From 981a43b8531fb2535b885e5321d45c41d692be9c Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 01:37:33 -0500 Subject: [PATCH 01/34] feat: firefly-iii test --- modules/config/instances/config/firefly.nix | 38 ++++++++++ modules/nixos/services/acme/default.nix | 1 + modules/nixos/services/firefly/default.nix | 84 +++++++++++++++++++++ secrets/secrets.yaml | 6 +- 4 files changed, 127 insertions(+), 2 deletions(-) create mode 100644 modules/config/instances/config/firefly.nix create mode 100644 modules/nixos/services/firefly/default.nix diff --git a/modules/config/instances/config/firefly.nix b/modules/config/instances/config/firefly.nix new file mode 100644 index 0000000..337bca3 --- /dev/null +++ b/modules/config/instances/config/firefly.nix @@ -0,0 +1,38 @@ +{ moduleFunctions }: +let + inherit (moduleFunctions.instancesFunctions) + domain0 + servicePath + sslPath + sopsPath + ; + + label = "Firefly"; + name = "firefly"; + subdomain = "finances"; + domain = "${subdomain}.${domain0}"; +in +{ + label = label; + name = name; + email = { + address0 = "noreply@${name}.${domain0}"; + }; + sops = { + path0 = "${sopsPath}/${name}"; + }; + domains = { + url0 = domain; + }; + subdomain = subdomain; + paths = { + path0 = "${servicePath}/${label}"; + }; + ports = { + port0 = 3306; + }; + ssl = { + cert = "${sslPath}/${subdomain}.${domain0}/fullchain.pem"; + key = "${sslPath}/${subdomain}.${domain0}/key.pem"; + }; +} diff --git a/modules/nixos/services/acme/default.nix b/modules/nixos/services/acme/default.nix index 659eff6..15d5f4a 100755 --- a/modules/nixos/services/acme/default.nix +++ b/modules/nixos/services/acme/default.nix @@ -41,6 +41,7 @@ in "podgrab" "vaultwarden" "audiobookshelf" + "firefly" ] ) ++ (map diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix new file mode 100644 index 0000000..12887fb --- /dev/null +++ b/modules/nixos/services/firefly/default.nix @@ -0,0 +1,84 @@ +{ flake, config, ... }: +let + inherit (flake.config.people) user0; + inherit (flake.config.services.instances) firefly web; + inherit (flake.config.machines.devices) ceres; + service = firefly; + localhost = web.localhost.address0; + host = service.domains.url0; +in +{ + services = { + firefly-iii = { + enable = true; + virtualHost = host; + settings = { + APP_URL = host; + APP_KEY_FILE = config.sops.secrets."${service.name}-key".path; + SITE_OWNER = user0.email.address0; + # DB_PORT = 3306; + DB_DATABASE = "firefly"; + DB_USERNAME = "firefly"; + DB_PASSWORD_FILE = config.sops.secrets."${service.name}-pass".path; + }; + }; + caddy = { + virtualHosts = { + "${host}" = { + extraConfig = '' + redir /.well-known/carddav /remote.php/dav/ 301 + redir /.well-known/caldav /remote.php/dav/ 301 + + reverse_proxy ${localhost}:${toString service.ports.port0} + + tls ${service.ssl.cert} ${service.ssl.key} + ''; + }; + }; + }; + sops = + let + sopsPath = secret: { + path = "${service.sops.path0}/${service.name}-${secret}"; + owner = service.name; + mode = "600"; + }; + in + { + secrets = builtins.listToAttrs ( + map + (secret: { + name = "${service.name}-${secret}"; + value = sopsPath secret; + }) + [ + "key" + "pass" + ] + ); + }; + }; + fileSystems."/var/lib/${service.name}" = { + device = service.paths.path0; + fsType = "none"; + options = [ + "bind" + ]; + depends = [ + ceres.storage0.mount + ]; + }; + + systemd.tmpfiles.rules = [ + "Z ${service.paths.path0} 755 ${service.name} ${service.name} -" + "Z ${service.sops.path0} 755 ${service.name} ${service.name} -" + ]; + + networking = { + firewall = { + allowedTCPPorts = [ + service.ports.port0 + ]; + }; + }; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 8b2a778..5e88889 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -37,6 +37,8 @@ wireguard-CA627: ENC[AES256_GCM,data:chmDsH2nE0nagjFRZWuxX08/Ykt+rIgCHYkMHd+7nIq glance-jellyfin: ENC[AES256_GCM,data:ozdDKgAWkA88J2j8RtiOP/aQPAt/neUOSlAZF20g510=,iv:x+VhYlnA9F/VPrzVcma4/oPelCc8kjWoTZvOs4L9Uqo=,tag:crdSDjr8Y5GH/JAF6t8Yeg==,type:str] kanboard-smtp: ENC[AES256_GCM,data:eOIEGwJZlvbJaTfDRU3IFQ==,iv:Jex01WlHG3uxqUnTSF+v1BgnNcIu4cS9OwHBCFl1m28=,tag:3Eld1FkI6AftlCyC3419BA==,type:str] podgrab-pass: ENC[AES256_GCM,data:DVmJDb4VqcZDKNcedSaRA5dqKOzx1tSzDiK3i23+a6v3nK+4Kh7n8EA=,iv:SiiUjJLHkCOO1VKCmubftKx06laFqNv79tIPnkVYrJU=,tag:kdkT+03DemlNAsuzps8fnw==,type:str] +firefly-key: