sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: remove firefly iii again (no multi user auto sync)

Browse source
This commit is contained in:
oddlama 2025-05-15 21:11:55 +02:00
parent 7605500591
commit a44c76fd7d
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
31 changed files with 7 additions and 807 deletions
Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -46,12 +46,11 @@ I've included the major components in the lists below.
| ~~~~~~~~~~~~ | Service | Source | Description
---|---|---|---
💸 Budgeting | Firefly III \& Firefly Pico | [Link](./hosts/ward/guests/firefly.nix) | Budgeting application to track income and expenses
🛡️ Adblock | AdGuard Home | [Link](./hosts/ward/guests/adguardhome.nix) | DNS level adblocker
🔒 SSO | Kanidm | [Link](./hosts/ward/guests/kanidm.nix) | Identity provider for Single-Sign-On on my hosted services, with provisioning.
🐙 Git | Forgejo | [Link](./hosts/ward/guests/forgejo.nix) | Forgejo with SSO
🔑 Passwords | Vaultwarden | [Link](./hosts/ward/guests/vaultwarden.nix) | Self-hosted password manager
📷 Photos | Immich | [Link](./hosts/sire/guests/immich.nix) | Self-hosted photo and video backup solution
📷 Photos | Ente | [Link](./hosts/sire/guests/ente.nix) | E2E encrypted photo and video backup solution
📄 Documents | Paperless | [Link](./hosts/sire/guests/paperless.nix) | Document management system. With per-user Samba share integration (consume & archive)
🗓️ CalDAV/CardDAV | Radicale | [Link](./hosts/ward/guests/radicale.nix) | Contacts, Calender and Tasks synchronization
📁 NAS | Samba | [Link](./hosts/sire/guests/samba.nix) | Network attached storage. Cross-integration with paperless

4
config/users.nix
View file

@ -43,8 +43,8 @@
unifi = uidGid 968;
plugdev.gid = 967;
tss = uidGid 966;
firefly-iii = uidGid 965;
firefly-pico = uidGid 964;
# firefly-iii = uidGid 965;
# firefly-pico = uidGid 964;
avahi = uidGid 963;
};
}

3
hosts/kroma/default.nix
View file

@ -91,9 +91,6 @@
programs.nix-ld.enable = true;
topology.self.icon = "devices.desktop";
# Mainly for client-side formatting in websites like firefly-iii
i18n.supportedLocales = [ "de_DE.UTF-8/UTF-8" ];
hardware.nvidia-container-toolkit.enable = true;
virtualisation.containers.enable = true;
virtualisation.podman = {

3
hosts/sentinel/firezone.nix
View file

@ -12,8 +12,7 @@ let
# FIXME: new entry here? make new firezone gateway on ward entry too.
homeDomains = [
globals.services.grafana.domain
globals.services.firefly.domain
globals.services.firefly-pico.domain
globals.services.ente.domain
globals.services.immich.domain
globals.services.influxdb.domain
globals.services.loki.domain

2
hosts/sire/default.nix
View file

@ -150,7 +150,7 @@
}
// mkMicrovm "ai" { }
// mkMicrovm "minecraft" { }
#// mkMicrovm "firefly" {}
// mkMicrovm "ente" { }
#// mkMicrovm "fasten-health" {}
);
}

4
hosts/ward/default.nix
View file

@ -13,8 +13,7 @@ let
# FIXME: new entry here? make new firezone entry too.
homeDomains = [
globals.services.grafana.domain
globals.services.firefly.domain
globals.services.firefly-pico.domain
globals.services.ente.domain
globals.services.immich.domain
globals.services.influxdb.domain
globals.services.loki.domain
@ -135,7 +134,6 @@ in
lib.mkIf (!minimal) (
{ }
// mkMicrovm "adguardhome"
// mkMicrovm "firefly"
// mkMicrovm "forgejo"
// mkMicrovm "kanidm"
// mkMicrovm "radicale"

3
hosts/ward/guests/adguardhome.nix
View file

@ -112,8 +112,7 @@ in
# FIXME: new entry here? make new firezone entry too.
# FIXME: new entry here? make new firezone gateway on ward entry too.
globals.services.grafana.domain
globals.services.firefly.domain
globals.services.firefly-pico.domain
globals.services.ente.domain
globals.services.immich.domain
globals.services.influxdb.domain
globals.services.loki.domain

