From 2d86a1b0bd132e6a0a4cf63126ae43b5fada1015 Mon Sep 17 00:00:00 2001 From: oddlama Date: Sun, 27 Apr 2025 22:49:39 +0200 Subject: [PATCH] feat: enable firefly-iii-data-importer --- config/users.nix | 1 + hosts/sentinel/firezone.nix | 1 + hosts/ward/default.nix | 1 + hosts/ward/guests/adguardhome.nix | 1 + hosts/ward/guests/firefly.nix | 30 ++++++++++++++++++ .../firefly-data-importer-app-key.age | Bin 0 -> 443 bytes ...20811918-firefly-data-importer-app-key.age | 8 +++++ 7 files changed, 42 insertions(+) create mode 100644 secrets/generated/ward-firefly/firefly-data-importer-app-key.age create mode 100644 secrets/rekeyed/ward-firefly/bf62c2abb03665ad857f821820811918-firefly-data-importer-app-key.age diff --git a/config/users.nix b/config/users.nix index bf62d6d..455852c 100644 --- a/config/users.nix +++ b/config/users.nix @@ -46,5 +46,6 @@ firefly-iii = uidGid 965; firefly-pico = uidGid 964; avahi = uidGid 963; + firefly-iii-data-importer = uidGid 962; }; } diff --git a/hosts/sentinel/firezone.nix b/hosts/sentinel/firezone.nix index 674b72f..32f6abb 100644 --- a/hosts/sentinel/firezone.nix +++ b/hosts/sentinel/firezone.nix @@ -14,6 +14,7 @@ let globals.services.grafana.domain globals.services.firefly.domain globals.services.firefly-pico.domain + globals.services.firefly-data-importer.domain globals.services.immich.domain globals.services.influxdb.domain globals.services.loki.domain diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix index f69e832..bf19d63 100644 --- a/hosts/ward/default.nix +++ b/hosts/ward/default.nix @@ -15,6 +15,7 @@ let globals.services.grafana.domain globals.services.firefly.domain globals.services.firefly-pico.domain + globals.services.firefly-data-importer.domain globals.services.immich.domain globals.services.influxdb.domain globals.services.loki.domain diff --git a/hosts/ward/guests/adguardhome.nix b/hosts/ward/guests/adguardhome.nix index fe00c8b..a152511 100644 --- a/hosts/ward/guests/adguardhome.nix +++ b/hosts/ward/guests/adguardhome.nix @@ -114,6 +114,7 @@ in globals.services.grafana.domain globals.services.firefly.domain globals.services.firefly-pico.domain + globals.services.firefly-data-importer.domain globals.services.immich.domain globals.services.influxdb.domain globals.services.loki.domain diff --git a/hosts/ward/guests/firefly.nix b/hosts/ward/guests/firefly.nix index ab43289..9443d7b 100644 --- a/hosts/ward/guests/firefly.nix +++ b/hosts/ward/guests/firefly.nix @@ -7,6 +7,7 @@ let fireflyDomain = "firefly.${globals.domains.me}"; fireflyPicoDomain = "firefly-pico.${globals.domains.me}"; + fireflyDataImporterDomain = "firefly-data-importer.${globals.domains.me}"; wardWebProxyCfg = nodes.ward-web-proxy.config; in { @@ -17,6 +18,7 @@ in globals.services.firefly.domain = fireflyDomain; globals.services.firefly-pico.domain = fireflyPicoDomain; + globals.services.firefly-data-importer.domain = fireflyDataImporterDomain; globals.monitoring.http.firefly = { url = "https://${fireflyDomain}"; expectedBodyRegex = "Firefly III"; @@ -42,6 +44,13 @@ in owner = "firefly-pico"; }; + age.secrets.firefly-data-importer-app-key = { + generator.script = _: '' + echo "base64:$(head -c 32 /dev/urandom | base64)" + ''; + owner = "firefly-data-importer"; + }; + environment.persistence."