ENC[AES256_GCM,data:dIigi/MP6L3DwRSH2eJfliG2f1z8i30cM9smDGIJWu4=,iv:OCZJqNHlGgLQ+fGGEkOeYDxBOIouIRenlCpgaUs8d7Q=,tag:/PBkp4FxZHD7D+vYG7O4Iw==,type:str] +firefly-pass: ENC[AES256_GCM,data:HqHm42JyDnGPti7PElfmQNkt72tQdddBfNWJypmDkkc=,iv:A+mmEcOiusxKnwhNKo9ytMteEP60J+ZxGQzJPP5IhEI=,tag:CB/dULemc/rtAxLt3z6BOA==,type:str] sops: age: - recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0 @@ -48,7 +50,7 @@ sops: bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-25T21:19:21Z" - mac: ENC[AES256_GCM,data:bCdXkiK+gEgdz+MG4Npne7s3PjZL135U4H8vWWxtDoOnCXi+gbKzPMKzwpFkAflfAwWttiswb2I4dfiFFIaEezILmCA5dE48WMZFccyMdCrU30FscQ2x1b41AGrQdiZK4ZwVR7iWSNbcmOJMjIXA8c97Q4ldIInYaSleEt1kvuk=,iv:RNH6cRUOKGfuHaWeNhIsibdpX6ULEtw8KuApTdZb4Vg=,tag:p9CzqXZDxk6hVIL/BK/8Rw==,type:str] + lastmodified: "2025-06-27T06:36:17Z" + mac: ENC[AES256_GCM,data:/v4ok8tjMxMyYIP3P+rZONgkiQUw/cQD/9RyDsXVpfnX8ccTleSS8F/2NO3au0qTFCfD1qO07BvtyTgrBN1Uvdb0v7Pjz3FtWSwWMoT5oJHz2ROKf6GZpApwmJv3W/ruNR+m+Y/1J/T5XhxNp0p7lBYd0i1hpOhBDyos2E3/UWQ=,iv:ETYrtu0SJ4W0hNDn9pOgM7WAAEzMpiHwFN/HG7G8+Zk=,tag:Dyzyd8SQKWkaNVVu0DVfnA==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From 45d8cfa13364be9b437a3cd34e0cc2864ba62904 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 01:42:47 -0500 Subject: [PATCH 02/34] feat: firefly-iii test --- modules/nixos/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 27be9b5..955d979 100755 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -66,6 +66,7 @@ in searx vaultwarden forgejo + firefly ; }; }; From eb9f5235ef96790fdb6603b5e5294beb01453f84 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 01:44:17 -0500 Subject: [PATCH 03/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 44 +++++++++++----------- 1 file changed, 23 insertions(+), 21 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 12887fb..f5741fe 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -36,28 +36,30 @@ in }; }; }; - sops = - let - sopsPath = secret: { - path = "${service.sops.path0}/${service.name}-${secret}"; - owner = service.name; - mode = "600"; - }; - in - { - secrets = builtins.listToAttrs ( - map - (secret: { - name = "${service.name}-${secret}"; - value = sopsPath secret; - }) - [ - "key" - "pass" - ] - ); - }; }; + + sops = + let + sopsPath = secret: { + path = "${service.sops.path0}/${service.name}-${secret}"; + owner = service.name; + mode = "600"; + }; + in + { + secrets = builtins.listToAttrs ( + map + (secret: { + name = "${service.name}-${secret}"; + value = sopsPath secret; + }) + [ + "key" + "pass" + ] + ); + }; + fileSystems."/var/lib/${service.name}" = { device = service.paths.path0; fsType = "none"; From c40de5596b252313de2be1e229f901f05c75d2df Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 01:47:26 -0500 Subject: [PATCH 04/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index f5741fe..7d2e0b7 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -1,6 +1,7 @@ { flake, config, ... }: let inherit (flake.config.people) user0; + inherit (flake.config.people.users.${user0}) email; inherit (flake.config.services.instances) firefly web; inherit (flake.config.machines.devices) ceres; service = firefly; @@ -15,7 +16,7 @@ in settings = { APP_URL = host; APP_KEY_FILE = config.sops.secrets."${service.name}-key".path; - SITE_OWNER = user0.email.address0; + SITE_OWNER = email.address0; # DB_PORT = 3306; DB_DATABASE = "firefly"; DB_USERNAME = "firefly"; From 632df2338a03bbae20907208d0544a465e70ff24 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 01:53:16 -0500 Subject: [PATCH 05/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 7d2e0b7..a419de8 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -4,7 +4,7 @@ let inherit (flake.config.people.users.${user0}) email; inherit (flake.config.services.instances) firefly web; inherit (flake.config.machines.devices) ceres; - service = firefly; + service = firefly.name; localhost = web.localhost.address0; host = service.domains.url0; in From c5c6e7b212320cdbec4ea34a0218d821c9e07ba8 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 01:56:14 -0500 Subject: [PATCH 06/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 24 +++++++++++----------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index a419de8..e3686a7 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -4,7 +4,7 @@ let inherit (flake.config.people.users.${user0}) email; inherit (flake.config.services.instances) firefly web; inherit (flake.config.machines.devices) ceres; - service = firefly.name; + service = firefly; localhost = web.localhost.address0; host = service.domains.url0; in @@ -61,19 +61,19 @@ in ); }; - fileSystems."