166
hosts/ward/guests/firefly.nix
View file

@ -1,166 +0,0 @@
{
config,
globals,
nodes,
...
}:
let
fireflyDomain = "firefly.${globals.domains.me}";
fireflyPicoDomain = "firefly-pico.${globals.domains.me}";
wardWebProxyCfg = nodes.ward-web-proxy.config;
in
{
wireguard.proxy-home = {
client.via = "ward";
firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [ 80 ];
};
globals.services.firefly.domain = fireflyDomain;
globals.services.firefly-pico.domain = fireflyPicoDomain;
globals.monitoring.http.firefly = {
url = "https://${fireflyDomain}";
expectedBodyRegex = "Firefly III";
network = "home-lan.vlans.services";
};
globals.monitoring.http.firefly-pico = {
url = "https://${fireflyPicoDomain}";
expectedBodyRegex = "Pico";
network = "home-lan.vlans.services";
};
age.secrets.firefly-iii-app-key = {
generator.script = _: ''
echo "base64:$(head -c 32 /dev/urandom | base64)"
'';
owner = "firefly-iii";
};
age.secrets.firefly-pico-app-key = {
generator.script = _: ''
echo "base64:$(head -c 32 /dev/urandom | base64)"
'';
owner = "firefly-pico";
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/firefly-iii";
user = "firefly-iii";
}
{
directory = "/var/lib/firefly-pico";
user = "firefly-pico";
}
];
networking.hosts.${wardWebProxyCfg.wireguard.proxy-home.ipv4} = [
globals.services.firefly.domain
globals.services.firefly-pico.domain
];
i18n.supportedLocales = [ "all" ];
services.firefly-iii = {
enable = true;
enableNginx = true;
virtualHost = globals.services.firefly.domain;
settings = {
AUDIT_LOG_LEVEL = "emergency"; # disable audit logs
LOG_CHANNEL = "syslog";
APP_URL = "https://${globals.services.firefly.domain}";
TZ = "Europe/Berlin";
TRUSTED_PROXIES = wardWebProxyCfg.wireguard.proxy-home.ipv4;
SITE_OWNER = "admin@${globals.domains.me}";
APP_KEY_FILE = config.age.secrets.firefly-iii-app-key.path;
};
};
services.firefly-pico = {
enable = true;
enableNginx = true;
virtualHost = globals.services.firefly-pico.domain;
settings = {
LOG_CHANNEL = "syslog";
APP_URL = "https://${globals.services.firefly-pico.domain}";
TZ = "Europe/Berlin";
FIREFLY_URL = config.services.firefly-iii.settings.APP_URL;
TRUSTED_PROXIES = wardWebProxyCfg.wireguard.proxy-home.ipv4;
SITE_OWNER = "admin@${globals.domains.me}";
APP_KEY_FILE = config.age.secrets.firefly-pico-app-key.path;
};
};
services.nginx.commonHttpConfig = ''
log_format json_combined escape=json '{'
'"time": $msec,'
'"remote_addr":"$remote_addr",'
'"status":$status,'
'"method":"$request_method",'
'"host":"$host",'
'"uri":"$request_uri",'
'"request_size":$request_length,'
'"response_size":$body_bytes_sent,'
'"response_time":$request_time,'
'"referrer":"$http_referer",'
'"user_agent":"$http_user_agent"'
'}';
error_log syslog:server=unix:/dev/log,nohostname;
access_log syslog:server=unix:/dev/log,nohostname json_combined;
ssl_ecdh_curve secp384r1;
'';
nodes.ward-web-proxy = {
services.nginx = {
upstreams.firefly = {
servers."${config.wireguard.proxy-home.ipv4}:80" = { };
extraConfig = ''
zone firefly 64k;
keepalive 2;
'';
monitoring = {
enable = true;
expectedBodyRegex = "Firefly";
};
};
virtualHosts.${fireflyDomain} = {
forceSSL = true;
useACMEWildcardHost = true;
locations."/" = {
proxyPass = "http://firefly";
proxyWebsockets = true;
};
extraConfig = ''
# allow self-access
allow ${config.wireguard.proxy-home.ipv4};
allow ${config.wireguard.proxy-home.ipv6};
# allow home traffic
allow ${globals.net.home-lan.vlans.home.cidrv4};
allow ${globals.net.home-lan.vlans.home.cidrv6};
# Firezone traffic
allow ${globals.net.home-lan.vlans.services.hosts.ward.ipv4};
allow ${globals.net.home-lan.vlans.services.hosts.ward.ipv6};
deny all;
'';
};
virtualHosts.${fireflyPicoDomain} = {
forceSSL = true;
useACMEWildcardHost = true;
locations."/" = {
proxyPass = "http://firefly";
proxyWebsockets = true;
};
extraConfig = ''
# allow self-access
allow ${config.wireguard.proxy-home.ipv4};
allow ${config.wireguard.proxy-home.ipv6};
# allow home traffic
allow ${globals.net.home-lan.vlans.home.cidrv4};
allow ${globals.net.home-lan.vlans.home.cidrv6};
# Firezone traffic
allow ${globals.net.home-lan.vlans.services.hosts.ward.ipv4};
allow ${globals.net.home-lan.vlans.services.hosts.ward.ipv6};
deny all;
'';
};
};
};
}

