-  #   ];
-  #   depends = [
-  #     ceres.storage0.mount
-  #   ];
-  # };
-  #
-  users.users.${service.name}.extraGroups = [
-    "caddy"
-  ];
+  fileSystems."/var/lib/${service.name}" = {
+    device = service.paths.path0;
+    fsType = "none";
+    options = [
+      "bind"
+    ];
+    depends = [
+      ceres.storage0.mount
+    ];
+  };

  systemd.tmpfiles.rules = [
    "Z ${service.paths.path0} 755 ${service.name} ${service.name} -"
@ -94,7 +88,6 @@ in
    firewall.allowedTCPPorts = [
      8080
      8081
-      5432
    ];
  };
 }