/var/lib/${service.name}" = { - device = service.paths.path0; - fsType = "none"; - options = [ - "bind" - ]; - depends = [ - ceres.storage0.mount - ]; - }; + # fileSystems."/var/lib/${service.name}" = { + # device = service.paths.path0; + # fsType = "none"; + # options = [ + # "bind" + # ]; + # depends = [ + # ceres.storage0.mount + # ]; + # }; systemd.tmpfiles.rules = [ - "Z ${service.paths.path0} 755 ${service.name} ${service.name} -" + # "Z ${service.paths.path0} 755 ${service.name} ${service.name} -" "Z ${service.sops.path0} 755 ${service.name} ${service.name} -" ]; From acac2bff28e39e8a1fedfe44636966ac9d11109f Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 02:01:24 -0500 Subject: [PATCH 07/34] feat: firefly-iii test --- .../config/instances/config/{firefly.nix => firefly-iii.nix} | 4 ++-- modules/nixos/services/acme/default.nix | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) rename modules/config/instances/config/{firefly.nix => firefly-iii.nix} (92%) diff --git a/modules/config/instances/config/firefly.nix b/modules/config/instances/config/firefly-iii.nix similarity index 92% rename from modules/config/instances/config/firefly.nix rename to modules/config/instances/config/firefly-iii.nix index 337bca3..2b8c1a1 100644 --- a/modules/config/instances/config/firefly.nix +++ b/modules/config/instances/config/firefly-iii.nix @@ -7,8 +7,8 @@ let sopsPath ; - label = "Firefly"; - name = "firefly"; + label = "Firefly-III"; + name = "firefly-iii"; subdomain = "finances"; domain = "${subdomain}.${domain0}"; in diff --git a/modules/nixos/services/acme/default.nix b/modules/nixos/services/acme/default.nix index 15d5f4a..be6fedc 100755 --- a/modules/nixos/services/acme/default.nix +++ b/modules/nixos/services/acme/default.nix @@ -41,7 +41,7 @@ in "podgrab" "vaultwarden" "audiobookshelf" - "firefly" + "firefly-iii" ] ) ++ (map From 69a16409d8818345a6b4fb842977f52b3ba19d2a Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 02:02:14 -0500 Subject: [PATCH 08/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index e3686a7..0a7c099 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -2,9 +2,9 @@ let inherit (flake.config.people) user0; inherit (flake.config.people.users.${user0}) email; - inherit (flake.config.services.instances) firefly web; + inherit (flake.config.services.instances) firefly-iii web; inherit (flake.config.machines.devices) ceres; - service = firefly; + service = firefly-iii; localhost = web.localhost.address0; host = service.domains.url0; in From 0d1eff723fe07c0b129c454735d5d4e27fcbe3b0 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 02:07:23 -0500 Subject: [PATCH 09/34] feat: firefly-iii test --- secrets/secrets.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 5e88889..43f3976 100755 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -37,8 +37,8 @@ wireguard-CA627: ENC[AES256_GCM,data:chmDsH2nE0nagjFRZWuxX08/Ykt+rIgCHYkMHd+7nIq glance-jellyfin: ENC[AES256_GCM,data:ozdDKgAWkA88J2j8RtiOP/aQPAt/neUOSlAZF20g510=,iv:x+VhYlnA9F/VPrzVcma4/oPelCc8kjWoTZvOs4L9Uqo=,tag:crdSDjr8Y5GH/JAF6t8Yeg==,type:str] kanboard-smtp: ENC[AES256_GCM,data:eOIEGwJZlvbJaTfDRU3IFQ==,iv:Jex01WlHG3uxqUnTSF+v1BgnNcIu4cS9OwHBCFl1m28=,tag:3Eld1FkI6AftlCyC3419BA==,type:str] podgrab-pass: ENC[AES256_GCM,data:DVmJDb4VqcZDKNcedSaRA5dqKOzx1tSzDiK3i23+a6v3nK+4Kh7n8EA=,iv:SiiUjJLHkCOO1VKCmubftKx06laFqNv79tIPnkVYrJU=,tag:kdkT+03DemlNAsuzps8fnw==,type:str] -firefly-key: ENC[AES256_GCM,data:dIigi/MP6L3DwRSH2eJfliG2f1z8i30cM9smDGIJWu4=,iv:OCZJqNHlGgLQ+fGGEkOeYDxBOIouIRenlCpgaUs8d7Q=,tag:/PBkp4FxZHD7D+vYG7O4Iw==,type:str] -firefly-pass: ENC[AES256_GCM,data:HqHm42JyDnGPti7PElfmQNkt72tQdddBfNWJypmDkkc=,iv:A+mmEcOiusxKnwhNKo9ytMteEP60J+ZxGQzJPP5IhEI=,tag:CB/dULemc/rtAxLt3z6BOA==,type:str] +firefly-iii-key: ENC[AES256_GCM,data:tLJfwB8De1vdGeccr4SxifU7KYAfnasoXISvz5mSR28=,iv:vknG+h2D04lECHE/PPA53aZqWk4ouYcH+WfP7WooPYU=,tag:HKma2cydw58pAnvOFH53fA==,type:str] +firefly-iii-pass: ENC[AES256_GCM,data:eJwIM4YHnXTqTOUfU/0CKMSS534VEZIxkBviI1pd7R4=,iv:pUv8ok5nLDGeCcP2hsTculk+MPPAjkupidQO0Jkc3Wc=,tag:zq7+lFjdOr5ORpthqXW8EA==,type:str] sops: age: - recipient: age19dpncsdphdt2tmknjs99eghk527pvdrw0m29qjn2z2gg3et5tdtqycqhl0 @@ -50,7 +50,7 @@ sops: bXBOa1VSakoyaWxpODJEOU11QUZCaUEK8Ch9Ten3DdrPHF1DTH2qei85AlHUOaLD