1
hosts/ward/secrets/firefly/host.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9bxRVB7zpCZhwfIwr7oyuNy0Tfu1Ki3KWPNiFyQizH

1
modules/default.nix
View file

@ -4,7 +4,6 @@
./backups.nix
./deterministic-ids.nix
./distributed-config.nix
./firefly-pico.nix
./globals.nix
./meta.nix
./nginx-upstream-monitoring.nix

410
modules/firefly-pico.nix
View file

@ -1,410 +0,0 @@
{
pkgs,
config,
lib,
...
}:
let
cfg = config.services.firefly-pico;
inherit (cfg) user;
inherit (cfg) group;
defaultUser = "firefly-pico";
defaultGroup = "firefly-pico";
artisan = "${cfg.package}/share/php/firefly-pico/artisan";
env-file-values = lib.attrsets.mapAttrs' (
n: v: lib.attrsets.nameValuePair (lib.strings.removeSuffix "_FILE" n) v
) (lib.attrsets.filterAttrs (n: _v: lib.strings.hasSuffix "_FILE" n) cfg.settings);
env-nonfile-values = lib.attrsets.filterAttrs (
n: _v: !lib.strings.hasSuffix "_FILE" n
) cfg.settings;
firefly-pico-maintenance = pkgs.writeShellScript "firefly-pico-maintenance.sh" ''
set -a
${lib.strings.toShellVars env-nonfile-values}
${lib.strings.concatLines (
lib.attrsets.mapAttrsToList (n: v: "${n}=\"$(< ${v})\"") env-file-values
)}
set +a
${lib.optionalString (
cfg.settings.DB_CONNECTION == "sqlite"
) "touch ${cfg.dataDir}/storage/database/database.sqlite"}
${artisan} migrate --isolated --force
${artisan} config:clear
${artisan} config:cache
${artisan} cache:clear
'';
commonServiceConfig = {
Type = "oneshot";
User = user;
Group = group;
StateDirectory = "firefly-pico";
ReadWritePaths = [ cfg.dataDir ];
WorkingDirectory = cfg.package;
PrivateTmp = true;
PrivateDevices = true;
CapabilityBoundingSet = "";
AmbientCapabilities = "";
ProtectSystem = "strict";
ProtectKernelTunables = true;
ProtectKernelModules = true;
ProtectControlGroups = true;
ProtectClock = true;
ProtectHostname = true;
ProtectHome = "tmpfs";
ProtectKernelLogs = true;
ProtectProc = "invisible";
ProcSubset = "pid";
PrivateNetwork = false;
RestrictAddressFamilies = "AF_INET AF_INET6 AF_UNIX";
SystemCallArchitectures = "native";
SystemCallFilter = [
"@system-service @resources"
"~@obsolete @privileged"
];
RestrictSUIDSGID = true;
RemoveIPC = true;
NoNewPrivileges = true;
RestrictRealtime = true;
RestrictNamespaces = true;
LockPersonality = true;
PrivateUsers = true;
};
in
{
options.services.firefly-pico = {
enable = lib.mkEnableOption "Firefly-Pico: A delightful Firefly III companion web app for effortless transaction tracking";
user = lib.mkOption {
type = lib.types.str;
default = defaultUser;
description = "User account under which firefly-pico runs.";
};
group = lib.mkOption {
type = lib.types.str;
default = if cfg.enableNginx then "nginx" else defaultGroup;
defaultText = "If `services.firefly-pico.enableNginx` is true then `nginx` else ${defaultGroup}";
description = ''
Group under which firefly-pico runs. It is best to set this to the group
of whatever webserver is being used as the frontend.
'';
};
dataDir = lib.mkOption {
type = lib.types.path;
default = "/var/lib/firefly-pico";
description = ''
The place where firefly-pico stores its state.
'';
};
package =
lib.mkPackageOption pkgs "firefly-pico" { }
// lib.mkOption {
apply =
firefly-pico:
firefly-pico.override {
inherit (cfg) dataDir;
};
};
enableNginx = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to enable nginx or not. If enabled, an nginx virtual host will
be created for access to firefly-pico. If not enabled, then you may use
`''${config.services.firefly-pico.package}` as your document root in
whichever webserver you wish to setup.
'';
};
virtualHost = lib.mkOption {
type = lib.types.str;
default = "localhost";
description = ''
The hostname at which you wish firefly-pico to be served. If you have
enabled nginx using `services.firefly-pico.enableNginx` then this will
be used.
'';
};
poolConfig = lib.mkOption {
type = lib.types.attrsOf (
lib.types.oneOf [
lib.types.str
lib.types.int
lib.types.bool
]
);
default = { };
defaultText = ''
{
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 4;
"pm.max_requests" = 500;
}
'';
description = ''
Options for the Firefly III PHP pool. See the documentation on <literal>php-fpm.conf</literal>
for details on configuration directives.
'';
};
settings = lib.mkOption {
default = { };
description = ''
Options for firefly-iii configuration. Refer to
<https://github.com/firefly-iii/firefly-iii/blob/main/.env.example> for
details on supported values. All <option>_FILE values supported by
upstream are supported here.
APP_URL will be the same as `services.firefly-iii.virtualHost` if the
former is unset in `services.firefly-iii.settings`.
'';
example = lib.literalExpression ''
{
APP_ENV = "production";
APP_KEY_FILE = "/var/secrets/firefly-pico-app-key.txt";
SITE_OWNER = "mail@example.com";
DB_CONNECTION = "mysql";
DB_HOST = "db";
DB_PORT = 3306;
DB_DATABASE = "firefly";
DB_USERNAME = "firefly";
DB_PASSWORD_FILE = "/var/secrets/firefly-pico-mysql-password.txt";
}
'';
type = lib.types.submodule {
freeformType = lib.types.attrsOf (
lib.types.oneOf [
lib.types.str
lib.types.int
lib.types.bool
]
);
options = {
DB_CONNECTION = lib.mkOption {
type = lib.types.enum [
