From f0aa2b0ebecb2596e355252450d5fd75cd3ab339 Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 17 Nov 2025 17:20:59 -0600 Subject: [PATCH 01/10] feat: spun up firefly-iii --- modules/nixos/guests/firefly-iii/default.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/nixos/guests/firefly-iii/default.nix b/modules/nixos/guests/firefly-iii/default.nix index 6a67859..ed04877 100755 --- a/modules/nixos/guests/firefly-iii/default.nix +++ b/modules/nixos/guests/firefly-iii/default.nix @@ -53,6 +53,7 @@ in MAIL_PASSWORD_FILE = "/etc/firefly-secrets/smtp"; MAIL_ENCRYPTION = "tls"; SITE_OWNER = email.address2; + TRUSTED_PROXIES = "**"; }; }; @@ -239,7 +240,13 @@ in }; services.caddy.virtualHosts."${host}" = { extraConfig = '' - reverse_proxy http://${serviceCfg.interface.ip}:80 + reverse_proxy http://${serviceCfg.interface.ip}:80 { + header_up Host {host} + header_up X-Real-IP {remote} + header_up X-Forwarded-For {remote} + header_up X-Forwarded-Proto {scheme} + header_up X-Forwarded-Host {host} + } tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key} From 99c40c53627c53a1c84d8d3ea06ae2bae2c85438 Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 17 Nov 2025 17:54:32 -0600 Subject: [PATCH 02/10] feat: spun up firefly-iii --- modules/nixos/guests/firefly-iii/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/nixos/guests/firefly-iii/default.nix b/modules/nixos/guests/firefly-iii/default.nix index ed04877..6a08252 100755 --- a/modules/nixos/guests/firefly-iii/default.nix +++ b/modules/nixos/guests/firefly-iii/default.nix @@ -53,7 +53,7 @@ in MAIL_PASSWORD_FILE = "/etc/firefly-secrets/smtp"; MAIL_ENCRYPTION = "tls"; SITE_OWNER = email.address2; - TRUSTED_PROXIES = "**"; + TRUSTED_PROXIES = "*"; }; }; @@ -241,13 +241,9 @@ in services.caddy.virtualHosts."${host}" = { extraConfig = '' reverse_proxy http://${serviceCfg.interface.ip}:80 { - header_up Host {host} - header_up X-Real-IP {remote} - header_up X-Forwarded-For {remote} header_up X-Forwarded-Proto {scheme} header_up X-Forwarded-Host {host} } - tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key} encode zstd gzip From f9f4b8b8ec70a4b80a2006b7f19e5b7f8134852e Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 17 Nov 2025 18:06:10 -0600 Subject: [PATCH 03/10] feat: spun up firefly-iii --- modules/nixos/guests/firefly-iii/default.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/nixos/guests/firefly-iii/default.nix b/modules/nixos/guests/firefly-iii/default.nix index 6a08252..adcec4f 100755 --- a/modules/nixos/guests/firefly-iii/default.nix +++ b/modules/nixos/guests/firefly-iii/default.nix @@ -71,7 +71,10 @@ in encode gzip - php_fastcgi unix//run/phpfpm/firefly-iii.sock + php_fastcgi unix//run/phpfpm/firefly-iii.sock { + env SERVER_NAME {http.request.header.X-Forwarded-Host} + env HTTPS on + } ''; }; }; @@ -241,9 +244,10 @@ in services.caddy.virtualHosts."${host}" = { extraConfig = '' reverse_proxy http://${serviceCfg.interface.ip}:80 { - header_up X-Forwarded-Proto {scheme} + header_up X-Forwarded-Proto https header_up X-Forwarded-Host {host} } + tls ${serviceCfg.ssl.cert} ${serviceCfg.ssl.key} encode zstd gzip From 2dd987b77ec4b6f686159b5d1f9b3ef78e2740bc Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 17 Nov 2025 18:30:28 -0600 Subject: [PATCH 04/10] feat: spun up firefly-iii --- modules/nixos/guests/firefly-iii/default.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/modules/nixos/guests/firefly-iii/default.nix b/modules/nixos/guests/firefly-iii/default.nix index adcec4f..9204681 100755 --- a/modules/nixos/guests/firefly-iii/default.nix +++ b/modules/nixos/guests/firefly-iii/default.nix @@ -72,8 +72,9 @@ in encode gzip php_fastcgi unix//run/phpfpm/firefly-iii.sock { - env SERVER_NAME {http.request.header.X-Forwarded-Host} - env HTTPS on + env HTTP_X_FORWARDED_PROTO {http.request.header.X-Forwarded-Proto} + env HTTP_X_FORWARDED_HOST {http.request.header.X-Forwarded-Host} + env HTTPS {http.request.header.X-Forwarded-Proto} } ''; }; @@ -99,6 +100,10 @@ in }; }; + users.users.caddy = { + extraGroups = [ "firefly-iii" ]; + }; + networking.firewall.allowedTCPPorts = [ 22 80 From be482eae7320470866793caf2c129f5408b52617 Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 17 Nov 2025 19:09:15 -0600 Subject: [PATCH 05/10] feat: spun up firefly-iii --- modules/nixos/guests/firefly-iii/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/guests/firefly-iii/default.nix b/modules/nixos/guests/firefly-iii/default.nix index 9204681..5e95cdb 100755 --- a/modules/nixos/guests/firefly-iii/default.nix +++ b/modules/nixos/guests/firefly-iii/default.nix @@ -72,9 +72,9 @@ in encode gzip php_fastcgi unix//run/phpfpm/firefly-iii.sock { - env HTTP_X_FORWARDED_PROTO {http.request.header.X-Forwarded-Proto} + env HTTP_X_FORWARDED_PROTO https env HTTP_X_FORWARDED_HOST {http.request.header.X-Forwarded-Host} - env HTTPS {http.request.header.X-Forwarded-Proto} + env HTTPS on } ''; }; From a2eb91f66cb7fd23f0a43d2ad503dedb4320fa5c Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 17 Nov 2025 19:27:09 -0600 Subject: [PATCH 06/10] feat: spun up firefly-iii --- modules/nixos/guests/firefly-iii/default.nix | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/modules/nixos/guests/firefly-iii/default.nix b/modules/nixos/guests/firefly-iii/default.nix index 5e95cdb..b02871f 100755 --- a/modules/nixos/guests/firefly-iii/default.nix +++ b/modules/nixos/guests/firefly-iii/default.nix @@ -30,6 +30,7 @@ in enableNginx = false; poolConfig = { "listen.owner" = config.services.caddy.user; + "listen" = "0.0.0.0:9000"; # Listen on network instead of socket "pm" = "dynamic"; "pm.max_children" = 32; "pm.start_servers" = 2; @@ -53,7 +54,6 @@ in MAIL_PASSWORD_FILE = "/etc/firefly-secrets/smtp"; MAIL_ENCRYPTION = "tls"; SITE_OWNER = email.address2; - TRUSTED_PROXIES = "*"; }; }; @@ -71,11 +71,7 @@ in encode gzip - php_fastcgi unix//run/phpfpm/firefly-iii.sock { - env HTTP_X_FORWARDED_PROTO https - env HTTP_X_FORWARDED_HOST {http.request.header.X-Forwarded-Host} - env HTTPS on - } + php_fastcgi unix//run/phpfpm/firefly-iii.sock ''; }; }; From 78d4524d694bd27d3c929b550b6c4fb02120464f Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 17 Nov 2025 19:38:30 -0600 Subject: [PATCH 07/10] feat: spun up firefly-iii --- modules/nixos/guests/firefly-iii/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/guests/firefly-iii/default.nix b/modules/nixos/guests/firefly-iii/default.nix index b02871f..868fb13 100755 --- a/modules/nixos/guests/firefly-iii/default.nix +++ b/modules/nixos/guests/firefly-iii/default.nix @@ -109,6 +109,10 @@ in systemd = { services = { + caddy = { + after = [ "phpfpm-firefly-iii.service" ]; + requires = [ "phpfpm-firefly-iii.service" ]; + }; fix-secrets-permissions = { description = "Fix secrets permissions for firefly-iii"; wantedBy = [ "multi-user.target" ]; From c3be13e210166f1efe0b6f2c1e64212f3b696eb5 Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 17 Nov 2025 19:48:14 -0600 Subject: [PATCH 08/10] feat: spun up firefly-iii --- modules/nixos/guests/firefly-iii/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/nixos/guests/firefly-iii/default.nix b/modules/nixos/guests/firefly-iii/default.nix index 868fb13..e7e2015 100755 --- a/modules/nixos/guests/firefly-iii/default.nix +++ b/modules/nixos/guests/firefly-iii/default.nix @@ -30,7 +30,6 @@ in enableNginx = false; poolConfig = { "listen.owner" = config.services.caddy.user; - "listen" = "0.0.0.0:9000"; # Listen on network instead of socket "pm" = "dynamic"; "pm.max_children" = 32; "pm.start_servers" = 2; @@ -71,7 +70,7 @@ in encode gzip - php_fastcgi unix//run/phpfpm/firefly-iii.sock + php_fastcgi 127.0.0.1:9000 ''; }; }; From 4b86ce3f4e09f29d6e6ba91ce43ff33827a14a11 Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 17 Nov 2025 20:02:06 -0600 Subject: [PATCH 09/10] feat: spun up firefly-iii --- modules/nixos/guests/firefly-iii/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/guests/firefly-iii/default.nix b/modules/nixos/guests/firefly-iii/default.nix index e7e2015..928e59b 100755 --- a/modules/nixos/guests/firefly-iii/default.nix +++ b/modules/nixos/guests/firefly-iii/default.nix @@ -70,7 +70,7 @@ in encode gzip - php_fastcgi 127.0.0.1:9000 + php_fastcgi unix//run/phpfpm/firefly-iii.sock ''; }; }; From 2932b9f18de9ec394ddbc0db87cb1c634d46fd87 Mon Sep 17 00:00:00 2001 From: Nick Date: Mon, 17 Nov 2025 20:21:01 -0600 Subject: [PATCH 10/10] feat: spun up firefly-iii --- modules/nixos/guests/firefly-iii/default.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/modules/nixos/guests/firefly-iii/default.nix b/modules/nixos/guests/firefly-iii/default.nix index 928e59b..fcf3188 100755 --- a/modules/nixos/guests/firefly-iii/default.nix +++ b/modules/nixos/guests/firefly-iii/default.nix @@ -56,6 +56,11 @@ in }; }; + phpfpm.pools.firefly-iii.phpEnv = { + TRUSTED_PROXIES = "*"; + APP_URL = "https://${host}"; + }; + firefly-iii-data-importer = { enable = true; }; @@ -70,7 +75,10 @@ in encode gzip - php_fastcgi unix//run/phpfpm/firefly-iii.sock + php_fastcgi unix//run/phpfpm/firefly-iii.sock { + env HTTPS {http.request.header.X-Forwarded-Proto} + env HTTP_X_FORWARDED_PROTO {http.request.header.X-Forwarded-Proto} + } ''; }; };