forked from mirrors_public/oddlama_nix-config
feat: remove firefly iii again (no multi user auto sync)
This commit is contained in:
oddlama
parent
7605500591
commit
a44c76fd7d
31 changed files with 7 additions and 807 deletions
|
|
@ -91,9 +91,6 @@
|
|||
programs.nix-ld.enable = true;
|
||||
topology.self.icon = "devices.desktop";
|
||||
|
||||
# Mainly for client-side formatting in websites like firefly-iii
|
||||
i18n.supportedLocales = [ "de_DE.UTF-8/UTF-8" ];
|
||||
|
||||
hardware.nvidia-container-toolkit.enable = true;
|
||||
virtualisation.containers.enable = true;
|
||||
virtualisation.podman = {
|
||||
|
|
|
|||
|
|
@ -12,8 +12,7 @@ let
|
|||
# FIXME: new entry here? make new firezone gateway on ward entry too.
|
||||
homeDomains = [
|
||||
globals.services.grafana.domain
|
||||
globals.services.firefly.domain
|
||||
globals.services.firefly-pico.domain
|
||||
globals.services.ente.domain
|
||||
globals.services.immich.domain
|
||||
globals.services.influxdb.domain
|
||||
globals.services.loki.domain
|
||||
|
|
|
|||
|
|
@ -150,7 +150,7 @@
|
|||
}
|
||||
// mkMicrovm "ai" { }
|
||||
// mkMicrovm "minecraft" { }
|
||||
#// mkMicrovm "firefly" {}
|
||||
// mkMicrovm "ente" { }
|
||||
#// mkMicrovm "fasten-health" {}
|
||||
);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,8 +13,7 @@ let
|
|||
# FIXME: new entry here? make new firezone entry too.
|
||||
homeDomains = [
|
||||
globals.services.grafana.domain
|
||||
globals.services.firefly.domain
|
||||
globals.services.firefly-pico.domain
|
||||
globals.services.ente.domain
|
||||
globals.services.immich.domain
|
||||
globals.services.influxdb.domain
|
||||
globals.services.loki.domain
|
||||
|
|
@ -135,7 +134,6 @@ in
|
|||
lib.mkIf (!minimal) (
|
||||
{ }
|
||||
// mkMicrovm "adguardhome"
|
||||
// mkMicrovm "firefly"
|
||||
// mkMicrovm "forgejo"
|
||||
// mkMicrovm "kanidm"
|
||||
// mkMicrovm "radicale"
|
||||
|
|
|
|||
|
|
@ -112,8 +112,7 @@ in
|
|||
# FIXME: new entry here? make new firezone entry too.
|
||||
# FIXME: new entry here? make new firezone gateway on ward entry too.
|
||||
globals.services.grafana.domain
|
||||
globals.services.firefly.domain
|
||||
globals.services.firefly-pico.domain
|
||||
globals.services.ente.domain
|
||||
globals.services.immich.domain
|
||||
globals.services.influxdb.domain
|
||||
globals.services.loki.domain
|
||||
|
|
|
|||
|
|
@ -1,166 +0,0 @@
|
|||
{
|
||||
config,
|
||||
globals,
|
||||
nodes,
|
||||
...
|
||||
}:
|
||||
let
|
||||
fireflyDomain = "firefly.${globals.domains.me}";
|
||||
fireflyPicoDomain = "firefly-pico.${globals.domains.me}";
|
||||
wardWebProxyCfg = nodes.ward-web-proxy.config;
|
||||
in
|
||||
{
|
||||
wireguard.proxy-home = {
|
||||
client.via = "ward";
|
||||
firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [ 80 ];
|
||||
};
|
||||
|
||||
globals.services.firefly.domain = fireflyDomain;
|
||||
globals.services.firefly-pico.domain = fireflyPicoDomain;
|
||||
globals.monitoring.http.firefly = {
|
||||
url = "https://${fireflyDomain}";
|
||||
expectedBodyRegex = "Firefly III";
|
||||
network = "home-lan.vlans.services";
|
||||
};
|
||||
globals.monitoring.http.firefly-pico = {
|
||||
url = "https://${fireflyPicoDomain}";
|
||||
expectedBodyRegex = "Pico";
|
||||
network = "home-lan.vlans.services";
|
||||
};
|
||||
|
||||
age.secrets.firefly-iii-app-key = {
|
||||
generator.script = _: ''
|
||||
echo "base64:$(head -c 32 /dev/urandom | base64)"
|
||||
'';
|
||||
owner = "firefly-iii";
|
||||
};
|
||||
|
||||
age.secrets.firefly-pico-app-key = {
|
||||
generator.script = _: ''
|
||||
echo "base64:$(head -c 32 /dev/urandom | base64)"
|
||||
'';
|
||||
owner = "firefly-pico";
|
||||
};
|
||||
|
||||
environment.persistence."/persist".directories = [
|
||||
{
|
||||
directory = "/var/lib/firefly-iii";
|
||||
user = "firefly-iii";
|
||||
}
|
||||
{
|
||||
directory = "/var/lib/firefly-pico";
|
||||