"sqlite"
"pgsql"
"mysql"
];
default = "sqlite";
example = "pgsql";
description = ''
The type of database you wish to use. Can be one of "sqlite",
"mysql" or "pgsql".
'';
};
APP_ENV = lib.mkOption {
type = lib.types.enum [
"local"
"production"
"testing"
];
default = "local";
example = "production";
description = ''
The app environment. It is recommended to keep this at "local".
Possible values are "local", "production" and "testing"
'';
};
DB_DATABASE = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default =
if cfg.settings.DB_CONNECTION == "pgsql" then
"firefly-pico"
else if cfg.settings.DB_CONNECTION == "mysql" then
"firefly-pico"
else
cfg.dataDir + "/storage/database/database.sqlite";
defaultText = ''
`cfg.dataDir + "/storage/database/database.sqlite` if DB_CONNECTION is "sqlite", `firefly-pico` if "mysql" or "pgsql"
'';
description = ''
The absolute path or name of your firefly-pico database.
'';
};
DB_PORT = lib.mkOption {
type = lib.types.nullOr lib.types.int;
default =
if cfg.settings.DB_CONNECTION == "pgsql" then
5432
else if cfg.settings.DB_CONNECTION == "mysql" then
3306
else
null;
defaultText = ''
`null` if DB_CONNECTION is "sqlite", `3306` if "mysql", `5432` if "pgsql"
'';
description = ''
The port your database is listening at. sqlite does not require
this value to be filled.
'';
};
DB_HOST = lib.mkOption {
type = lib.types.str;
default = if cfg.settings.DB_CONNECTION == "pgsql" then "/run/postgresql" else "localhost";
defaultText = ''
"localhost" if DB_CONNECTION is "sqlite" or "mysql", "/run/postgresql" if "pgsql".
'';
description = ''
The machine which hosts your database. This is left at the
default value for "mysql" because we use the "DB_SOCKET" option
to connect to a unix socket instead. "pgsql" requires that the
unix socket location be specified here instead of at "DB_SOCKET".
This option does not affect "sqlite".
'';
};
APP_KEY_FILE = lib.mkOption {
type = lib.types.path;
description = ''
The path to your appkey. The file should contain a 32 character
random app key. This may be set using `echo "base64:$(head -c 32
/dev/urandom | base64)" > /path/to/key-file`.
'';
};
APP_URL = lib.mkOption {
type = lib.types.str;
default =
if cfg.virtualHost == "localhost" then
"http://${cfg.virtualHost}"
else
"https://${cfg.virtualHost}";
defaultText = ''
http(s)://''${config.services.firefly-pico.virtualHost}
'';
description = ''
The APP_URL used by firefly-pico internally. Please make sure this
URL matches the external URL of your Firefly pico installation.
'';
};
FIREFLY_URL = lib.mkOption {
type = lib.types.str;
example = ''
https://firefly.example
'';
description = '''';
};
};
};
};
};
config = lib.mkIf cfg.enable {
services.phpfpm.pools.firefly-pico = {
inherit user group;
inherit (cfg.package) phpPackage;
phpOptions = ''
log_errors = on
'';
settings = {
"listen.mode" = lib.mkDefault "0660";
"listen.owner" = lib.mkDefault user;
"listen.group" = lib.mkDefault group;
"pm" = lib.mkDefault "dynamic";
"pm.max_children" = lib.mkDefault 32;
"pm.start_servers" = lib.mkDefault 2;
"pm.min_spare_servers" = lib.mkDefault 2;
"pm.max_spare_servers" = lib.mkDefault 4;
"pm.max_requests" = lib.mkDefault 500;
} // cfg.poolConfig;
};
systemd.services.firefly-pico-setup = {
after = [
"postgresql.service"
"mysql.service"
];
requiredBy = [ "phpfpm-firefly-pico.service" ];
before = [ "phpfpm-firefly-pico.service" ];
serviceConfig = {
ExecStart = firefly-pico-maintenance;
RemainAfterExit = true;
} // commonServiceConfig;
unitConfig.JoinsNamespaceOf = "phpfpm-firefly-pico.service";
restartTriggers = [ cfg.package ];
partOf = [ "phpfpm-firefly-pico.service" ];
};
services.nginx = lib.mkIf cfg.enableNginx {
enable = true;
recommendedTlsSettings = lib.mkDefault true;
recommendedOptimisation = lib.mkDefault true;
recommendedGzipSettings = lib.mkDefault true;
virtualHosts.${cfg.virtualHost} = {
root = "${cfg.package.frontend}/share/firefly-pico/public";
locations = {
"/api" = {
root = "${cfg.package}/share/php/firefly-pico/public";
tryFiles = "$uri $uri/ /index.php?$query_string";
index = "index.php";
};
"~ \\.php$" = {
root = "${cfg.package}/share/php/firefly-pico/public";
extraConfig = ''
include ${config.services.nginx.package}/conf/fastcgi_params ;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass unix:${config.services.phpfpm.pools.firefly-pico.socket};
'';
};
};
};
};
systemd.tmpfiles.settings."10-firefly-pico" =
lib.attrsets.genAttrs
[
"${cfg.dataDir}/storage"
"${cfg.dataDir}/storage/app"
"${cfg.dataDir}/storage/database"
"${cfg.dataDir}/storage/framework"
"${cfg.dataDir}/storage/framework/cache"
"${cfg.dataDir}/storage/framework/sessions"
"${cfg.dataDir}/storage/framework/views"
"${cfg.dataDir}/storage/logs"
"${cfg.dataDir}/cache"
]
(_n: {
d = {
inherit group;
mode = "0700";
inherit user;
};
})
// {
"${cfg.dataDir}".d = {
inherit group;
mode = "0710";
inherit user;
};
};
users = {
users = lib.mkIf (user == defaultUser) {
${defaultUser} = {
description = "Firefly-pico service user";
inherit group;
isSystemUser = true;
home = cfg.dataDir;
};
};
groups = lib.mkIf (group == defaultGroup) { ${defaultGroup} = { }; };
};
};
}

