feat: add firefly pico

2025-10-10 14:50:40 +02:00 · 2025-04-26 14:39:43 +02:00 · 2025-04-26 14:39:43 +02:00 · d7b79ab6e9
commit d7b79ab6e9
parent d7fbce7a1e
13 changed files with 587 additions and 11 deletions
--- a/hosts/kroma/default.nix
+++ b/hosts/kroma/default.nix
@ -91,6 +91,9 @@
  programs.nix-ld.enable = true;
  topology.self.icon = "devices.desktop";

+  # Mainly for client-side formatting in websites like firefly-iii
+  i18n.supportedLocales = [ "de_DE.UTF-8/UTF-8" ];
+
  hardware.nvidia-container-toolkit.enable = true;
  virtualisation.containers.enable = true;
  virtualisation.podman = {
--- a/hosts/ward/guests/firefly.nix
+++ b/hosts/ward/guests/firefly.nix
@ -20,8 +20,20 @@ in
    expectedBodyRegex = "Firefly III";
    network = "home-lan.vlans.services";
  };
+  globals.monitoring.http.firefly-pico = {
+    url = "https://${fireflyDomain}/pico";
+    expectedBodyRegex = "Pico";
+    network = "home-lan.vlans.services";
+  };

-  age.secrets.firefly-app-key = {
+  age.secrets.firefly-iii-app-key = {
+    generator.script = _: ''
+      echo "base64:$(head -c 32 /dev/urandom | base64)"
+    '';
+    owner = "firefly-iii";
+  };
+
+  age.secrets.firefly-pico-app-key = {
    generator.script = _: ''
      echo "base64:$(head -c 32 /dev/urandom | base64)"
    '';
@ -33,21 +45,39 @@ in
      directory = "/var/lib/firefly-iii";
      user = "firefly-iii";
    }
+    {
+      directory = "/var/lib/firefly-pico";
+      user = "firefly-pico";
+    }
  ];

-  i18n.supportedLocales = [ "all" ];
  services.firefly-iii = {
    enable = true;
    enableNginx = true;
    virtualHost = globals.services.firefly.domain;
    settings = {
      AUDIT_LOG_LEVEL = "emergency"; # disable audit logs
-      LOG_CHANNEL = "stdout";
+      LOG_CHANNEL = "syslog";
      APP_URL = "https://${globals.services.firefly.domain}";
      TZ = "Europe/Berlin";
      TRUSTED_PROXIES = wardWebProxyCfg.wireguard.proxy-home.ipv4;
      SITE_OWNER = "admin@${globals.domains.me}";
-      APP_KEY_FILE = config.age.secrets.firefly-app-key.path;
+      APP_KEY_FILE = config.age.secrets.firefly-iii-app-key.path;
+    };
+  };
+
+  services.firefly-pico = {
+    enable = true;
+    enableNginx = true;
+    virtualHost = "pico.internal";
+    settings = {
+      LOG_CHANNEL = "syslog";
+      APP_URL = "https://${globals.services.firefly.domain}/pico";
+      TZ = "Europe/Berlin";
+      FIREFLY_URL = config.services.firefly-iii.settings.APP_URL;
+      TRUSTED_PROXIES = wardWebProxyCfg.wireguard.proxy-home.ipv4;
+      SITE_OWNER = "admin@${globals.domains.me}";
+      APP_KEY_FILE = config.age.secrets.firefly-pico-app-key.path;
    };
  };

@ -71,6 +101,13 @@ in
          proxyPass = "http://firefly";
          proxyWebsockets = true;
        };
+        locations."/pico" = {
+          proxyPass = "http://firefly/"; # Trailing slash matters! (remove location suffix)
+          proxyWebsockets = true;
+          extraConfig = ''
+            proxy_set_header Host pico.internal;
+          '';
+        };
        extraConfig = ''
          allow ${globals.net.home-lan.vlans.home.cidrv4};
          allow ${globals.net.home-lan.vlans.home.cidrv6};