aNfzakake7ej+MxJYdKEU0bcWofNMKzIlZa2uM10KZSENDP8d8qlig== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-27T06:36:17Z" - mac: ENC[AES256_GCM,data:/v4ok8tjMxMyYIP3P+rZONgkiQUw/cQD/9RyDsXVpfnX8ccTleSS8F/2NO3au0qTFCfD1qO07BvtyTgrBN1Uvdb0v7Pjz3FtWSwWMoT5oJHz2ROKf6GZpApwmJv3W/ruNR+m+Y/1J/T5XhxNp0p7lBYd0i1hpOhBDyos2E3/UWQ=,iv:ETYrtu0SJ4W0hNDn9pOgM7WAAEzMpiHwFN/HG7G8+Zk=,tag:Dyzyd8SQKWkaNVVu0DVfnA==,type:str] + lastmodified: "2025-06-27T07:07:16Z" + mac: ENC[AES256_GCM,data:yNS+bjiHnrHHmmMkChrF5PmxrYAY9HEEErhScsxTNS2OIpiK3Q+ARiTfmT01vmqFBu63RtYJFPQ3gXM1iNrqjQcnp0btXPo2uvLewbHqfj6UaQsj34GXzf9dIzeHAnXWxtlJxkrCA1ufVwW78bzlDt0x64DhboWk5pqlDUaGR6Y=,iv:oEZzK7RBxIK/DbV3wvbL4UYB59PBygGFV3uktHtjVjg=,tag:Lldass5AJL3Ka1bniaxECg==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 From c712e00d8f951f4061d9c5d3bdea43536f5e66ff Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 02:13:52 -0500 Subject: [PATCH 10/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 26 +++++++++++++--------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 0a7c099..ebf42d6 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -61,19 +61,23 @@ in ); }; - # fileSystems."/var/lib/${service.name}" = { - # device = service.paths.path0; - # fsType = "none"; - # options = [ - # "bind" - # ]; - # depends = [ - # ceres.storage0.mount - # ]; - # }; + fileSystems."/var/lib/${service.name}" = { + device = service.paths.path0; + fsType = "none"; + options = [ + "bind" + ]; + depends = [ + ceres.storage0.mount + ]; + }; + + users.users.${service.name}.extraGroups = [ + "caddy" + ]; systemd.tmpfiles.rules = [ - # "Z ${service.paths.path0} 755 ${service.name} ${service.name} -" + "Z ${service.paths.path0} 755 ${service.name} ${service.name} -" "Z ${service.sops.path0} 755 ${service.name} ${service.name} -" ]; From 86695b2de261cfd07605e58ee5be51ef5a220fad Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 02:27:11 -0500 Subject: [PATCH 11/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index ebf42d6..56cfc3a 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -12,7 +12,7 @@ in services = { firefly-iii = { enable = true; - virtualHost = host; + virtualHost = "https://${host}"; settings = { APP_URL = host; APP_KEY_FILE = config.sops.secrets."${service.name}-key".path; @@ -27,10 +27,19 @@ in virtualHosts = { "${host}" = { extraConfig = '' - redir /.well-known/carddav /remote.php/dav/ 301 - redir /.well-known/caldav /remote.php/dav/ 301 + reverse_proxy ${localhost}:${toString service.ports.port0} { + header_up X-Forwarded-Proto {scheme} + header_up X-Forwarded-Host {host} + header_up X-Forwarded-Server {host} + header_up X-Forwarded-For {remote_host} + header_up Host {host} - reverse_proxy ${localhost}:${toString service.ports.port0} + timeout 300s + } + + request_body { + max_size 64MB + } tls ${service.ssl.cert} ${service.ssl.key} ''; From 4fecd8b2b3f4ccc64aed2a8ab287bd2ea1caa3e2 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 02:29:20 -0500 Subject: [PATCH 12/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 56cfc3a..17c3caf 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -5,7 +5,7 @@ let inherit (flake.config.services.instances) firefly-iii web; inherit (flake.config.machines.devices) ceres; service = firefly-iii; - localhost = web.localhost.address0; + localhost = web.localhost.address1; host = service.domains.url0; in { From 674c1ab3e3d0313e8a01a40300574ff0ca621d5d Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 02:39:26 -0500 Subject: [PATCH 13/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 17c3caf..a656221 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -12,15 +12,17 @@ in services = { firefly-iii = { enable = true; - virtualHost = "https://${host}"; + virtualHost = host; settings = { - APP_URL = host; APP_KEY_FILE = config.sops.secrets."${service.name}-key".path; SITE_OWNER = email.address0; + VIRTUAL_HOST = host; + VIRTUAL_PORT = service.ports.port1; # DB_PORT = 3306; DB_DATABASE = "firefly"; DB_USERNAME = "firefly"; DB_PASSWORD_FILE = config.sops.secrets."${service.name}-pass".path; + APP_FORCE_SSL = true; }; }; caddy = { From 0550894a5f16530a2483a0e8cb24fd5062621694 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 02:40:39 -0500 Subject: [PATCH 14/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index a656221..827cbfe 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -16,8 +16,8 @@ in settings = { APP_KEY_FILE = config.sops.secrets."