2
pkgs/default.nix
View file

@ -18,8 +18,6 @@ _inputs: [
# })
# ];
firefly-pico = prev.callPackage ./firefly-pico.nix { };
formats = prev.formats // {
ron = import ./ron.nix { inherit (prev) lib pkgs; };
};

50
pkgs/firefly-pico-frontend.nix
View file

@ -1,50 +0,0 @@
{
src,
version,
stdenvNoCC,
nodejs,
fetchNpmDeps,
buildPackages,
php84,
nixosTests,
nix-update-script,
meta,
}:
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "firefly-pico-frontend";
inherit version src;
sourceRoot = "source/front";
nativeBuildInputs = [
nodejs
nodejs.python
buildPackages.npmHooks.npmConfigHook
];
npmDeps = fetchNpmDeps {
inherit (finalAttrs) src;
sourceRoot = "source/front";
name = "${finalAttrs.pname}-npm-deps";
hash = "sha256-+YpWPp0ufPuuSkTn0WDD2E80S9bs5ZTQ8TzFFtgfTqU=";
};
passthru = {
phpPackage = php84;
tests = nixosTests.firefly-pico;
updateScript = nix-update-script { };
};
env.NUXT_TELEMETRY_DISABLED = 1;
buildPhase = ''
runHook preBuild
npm run generate
runHook postBuild
'';
postInstall = ''
mkdir -p $out/share/firefly-pico
cp -r .output/public $out/share/firefly-pico/
'';
inherit meta;
})