user = "firefly-pico";
|
||||
}
|
||||
];
|
||||
|
||||
networking.hosts.${wardWebProxyCfg.wireguard.proxy-home.ipv4} = [
|
||||
globals.services.firefly.domain
|
||||
globals.services.firefly-pico.domain
|
||||
];
|
||||
|
||||
i18n.supportedLocales = [ "all" ];
|
||||
services.firefly-iii = {
|
||||
enable = true;
|
||||
enableNginx = true;
|
||||
virtualHost = globals.services.firefly.domain;
|
||||
settings = {
|
||||
AUDIT_LOG_LEVEL = "emergency"; # disable audit logs
|
||||
LOG_CHANNEL = "syslog";
|
||||
APP_URL = "https://${globals.services.firefly.domain}";
|
||||
TZ = "Europe/Berlin";
|
||||
TRUSTED_PROXIES = wardWebProxyCfg.wireguard.proxy-home.ipv4;
|
||||
SITE_OWNER = "admin@${globals.domains.me}";
|
||||
APP_KEY_FILE = config.age.secrets.firefly-iii-app-key.path;
|
||||
};
|
||||
};
|
||||
|
||||
services.firefly-pico = {
|
||||
enable = true;
|
||||
enableNginx = true;
|
||||
virtualHost = globals.services.firefly-pico.domain;
|
||||
settings = {
|
||||
LOG_CHANNEL = "syslog";
|
||||
APP_URL = "https://${globals.services.firefly-pico.domain}";
|
||||
TZ = "Europe/Berlin";
|
||||
FIREFLY_URL = config.services.firefly-iii.settings.APP_URL;
|
||||
TRUSTED_PROXIES = wardWebProxyCfg.wireguard.proxy-home.ipv4;
|
||||
SITE_OWNER = "admin@${globals.domains.me}";
|
||||
APP_KEY_FILE = config.age.secrets.firefly-pico-app-key.path;
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.commonHttpConfig = ''
|
||||
log_format json_combined escape=json '{'
|
||||
'"time": $msec,'
|
||||
'"remote_addr":"$remote_addr",'
|
||||
'"status":$status,'
|
||||
'"method":"$request_method",'
|
||||
'"host":"$host",'
|
||||
'"uri":"$request_uri",'
|
||||
'"request_size":$request_length,'
|
||||
'"response_size":$body_bytes_sent,'
|
||||
'"response_time":$request_time,'
|
||||
'"referrer":"$http_referer",'
|
||||
'"user_agent":"$http_user_agent"'
|
||||
'}';
|
||||
error_log syslog:server=unix:/dev/log,nohostname;
|
||||
access_log syslog:server=unix:/dev/log,nohostname json_combined;
|
||||
ssl_ecdh_curve secp384r1;
|
||||
'';
|
||||
|
||||
nodes.ward-web-proxy = {
|
||||
services.nginx = {
|
||||
upstreams.firefly = {
|
||||
servers."${config.wireguard.proxy-home.ipv4}:80" = { };
|
||||
extraConfig = ''
|
||||
zone firefly 64k;
|
||||
keepalive 2;
|
||||
'';
|
||||
monitoring = {
|
||||
enable = true;
|
||||
expectedBodyRegex = "Firefly";
|
||||
};
|
||||
};
|
||||
virtualHosts.${fireflyDomain} = {
|
||||
forceSSL = true;
|
||||
useACMEWildcardHost = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://firefly";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
extraConfig = ''
|
||||
# allow self-access
|
||||
allow ${config.wireguard.proxy-home.ipv4};
|
||||
allow ${config.wireguard.proxy-home.ipv6};
|
||||
# allow home traffic
|
||||
allow ${globals.net.home-lan.vlans.home.cidrv4};
|
||||
allow ${globals.net.home-lan.vlans.home.cidrv6};
|
||||
# Firezone traffic
|
||||
allow ${globals.net.home-lan.vlans.services.hosts.ward.ipv4};
|
||||
allow ${globals.net.home-lan.vlans.services.hosts.ward.ipv6};
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
virtualHosts.${fireflyPicoDomain} = {
|
||||
forceSSL = true;
|
||||
useACMEWildcardHost = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://firefly";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
extraConfig = ''
|
||||
# allow self-access
|
||||
allow ${config.wireguard.proxy-home.ipv4};
|
||||
allow ${config.wireguard.proxy-home.ipv6};
|
||||
# allow home traffic
|
||||
allow ${globals.net.home-lan.vlans.home.cidrv4};
|
||||
allow ${globals.net.home-lan.vlans.home.cidrv6};
|
||||
# Firezone traffic
|
||||
allow ${globals.net.home-lan.vlans.services.hosts.ward.ipv4};
|
||||
allow ${globals.net.home-lan.vlans.services.hosts.ward.ipv6};
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK9bxRVB7zpCZhwfIwr7oyuNy0Tfu1Ki3KWPNiFyQizH
|
||||
Loading…
Add table
Add a link
Reference in a new issue