${service.name}-key".path; SITE_OWNER = email.address0; - VIRTUAL_HOST = host; - VIRTUAL_PORT = service.ports.port1; + # VIRTUAL_HOST = host; + # VIRTUAL_PORT = service.ports.port1; # DB_PORT = 3306; DB_DATABASE = "firefly"; DB_USERNAME = "firefly"; From 32566312007e04d599756f7303af58b13c783940 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 02:47:15 -0500 Subject: [PATCH 15/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 827cbfe..3f2321f 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -22,7 +22,7 @@ in DB_DATABASE = "firefly"; DB_USERNAME = "firefly"; DB_PASSWORD_FILE = config.sops.secrets."${service.name}-pass".path; - APP_FORCE_SSL = true; + # APP_FORCE_SSL = true; }; }; caddy = { From 459efac23b5231f76d97b3600a92bc0055ea9b7c Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 02:50:05 -0500 Subject: [PATCH 16/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 3f2321f..808c460 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -29,7 +29,7 @@ in virtualHosts = { "${host}" = { extraConfig = '' - reverse_proxy ${localhost}:${toString service.ports.port0} { + reverse_proxy ${localhost}:443 { header_up X-Forwarded-Proto {scheme} header_up X-Forwarded-Host {host} header_up X-Forwarded-Server {host} From 2843ecf34682430632f7a8a227242f79e40aacef Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 02:51:05 -0500 Subject: [PATCH 17/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 808c460..f096721 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -72,23 +72,23 @@ in ); }; - fileSystems."/var/lib/${service.name}" = { - device = service.paths.path0; - fsType = "none"; - options = [ - "bind" - ]; - depends = [ - ceres.storage0.mount - ]; - }; + # fileSystems."/var/lib/${service.name}" = { + # device = service.paths.path0; + # fsType = "none"; + # options = [ + # "bind" + # ]; + # depends = [ + # ceres.storage0.mount + # ]; + # }; users.users.${service.name}.extraGroups = [ "caddy" ]; systemd.tmpfiles.rules = [ - "Z ${service.paths.path0} 755 ${service.name} ${service.name} -" + # "Z ${service.paths.path0} 755 ${service.name} ${service.name} -" "Z ${service.sops.path0} 755 ${service.name} ${service.name} -" ]; From 1a2c4e20d50768b9a9138f93a242d58161924211 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:03:44 -0500 Subject: [PATCH 18/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index f096721..a90ed30 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -16,20 +16,16 @@ in settings = { APP_KEY_FILE = config.sops.secrets."${service.name}-key".path; SITE_OWNER = email.address0; - # VIRTUAL_HOST = host; - # VIRTUAL_PORT = service.ports.port1; - # DB_PORT = 3306; DB_DATABASE = "firefly"; DB_USERNAME = "firefly"; DB_PASSWORD_FILE = config.sops.secrets."${service.name}-pass".path; - # APP_FORCE_SSL = true; }; }; caddy = { virtualHosts = { "${host}" = { extraConfig = '' - reverse_proxy ${localhost}:443 { + reverse_proxy ${localhost}:80 { header_up X-Forwarded-Proto {scheme} header_up X-Forwarded-Host {host} header_up X-Forwarded-Server {host} From 70e3c0587eaaab9ece3eb89a4617d40c4adcc3a2 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:07:30 -0500 Subject: [PATCH 19/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index a90ed30..5b9d102 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -25,7 +25,7 @@ in virtualHosts = { "${host}" = { extraConfig = '' - reverse_proxy ${localhost}:80 { + reverse_proxy ${localhost}:8080 { header_up X-Forwarded-Proto {scheme} header_up X-Forwarded-Host {host} header_up X-Forwarded-Server {host} From 5198ea656e283b604f41d1ba9e0b06589742d9d4 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:10:31 -0500 Subject: [PATCH 20/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 25 +++++++++++++++------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 5b9d102..ffa95ee 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -25,20 +25,29 @@ in virtualHosts = { "${host}" = { extraConfig = '' - reverse_proxy ${localhost}:8080 { - header_up X-Forwarded-Proto {scheme} - header_up X-Forwarded-Host {host} - header_up X-Forwarded-Server {host} - header_up X-Forwarded-For {remote_host} - header_up Host {host} + encode gzip - timeout 300s + reverse_proxy localhost:8080 { + header_up Host {host}:{server_port} + header_up X-Real-IP {remote_host} + header_up X-Forwarded-For {remote_host} + header_up X-Forwarded-Proto https + header_up