73
pkgs/firefly-pico.nix
View file

@ -1,73 +0,0 @@
{
lib,
fetchFromGitHub,
stdenvNoCC,
nodejs,
callPackage,
php84,
nixosTests,
nix-update-script,
dataDir ? "/var/lib/firefly-pico",
}:
stdenvNoCC.mkDerivation (finalAttrs: {
pname = "firefly-pico";
version = "1.7.0";
src = fetchFromGitHub {
owner = "cioraneanu";
repo = "firefly-pico";
tag = "${finalAttrs.version}";
hash = "sha256-Ef64WZYAtViW5lCSCtTzjs6KJL7BxW9innqLSy0N2xQ=";
};
sourceRoot = "source/back";
buildInputs = [ php84 ];
nativeBuildInputs = [
nodejs
nodejs.python
php84.composerHooks2.composerInstallHook
];
composerVendor = php84.mkComposerVendor {
inherit (finalAttrs) pname src version;
sourceRoot = "source/back";
composerNoDev = true;
composerNoPlugins = true;
composerNoScripts = true;
composerStrictValidation = true;
strictDeps = true;
vendorHash = "sha256-hwbmsvD91lX/vYa1Xk1WEo8pB6b+DTRDVd2DJ7TjocI=";
};
passthru = {
phpPackage = php84;
tests = nixosTests.firefly-pico;
updateScript = nix-update-script { };
frontend = callPackage ./firefly-pico-frontend.nix {
inherit (finalAttrs)
src
version
meta
;
};
};
postInstall = ''
chmod +x $out/share/php/firefly-pico/artisan
rm -R $out/share/php/firefly-pico/{storage,bootstrap/cache}
ln -s ${dataDir}/storage $out/share/php/firefly-pico/storage
ln -s ${dataDir}/cache $out/share/php/firefly-pico/bootstrap/cache
'';
meta = {
changelog = "https://github.com/cioraneanu/firefly-pico/releases/tag/${finalAttrs.version}";
description = "Firefly III: a personal finances manager";
homepage = "https://github.com/cioraneanu/firefly-pico";
license = lib.licenses.agpl3Only;
maintainers = [
lib.maintainers.patrickdag
];
hydraPlatforms = lib.platforms.linux; # build hangs on both Darwin platforms, needs investigation
};
})

BIN
secrets/generated/ward-firefly/firefly-data-importer-app-key.age
View file

Binary file not shown.

12
secrets/generated/ward-firefly/firefly-iii-app-key.age
View file

@ -1,12 +0,0 @@
age-encryption.org/v1
-> X25519 K0iCGjPk+lIfakWRt19tUebknIoPk7CRKQgJxt6543c
1TTIJMkKIBC4mkV22/+DL6MonwX5bSFnHrI/1UMBxOA
-> piv-p256 xqSe8Q A8TmdnrAPXoyy1s69kIJ4+UDB0ecn5BGj7AOgyT46x+A
3IOxV7OkgkCq4OBN521ONImxkbZ7CA3rXcYixF1T0v0
-> IMt/c-grease
3x3A2IBsky5I8QkGvxAv0Sf5+uuTdrLtRGVIQ7Kx7/PgZJdHrEVp7brTImvGHa7U
7R3tyMLSVAUq0fje5TuY+qt5iovMFvN9Ju9tXq0TTrR8oMQ7AuRTPVQSZCa8Sj4i
46w
--- xqksX/NXpJyr2omtpSxWZT17lzp0JsGVOAwVF3qmS88
+Ty»×W5*gP$ØóG@ƒ°ìR*˜º<ó ne¥"œp
®öê#Nΰ¬ý¾·|¦º¶GæOpÜA8xÿà)‡¶ýàËü½´-&_â

BIN
secrets/generated/ward-firefly/firefly-pico-app-key.age
View file

Binary file not shown.

BIN
secrets/generated/ward-firefly/promtail-loki-basic-auth-password.age
View file

Binary file not shown.

