1 files changed, 64 insertions, 0 deletions
diff --git a/hosts/vidhar/firefly-iii/default.nix b/hosts/vidhar/firefly-iii/default.nix
new file mode 100644
index 00000000..026d4643
--- /dev/null
+++ b/hosts/vidhar/firefly-iii/default.nix
@@ -0,0 +1,64 @@
+{ config, ... }:
+{
+  config = {
+    services.postgresql = {
+      ensureDatabases = [ "firefly-iii" ];
+      ensureUsers = [
+        { name = "firefly-iii";
+          ensureDBOwnership = true;
+        }
+      ];
+    };
+    services.firefly-iii = {
+      enable = true;
+      enableNginx = true;
+      group = "firefly-iii";
+      virtualHost = "firefly.yggdrasil.li";
+      settings = {
+        DB_CONNECTION = "pgsql";
+        DB_DATABASE = "firefly-iii";
+        APP_KEY_FILE = config.sops.secrets."firefly-iii_app_key".path;
+        APP_URL = "https://${config.services.firefly-iii.virtualHost}";
+      };
+    };
+    services.nginx = {
+      commonHttpConfig = ''
+        map $http_x_forwarded_proto $fastcgi_param_https_variable {
+            default ''';
+            https 'on';
+        }
+      '';
+      virtualHosts.${config.services.firefly-iii.virtualHost} = {
+        listen = [
+          { addr = "[2a03:4000:52:ada:4:1::]"; port = 9000; }
+        ];
+        extraConfig = ''
+          set_real_ip_from 2a03:4000:52:ada:4::;
+        '';
+        locations."~ \\.php$" = {
+          extraConfig = ''
+            fastcgi_param HTTPS $fastcgi_param_https_variable;
+          '';
+        };
+      };
+    };
+    sops.secrets."firefly-iii_app_key" = {
+      format = "binary";
+      sopsFile = ./app_key;
+      group = config.services.firefly-iii.group;
+      mode = "0440";
+      restartUnits = [ "firefly-iii-setup.service" "firefly-iii-cron.service" "phpfpm-firefly-iii.service" ];
+    };
+    users.groups.${config.services.firefly-iii.group} = {};
+    systemd.services = {
+      nginx.serviceConfig.SupplementaryGroups = [ config.services.firefly-iii.group ];
+      "firefly-iii-setup".serviceConfig.ReadWritePaths = [ "/run/postgresql" ];
+      "firefly-iii-cron".serviceConfig.ReadWritePaths = [ "/run/postgresql" ];
+    };
+  };
+}

diff --git a/hosts/vidhar/firefly-iii/default.nix b/hosts/vidhar/firefly-iii/default.nix new file mode 100644 index 00000000..026d4643 --- /dev/null +++ b/hosts/vidhar/firefly-iii/default.nix
@@ -0,0 +1,64 @@
	1	{ config, ... }:
	2	{
	3	config = {
	4	services.postgresql = {
	5	ensureDatabases = [ "firefly-iii" ];
	6	ensureUsers = [
	7	{ name = "firefly-iii";
	8	ensureDBOwnership = true;
	9	}
	10	];
	11	};
	12
	13	services.firefly-iii = {
	14	enable = true;
	15	enableNginx = true;
	16	group = "firefly-iii";
	17	virtualHost = "firefly.yggdrasil.li";
	18	settings = {
	19	DB_CONNECTION = "pgsql";
	20	DB_DATABASE = "firefly-iii";
	21	APP_KEY_FILE = config.sops.secrets."firefly-iii_app_key".path;
	22	APP_URL = "https://${config.services.firefly-iii.virtualHost}";
	23	};
	24	};
	25
	26	services.nginx = {
	27	commonHttpConfig = ''
	28	map $http_x_forwarded_proto $fastcgi_param_https_variable {
	29	default ''';
	30	https 'on';
	31	}
	32	'';
	33	virtualHosts.${config.services.firefly-iii.virtualHost} = {
	34	listen = [
	35	{ addr = "[2a03:4000:52:ada:4:1::]"; port = 9000; }
	36	];
	37	extraConfig = ''
	38	set_real_ip_from 2a03:4000:52:ada:4::;
	39	'';
	40	locations."~ \\.php$" = {
	41	extraConfig = ''
	42	fastcgi_param HTTPS $fastcgi_param_https_variable;
	43	'';
	44	};
	45	};
	46	};
	47
	48	sops.secrets."firefly-iii_app_key" = {
	49	format = "binary";
	50	sopsFile = ./app_key;
	51	group = config.services.firefly-iii.group;
	52	mode = "0440";
	53	restartUnits = [ "firefly-iii-setup.service" "firefly-iii-cron.service" "phpfpm-firefly-iii.service" ];
	54	};
	55
	56	users.groups.${config.services.firefly-iii.group} = {};
	57
	58	systemd.services = {
	59	nginx.serviceConfig.SupplementaryGroups = [ config.services.firefly-iii.group ];
	60	"firefly-iii-setup".serviceConfig.ReadWritePaths = [ "/run/postgresql" ];
	61	"firefly-iii-cron".serviceConfig.ReadWritePaths = [ "/run/postgresql" ];
	62	};
	63	};
	64	}