X-Forwarded-Host {host} + header_up X-Forwarded-Ssl on + header_up Connection "" + + timeout 240s + dial_timeout 240s + } + + @session_cookie header Cookie *session* + handle @session_cookie { + header Cache-Control "no-cache, no-store, must-revalidate" } request_body { max_size 64MB } - tls ${service.ssl.cert} ${service.ssl.key} ''; }; From 0004183f51640ab9d1119ba5d1201c58cb16b6b8 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:14:32 -0500 Subject: [PATCH 21/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index ffa95ee..b6d6962 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -12,7 +12,7 @@ in services = { firefly-iii = { enable = true; - virtualHost = host; + virtualHost = "localhost"; settings = { APP_KEY_FILE = config.sops.secrets."${service.name}-key".path; SITE_OWNER = email.address0; From 195ed9eba6df6b81c4a066283135ccb5f01fe231 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:18:27 -0500 Subject: [PATCH 22/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 74 +++++++++++++--------- 1 file changed, 43 insertions(+), 31 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index b6d6962..8e920b0 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -12,7 +12,7 @@ in services = { firefly-iii = { enable = true; - virtualHost = "localhost"; + virtualHost = host; settings = { APP_KEY_FILE = config.sops.secrets."${service.name}-key".path; SITE_OWNER = email.address0; @@ -21,38 +21,49 @@ in DB_PASSWORD_FILE = config.sops.secrets."${service.name}-pass".path; }; }; - caddy = { - virtualHosts = { - "${host}" = { - extraConfig = '' - encode gzip - - reverse_proxy localhost:8080 { - header_up Host {host}:{server_port} - header_up X-Real-IP {remote_host} - header_up X-Forwarded-For {remote_host} - header_up X-Forwarded-Proto https - header_up X-Forwarded-Host {host} - header_up X-Forwarded-Ssl on - header_up Connection "" - - timeout 240s - dial_timeout 240s - } - - @session_cookie header Cookie *session* - handle @session_cookie { - header Cache-Control "no-cache, no-store, must-revalidate" - } - - request_body { - max_size 64MB - } - tls ${service.ssl.cert} ${service.ssl.key} - ''; - }; + ngnix = { + enable = true; + virtualHosts.${config.services.firefly-iii.virtualHost} = { + listen = [ + { + addr = "0.0.0.0"; + port = 8080; + } + ]; }; }; + # caddy = { + # virtualHosts = { + # "${host}" = { + # extraConfig = '' + # encode gzip + + # reverse_proxy localhost:8080 { + # header_up Host {host}:{server_port} + # header_up X-Real-IP {remote_host} + # header_up X-Forwarded-For {remote_host} + # header_up X-Forwarded-Proto https + # header_up X-Forwarded-Host {host} + # header_up X-Forwarded-Ssl on + # header_up Connection "" + + # timeout 240s + # dial_timeout 240s + # } + + # @session_cookie header Cookie *session* + # handle @session_cookie { + # header Cache-Control "no-cache, no-store, must-revalidate" + # } + + # request_body { + # max_size 64MB + # } + # tls ${service.ssl.cert} ${service.ssl.key} + # ''; + # }; + # }; + # }; }; sops = @@ -100,6 +111,7 @@ in networking = { firewall = { allowedTCPPorts = [ + 8080 service.ports.port0 ]; }; From ae910651e5c234f6f1ba328c4071debd253c5d36 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:19:33 -0500 Subject: [PATCH 23/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 8e920b0..7c128c2 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -21,7 +21,7 @@ in DB_PASSWORD_FILE = config.sops.secrets."${service.name}-pass".path; }; }; - ngnix = { + nginx = { enable = true; virtualHosts.${config.services.firefly-iii.virtualHost} = { listen = [ From 6ac75c74ecfa3b9ffa12e7de7235c9782d6796d8 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:22:31 -0500 Subject: [PATCH 24/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 56 +++++++++++----------- 1 file changed, 28 insertions(+), 28 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 7c128c2..0f2aabe 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -32,38 +32,38 @@ in ]; }; }; - # caddy = { - # virtualHosts = { - # "${host}" = { - # extraConfig = '' - # encode gzip + caddy = { + virtualHosts = { + "${host}" = { + extraConfig = '' + encode gzip - # reverse_proxy localhost:8080 { - # header_up Host {host}:{server_port} - # header_up X-Real-IP {remote_host} - # header_up X-Forwarded-For {remote_host} - # header_up X-Forwarded-Proto https - # header_up X-Forwarded-Host {host} - # header_up