11
secrets/generated/ward-firefly/telegraf-influxdb-token.age
View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> X25519 HgSF2a9Q3nwcydHrTdp+3OCofuM0icQ17MA20aZd3Qs
psZ9T9mQRBWDK/AEZSZaYaLX9hLaarWo3ih5TdF0KtY
-> piv-p256 xqSe8Q AlVUJIsg77JKUuLZkd3QFdVaJxZl5y7pQAvFu3hS7DBO
3GySsYAQAuR5nYJOKQ49qLBhZy8H5ozQ78dyAZuqdDw
-> -?_-R-grease
TBgbQcVKKpCzoOQ1IJhKN17FQj6sC6g/0ZWWilWPfJbhGRZBocynl1o4H492FE3k
NUjMFQFOY28JlHX1N8yT8T9AMFYdpUS3hQ
--- dFzRUdI8Gc5FA+zFzaGpWNV4s2kQFy1neRt2cyTGiTs
Èy™ízfá®Åö Ü_µT(ýݨë{¸’î j™Ö­Þ!;Dôø³u- ±$äÖ¿•ã‹ 8ŽÚý�Ô©Å
üüg\XdIQ>ü�"òò

7
secrets/rekeyed/sire-influxdb/25afc8a55a3c3646f3d5b63f1626e324-telegraf-influxdb-token-ward-firefly.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 1tdZKQ PhTEEKU3VbR4jKOq9yqGfCXI3LgBS9tuTniqQVs+qU0
ZDzt7bQ03RT5W2hoxsZTrQI8PuBBrH8UiYHpVox4YU4
-> GCS:-grease
H0Poh145lWvrCYnOXCFt1VJMpwGK/Ek
--- z76MlfKZZvOBXOhvmWY7Am5nnICI2rhS8fnNpXfj4dA
1»þ³¬´$ µÆ~[>ªØ»ã1>ê u^þ\ñª|KÌÿ÷×^Âcué*ígµW�H¾¿óª•ð7{Îéòúè.Š!:ù)Œs\î¶ù•‹Ûx

7
secrets/rekeyed/ward-firefly/0c03e82003735b0e868a44f8f70bd383-firefly-pico-app-key.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 YHfciQ OTxzJ803Chy1q2nC4XEJmOHZBxSsYel7zVI4nGXgfUY
hJcjU/zS7vR8p1FvS7PPSIcPIDTyglxu/F2/za4s3L8
-> -4-grease A{W40{E T6yR<jP- h:Fc
H2VZUOUBsHsujyI
--- o9+YE4wWtvRYfwOEiQjZgU3a/RBrMRBg2MZGc5JO+4I
{lKGEøâ’½Ó…,7…†,¬rCt£ÀÆÆ·:ߨ‹C´æ)h¨æ\Ü®*˜÷Û{j, â|=³ÍùŸ9ϲ+k !fTè¹/~9

8
secrets/rekeyed/ward-firefly/206d313b87995351cd0b97e804d37886-wireguard-proxy-home-psks-ward+ward-firefly.age
View file

@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 YHfciQ /JDeiZuydrg08gCBvPUMBRIOzciGvV+o+eCS/lmrtRo
X62u9gSTkkhIJhOLv+Oxu0aTCw9K4oxtsFUEQTrEC78
-> %u]tzM-grease |kp`D O*d_7kP=
vNzBWFKkxN/7oxjXuNSBsNh+BCTR
--- HMqjg2W7E1jaamxsKFWGHsUkVFuCgFKXCcPdjAN22SI
`�o 鈕鰥椅oメZOo*WU誼A[ォ防{>�y鰀p[ィ6寬埴�イイ7ヘ9゙!テ�」「
ユ�シ讖?t棡t)Uyサニ

BIN
secrets/rekeyed/ward-firefly/3e9f3cf2a49cc7bd4199c9db79d103de-firefly-iii-app-key.age
View file

Binary file not shown.

9
secrets/rekeyed/ward-firefly/42e563c91200775d10a651a63413f5e0-telegraf-influxdb-token.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 YHfciQ C6rdXtEgSnmvZGadg4t2P8g7ZP9Cizgni/+QsOPWp0w
eeSuBSk5+SnJr6YtO67wn7a263ummSELG4SXrkUXp/Y
-> +(A@\ZO@-grease 8Yt9 f B7!c
g2QVWUbgF3QyPIUMX+7x4iS5xmEPaKtGtZwQJpRPBw7cgS5xNp6DTgF/bRyazsuD
+XIrHrVRZww0FobvAZWQVHz2SrzIqWi0SHRSnkV7cTKKNdAZHje/2CYpQ421C6hI
WA
--- wqySXNN6CxW4Sje0GKTfM0xmyXl8fRs/GTALuk0c7+0
²T�£¾¦ùÕc‘|‹”u®Ú4›¿Y¯�OjFš~êo$úd ÉS¸§Pñõ¨„W�xc.8ÏÛ'‡-[‰4{Ä-á¦mV‹vA«í”´

8
secrets/rekeyed/ward-firefly/bf62c2abb03665ad857f821820811918-firefly-data-importer-app-key.age
View file