/persist".directories = [ { directory = "/var/lib/firefly-iii"; @@ -51,6 +60,10 @@ in directory = "/var/lib/firefly-pico"; user = "firefly-pico"; } + { + directory = "/var/lib/firefly-iii-data-importer"; + user = "firefly-iii-data-importer"; + } ]; networking.hosts.${wardWebProxyCfg.wireguard.proxy-home.ipv4} = [ @@ -89,6 +102,23 @@ in }; }; + services.firefly-iii-data-importer = { + enable = true; + enableNginx = true; + virtualHost = globals.services.firefly-data-importer.domain; + settings = { + LOG_CHANNEL = "syslog"; + APP_ENV = "local"; + APP_URL = "https://${globals.services.firefly-data-importer.domain}"; + TZ = "Europe/Berlin"; + FIREFLY_III_URL = config.services.firefly-iii.settings.APP_URL; + VANITY_URL = config.services.firefly-iii.settings.APP_URL; + TRUSTED_PROXIES = wardWebProxyCfg.wireguard.proxy-home.ipv4; + EXPECT_SECURE_URL = "true"; + APP_KEY_FILE = config.age.secrets.firefly-data-importer-app-key.path; + }; + }; + services.nginx.commonHttpConfig = '' log_format json_combined escape=json '{' '"time": $msec,' diff --git a/secrets/generated/ward-firefly/firefly-data-importer-app-key.age b/secrets/generated/ward-firefly/firefly-data-importer-app-key.age new file mode 100644 index 0000000000000000000000000000000000000000..701c1aa34221ca9ddaa00dc68e91b92fd346470b GIT binary patch literal 443 zcmWm7yKB^7003|omrNZ*#HHWjAlI1JCAmWsV=j;0C3pRLmo$kun0$FOmkU&o zZaN4KBIqVgj$OpXLBWoKqf$^%1hFFSBK`dXKQ{{TF!hTSsuo##B`YGLrZD_EuxOU0 z`hb@ytBkiG)1OlA+!DBX%Vn%Fm^Z%WMAamg__0~&ZNNaRw47*6jgop#p_^sHIaW$6 zlVQheTS?;7UdRsmyE7z~e0e&cMU5kx+5xbvK1UE z`OPSDb^}B5HeFMJ9;Rflk}P{BC-zK*ge$^1>4hD~mkJ{4Xf9=#&5Y9a3^O~uNQ6g4 z=$0W^-KZS#>I9Ux&<0>Yb34w1%UG&vqrzD7Q!|n7Y!bB#>p-5u)b1@rSJs`X%v4es zA<~YOaBO2Zj)SG#m3uq^^~85r#>j{X?ZHalNx0BNWg1jS6?V9MJFU9d2ML@w$NsM; zAK$(>w|aN*{Bv-;erex5yOuM5+Y=3q)-S$%@O$ImqxXmKO!vI{`qR(q$Jc8Q4_;x< bE<8Q@^ZoFRu%&I^{r083C!@zlsc`>4c6FZP literal 0 HcmV?d00001 diff --git a/secrets/rekeyed/ward-firefly/bf62c2abb03665ad857f821820811918-firefly-data-importer-app-key.age b/secrets/rekeyed/ward-firefly/bf62c2abb03665ad857f821820811918-firefly-data-importer-app-key.age new file mode 100644 index 0000000..0fe750c --- /dev/null +++ b/secrets/rekeyed/ward-firefly/bf62c2abb03665ad857f821820811918-firefly-data-importer-app-key.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 YHfciQ Ta83gRa74Qw3CSktDEV58orXyTabF1iyMe9o0EftLAk +JedF0o7cg0cyr7NTlDUQGQTrqTsOUyqr2qGgeb04F98 +-> c7X&&-grease M (u|w5r1t Bu&{ +KgBrgDovK7GWxFLq7kkwA5UNWr5QqlzeWbU13cTt8DXC4TCdSS9A+Wjzl+qDykzW +5oZ6tFgvWFFF2E/3Ym1YjTTl3cOvxG0RG6Bj/GXNVjo8PeTJ5Ny9h+yOJ/YuAcY +--- cqhrBzqNMukHeBPQe1mlHpVZfVWgUAepvPV8JGbAUVA +ÑR<,VÏHÀíY·ZÅ#Š}·*Ϫ¦!Ä â[ärƒµÙúê¢kȾè܆ʓo’jcÎ>92­ /dbû=sÛöE{1~"îûû&ö»j$8H \ No newline at end of file