X-Forwarded-Ssl on - # header_up Connection "" + reverse_proxy localhost:8080 { + header_up Host {host}:{server_port} + header_up X-Real-IP {remote_host} + header_up X-Forwarded-For {remote_host} + header_up X-Forwarded-Proto https + header_up X-Forwarded-Host {host} + header_up X-Forwarded-Ssl on + header_up Connection "" - # timeout 240s - # dial_timeout 240s - # } + timeout 240s + dial_timeout 240s + } - # @session_cookie header Cookie *session* - # handle @session_cookie { - # header Cache-Control "no-cache, no-store, must-revalidate" - # } + @session_cookie header Cookie *session* + handle @session_cookie { + header Cache-Control "no-cache, no-store, must-revalidate" + } - # request_body { - # max_size 64MB - # } - # tls ${service.ssl.cert} ${service.ssl.key} - # ''; - # }; - # }; - # }; + request_body { + max_size 64MB + } + tls ${service.ssl.cert} ${service.ssl.key} + ''; + }; + }; + }; }; sops = From b69ca8d8d14e9e6b67229950d8804ee4d7a866fb Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:23:35 -0500 Subject: [PATCH 25/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 0f2aabe..62be55c 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -38,7 +38,7 @@ in extraConfig = '' encode gzip - reverse_proxy localhost:8080 { + reverse_proxy 0.0.0.0:8080 { header_up Host {host}:{server_port} header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host} From dc644c34ee4ac92f0979ae89615d0d275fed364e Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:27:52 -0500 Subject: [PATCH 26/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 34 +++++++++++++--------- 1 file changed, 20 insertions(+), 14 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 62be55c..2828ff6 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -19,38 +19,43 @@ in DB_DATABASE = "firefly"; DB_USERNAME = "firefly"; DB_PASSWORD_FILE = config.sops.secrets."${service.name}-pass".path; + TRUSTED_PROXIES = "**"; + APP_URL = "https://${host}"; }; }; - nginx = { - enable = true; - virtualHosts.${config.services.firefly-iii.virtualHost} = { - listen = [ - { - addr = "0.0.0.0"; - port = 8080; - } - ]; - }; - }; + + # nginx = { + # enable = true; + # virtualHosts.${config.services.firefly-iii.virtualHost} = { + # listen = [ + # { + # addr = "0.0.0.0"; + # port = 8080; + # } + # ]; + # }; + # }; + caddy = { virtualHosts = { "${host}" = { extraConfig = '' encode gzip - reverse_proxy 0.0.0.0:8080 { - header_up Host {host}:{server_port} + # Proxy to Firefly III (which runs on port 8080 by default) + reverse_proxy localhost:8080 { + header_up Host {host} header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host} header_up X-Forwarded-Proto https header_up X-Forwarded-Host {host} header_up X-Forwarded-Ssl on header_up Connection "" - timeout 240s dial_timeout 240s } + # Handle session cookies @session_cookie header Cookie *session* handle @session_cookie { header Cache-Control "no-cache, no-store, must-revalidate" @@ -59,6 +64,7 @@ in request_body { max_size 64MB } + tls ${service.ssl.cert} ${service.ssl.key} ''; }; From 7d37f12d3b52a9906005654b0d0ec90847631f6d Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:40:36 -0500 Subject: [PATCH 27/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 2828ff6..016c15f 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -13,6 +13,7 @@ in firefly-iii = { enable = true; virtualHost = host; + enableNginx = true; settings = { APP_KEY_FILE = config.sops.secrets."${service.name}-key".path; SITE_OWNER = email.address0; @@ -42,8 +43,7 @@ in extraConfig = '' encode gzip - # Proxy to Firefly III (which runs on port 8080 by default) - reverse_proxy localhost:8080 { + reverse_proxy localhost:80 { header_up Host {host} header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host} @@ -55,7 +55,6 @@ in dial_timeout 240s } - # Handle session cookies @session_cookie header Cookie *session* handle @session_cookie { header Cache-Control "no-cache, no-store, must-revalidate" From 47e9af6dd9b7e3699cef224a4f2791b4c4e0998a Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:43:04 -0500 Subject: [PATCH 28/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 24 +++++++++++----------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 016c15f..fd7e114 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -25,17 +25,17 @@ in }; }; - # nginx = { - # enable = true; - # virtualHosts.