@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 YHfciQ Ta83gRa74Qw3CSktDEV58orXyTabF1iyMe9o0EftLAk
JedF0o7cg0cyr7NTlDUQGQTrqTsOUyqr2qGgeb04F98
-> c7X&&-grease M (u|w5r1t Bu&{
KgBrgDovK7GWxFLq7kkwA5UNWr5QqlzeWbU13cTt8DXC4TCdSS9A+Wjzl+qDykzW
5oZ6tFgvWFFF2E/3Ym1YjTTl3cOvxG0RG6Bj/GXNVjo8PeTJ5Ny9h+yOJ/YuAcY
--- cqhrBzqNMukHeBPQe1mlHpVZfVWgUAepvPV8JGbAUVA
ÑR<,VÏHÀíY·ZÅ#Š}·*Ϫ¦!Ä �â[ärƒµÙúê¢kȾèÜ�†Ê“o’jcÎ>92­ /dbû=sÛöE{1~"îûû&ö»j$8H

BIN
secrets/rekeyed/ward-firefly/c17f6d023aa2f3bf37bc286b3766fef1-promtail-loki-basic-auth-password.age
View file

Binary file not shown.

BIN
secrets/rekeyed/ward-firefly/cc7db31943caeff66244b3aa934b7297-wireguard-proxy-home-priv-ward-firefly.age
View file

Binary file not shown.

7
secrets/rekeyed/ward/ca883e2bce6ceff39bb8dc133d3a092e-wireguard-proxy-home-psks-ward+ward-firefly.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 iNceIg wdAnVbYVU+fgSIb4ZiNqfbV5e+Gyt7l2Pr+gqoTzt30
iV0QOUfzJLu061EjjY+hD8SnT4Mx5udoO7tUogRPeA4
-> rv!OK-grease 3@%B3|g
JUDryA
--- mADEX6kUWctEoYX8d/eTbYFdB+kcILfyhbUjiDMNGx0
¤”éÆ•‘®Ï^�Þ$aHn ×ÖÄ•GLYŽ©ÑU÷bRÓÝ£Afu¼Õªd�àç‡5ù>r�c¥í’ª¬¯&×Ó•0ׇéF:�jÖ

10
secrets/wireguard/proxy-home/keys/ward-firefly.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> X25519 uvlRP7EwYe9edPcApANRaV0Eqwx/CY6ElDJ8zPS6NTc
SGcubLfhsAQxjjxUfoczcKT7acC+o9YLDjAbaZxIXj8
-> piv-p256 xqSe8Q A7hFGedcJqbSCtfnBTi52Vm3lwCojBBJg2KZoHBHzFeb
9UPcvDAwU1Kl6nRE3eakB4dPyyjeKlSVK0/MeUzMVvs
-> id2?G-grease J=PF j
3PdNbIHnMNBtH6OPbMXyMtpt2HVSW+D0BCg3qg3V3p3DDd7FEQzr7lEfsjooZwG8
fC2jno79z1r7t7lg5VgP5s1yA2WO6sfaMvZ25iQLlg
--- V6na3Vl3HiCI97qZbIwhvJnrN9St1VaU4wLxvVaJY8k
a-˘ť°‘¤XĂčń = ­¶ĐU˘Ň€Ť[šmHkt~ěF…J1ÝW)lÓíéá(�΂s�/ŤOĎíü<vű qĚYzN–�?Ĺ

1
secrets/wireguard/proxy-home/keys/ward-firefly.pub
View file

@ -1 +0,0 @@
MRJ0x/6qO8xo5rJus+L99qmSZu6gB/KBxvwqk0T2EyE=

9
secrets/wireguard/proxy-home/psks/ward+ward-firefly.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> X25519 u+GOb4it1FIuM2xQLit+Qj8FnHxog7mrgqzYB2cAF1Q
MiVwE4nNwJo7aIg+H8/1vCPsHbKIRw58xPprat9E7xk
-> piv-p256 xqSe8Q AqY1gjvBbu3vDCrksaKE9BExREcAp00pMIVyAZxvr/aw
CubJmGfOCZyLXxWgoZ+fnQu7BCs1arzt5iKZjdSIVM0
-> ??~tD-grease i2nkSM_{ iogOoT}>
wWFu3rir4mB4RUy9
--- K1zBn3duHmWgsphLbNn1ujFQ/X08tpW4dkmKB7S8eM4
¯å¦—�ƒõðÛ‚JÓ²·Ü/"mç×=À¯Ëf®s$ßå½@Äf~‰a7 3î4‡ÞŠ}�”ñ™ßÝk"ÀÀ¿±ƒ¶!W1«U‚é6q