${config.services.firefly-iii.virtualHost} = { - # listen = [ - # { - # addr = "0.0.0.0"; - # port = 8080; - # } - # ]; - # }; - # }; + nginx = { + enable = true; + virtualHosts.${config.services.firefly-iii.virtualHost} = { + listen = [ + { + addr = "0.0.0.0"; + port = 8080; + } + ]; + }; + }; caddy = { virtualHosts = { @@ -43,7 +43,7 @@ in extraConfig = '' encode gzip - reverse_proxy localhost:80 { + reverse_proxy localhost:8080 { header_up Host {host} header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host} From 1594ca6e4d69098dc7a7bcd9c0eaf044ddf7a7e4 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:44:07 -0500 Subject: [PATCH 29/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index fd7e114..08a7fd0 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -12,7 +12,7 @@ in services = { firefly-iii = { enable = true; - virtualHost = host; + # virtualHost = host; enableNginx = true; settings = { APP_KEY_FILE = config.sops.secrets."${service.name}-key".path; From 617d106d03e719b2873ee8d80d0a9fb4aff763e7 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:45:44 -0500 Subject: [PATCH 30/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 08a7fd0..e4ec5aa 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -12,7 +12,7 @@ in services = { firefly-iii = { enable = true; - # virtualHost = host; + virtualHost = "0.0.0.0"; enableNginx = true; settings = { APP_KEY_FILE = config.sops.secrets."${service.name}-key".path; From 7b2cff33ca4893f8f2f5931235e306d95390032e Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:46:43 -0500 Subject: [PATCH 31/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index e4ec5aa..4dc6940 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -12,7 +12,7 @@ in services = { firefly-iii = { enable = true; - virtualHost = "0.0.0.0"; + virtualHost = host; enableNginx = true; settings = { APP_KEY_FILE = config.sops.secrets."${service.name}-key".path; @@ -21,7 +21,6 @@ in DB_USERNAME = "firefly"; DB_PASSWORD_FILE = config.sops.secrets."${service.name}-pass".path; TRUSTED_PROXIES = "**"; - APP_URL = "https://${host}"; }; }; From fe1e553299e4ed645f6b83b5719bb6600b97ac8d Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:48:16 -0500 Subject: [PATCH 32/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 4dc6940..30da779 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -26,14 +26,14 @@ in nginx = { enable = true; - virtualHosts.${config.services.firefly-iii.virtualHost} = { - listen = [ - { - addr = "0.0.0.0"; - port = 8080; - } - ]; - }; + # virtualHosts.${config.services.firefly-iii.virtualHost} = { + # listen = [ + # { + # addr = "0.0.0.0"; + # port = 8080; + # } + # ]; + # }; }; caddy = { @@ -42,7 +42,7 @@ in extraConfig = '' encode gzip - reverse_proxy localhost:8080 { + reverse_proxy localhost:80 { header_up Host {host} header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host} From a3b732bd6ddea133372c7f6571d26c26ce7b2e94 Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:51:42 -0500 Subject: [PATCH 33/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index 30da779..b31a822 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -26,14 +26,14 @@ in nginx = { enable = true; - # virtualHosts.${config.services.firefly-iii.virtualHost} = { - # listen = [ - # { - # addr = "0.0.0.0"; - # port = 8080; - # } - # ]; - # }; + virtualHosts.${config.services.firefly-iii.virtualHost} = { + listen = [ + { + addr = "0.0.0.0"; + port = 8080; + } + ]; + }; }; caddy = { @@ -42,7 +42,7 @@ in extraConfig = '' encode gzip - reverse_proxy localhost:80 { + reverse_proxy http://localhost:${toString config.services.firefly-iii.settings.APP_PORT} { header_up Host {host} header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host} From 88aa4f16ecf8ecbe56036e87a84a369de595caaf Mon Sep 17 00:00:00 2001 From: Nick Date: Fri, 27 Jun 2025 03:53:15 -0500 Subject: [PATCH 34/34] feat: firefly-iii test --- modules/nixos/services/firefly/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/firefly/default.nix b/modules/nixos/services/firefly/default.nix index b31a822..4dc6940 100644 --- a/modules/nixos/services/firefly/default.nix +++ b/modules/nixos/services/firefly/default.nix @@ -42,7 +42,7 @@ in extraConfig = '' encode gzip - reverse_proxy http://localhost:${toString config.services.firefly-iii.settings.APP_PORT} { + reverse_proxy localhost:8080 { header_up Host {host} header_up X-Real-IP {remote_host} header_up X-Forwarded-For {remote_host}