From 3477777fb0165703aec8f25849cec9083526e02d Mon Sep 17 00:00:00 2001 From: xunuwu Date: Tue, 21 Jan 2025 16:38:11 +0100 Subject: [PATCH] firefly --- sys/machines/hopper/lab/default.nix | 46 +++++++++++++++++++ sys/profiles/secrets/hopper/default.nix | 11 +++++ sys/profiles/secrets/hopper/firefly | 24 ++++++++++ .../secrets/hopper/firefly-data-importer | 24 ++++++++++ 4 files changed, 105 insertions(+) create mode 100644 sys/profiles/secrets/hopper/firefly create mode 100644 sys/profiles/secrets/hopper/firefly-data-importer diff --git a/sys/machines/hopper/lab/default.nix b/sys/machines/hopper/lab/default.nix index 0b60454..0ff523b 100644 --- a/sys/machines/hopper/lab/default.nix +++ b/sys/machines/hopper/lab/default.nix @@ -154,6 +154,16 @@ in { hostName = "oauth2.${domain}:${toString caddyPort}"; extraConfig = "reverse_proxy unix//run/oauth2-proxy/oauth2-proxy.sock"; }; + firefly = { + useACMEHost = null; + hostName = "firefly.hopper.xun.host:80"; + extraConfig = '' + encode zstd gzip + root * ${config.services.firefly-iii.package}/public + php_fastcgi unix/${config.services.phpfpm.pools.firefly-iii.socket} + file_server + ''; + }; # slskd-pub = { # hostName = "slskd.${domain}:${toString caddyPort}"; # extraConfig = '' @@ -202,6 +212,36 @@ in { }; }; + # https://github.com/diogotcorreia/dotfiles/blob/f49cda185cef30d8150a08b60112766f4fc95813/hosts/hera/firefly-iii.nix#L19 + services.firefly-iii = { + enable = true; + virtualHost = "firefly.hopper.xun.host"; + group = config.services.caddy.group; + settings = { + DB_CONNECTION = "pgsql"; + APP_KEY_FILE = config.sops.secrets.firefly.path; + }; + }; + services.postgresql = { + enable = true; + ensureUsers = [ + { + name = config.services.firefly-iii.user; + ensureDBOwnership = true; + ensureClauses.login = true; + } + ]; + ensureDatabases = [config.services.firefly-iii.user]; + }; + services.firefly-iii-data-importer = { + enable = true; + group = config.services.caddy.group; + settings = { + FIREFLY_III_URL = config.services.firefly-iii.settings.APP_URL; + FIREFLY_III_ACCESS_TOKEN = config.sops.secrets.firefly-data-importer.path; + }; + }; + systemd.services.homepage-dashboard.vpnConfinement = { enable = true; vpnNamespace = "wg"; @@ -265,6 +305,12 @@ in { icon = "kanidm"; }; } + { + "firefly iii" = { + href = "http://firefly.hopper.xun.host"; + icon = "firefly-iii"; + }; + } ]; } ]; diff --git a/sys/profiles/secrets/hopper/default.nix b/sys/profiles/secrets/hopper/default.nix index 6c51dfb..f6a1199 100644 --- a/sys/profiles/secrets/hopper/default.nix +++ b/sys/profiles/secrets/hopper/default.nix @@ -59,6 +59,17 @@ in { owner = "kanidm"; }; + firefly = { + format = "binary"; + sopsFile = ./firefly; + owner = config.services.firefly-iii.user; + }; + firefly-data-importer = { + format = "binary"; + sopsFile = ./firefly-data-importer; + owner = config.services.firefly-iii-data-importer.user; + }; + # "keycloak/db" = { # sopsFile = ./keycloak.yaml; # owner = "keycloak"; diff --git a/sys/profiles/secrets/hopper/firefly b/sys/profiles/secrets/hopper/firefly new file mode 100644 index 0000000..39d7ea6 --- /dev/null +++ b/sys/profiles/secrets/hopper/firefly @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:ayddgvGv34a02g+FcccUScOZAjlGvr7PL9EKJqMVj+3qPvrk/nVZ9JLkUqV70Q7hY2rICQ==,iv:MVmTYZj2bSAz+C3/SO2//gT6wkUwndRKjKhBTbVIjVg=,tag:nkygHiLXWHceGMXH4Ez2KQ==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKdk1KTkczV2JId0RzOEhK\nbDYza0M3UFMvdEhMaW04VWpabUJHYVJjUHhnCndMYytJdmgxeGViZDM4L1BUMzlF\nUnMwMHpQdlF1WDYyTzNRRnRBZG9SR0UKLS0tIFBwU3Rta2krT25Ob2hJWGE3eExl\namZTdWh6U2ZIL3lQcXVQd1FUSko5aXMKcGKGc/HLGtQCUzjntEZzb1ENCRY+6Ia/\nhL7sQqWQmKApL5HMqdVqord2bzlZq/D+mUMJtbDcgQ5Xttbg/8a/SQ==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMMHJMWHBDZGdJbFJibGIv\nN25lN2NwK0dKNEd0VFBxUXdEMDV6RnI4TFN3ClZvSGRpY0RtNlREcDRieHQ4MEJx\nVnRJa3VPemJtZS9DU21HUEVWOTdXRHMKLS0tIHVKa25IZjFwenpRM0VaSnJsSHhD\nMHhXcitscjByaFl4azBMMmdxZDlkN1UK4oKzevq6OGLVaj2TDtSEV2520GL9Qtae\nI/B13oBqLEjHgLcw85COsHDLppPf3viXB4jtaiy+VXgu0SwWhBtGUA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-01-21T11:41:05Z", + "mac": "ENC[AES256_GCM,data:jXcLpNqb4L5FcQsjOv5OFBGw1AHpbTgJANjRwln5OW9rYmF2pOxZ/jjfgvImoTSCm86dTA4fJR2FnSujZu0jHC2sUNGoIaU4aubGll0NP40CNETfHm9wAi/Q/VahMjCKM2wGHyuNekCM5bPXnJgGG6wLDKoAaHZLazXI1iSzFBA=,iv:RatoXbQS0/2ClOekk0R5QvFY1JhboaIsny/cAQozc9E=,tag:tD+zY68J5L9Vp0UjzEO8ag==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.2" + } +} \ No newline at end of file diff --git a/sys/profiles/secrets/hopper/firefly-data-importer b/sys/profiles/secrets/hopper/firefly-data-importer new file mode 100644 index 0000000..eac5c05 --- /dev/null +++ b/sys/profiles/secrets/hopper/firefly-data-importer @@ -0,0 +1,24 @@ +{ + "data": "ENC[AES256_GCM,data:RmAEjiE8b1bqmE0c9xWxqYJhM/H/n7ypx1zbbPFUHzHPTZWwZ+7zAbkRVfUw7p/E+VXg/bdYeuF88zFQbJD+aa6Xt506KD1Q3KZnipsUyMpkgOLyDeuSsqaokh/3/IRGVC8j1TDu/yKfMbUBFaxkhRByUCBGiEf7Lltjl+TqmmyECq2UoSKJgK8BgS2LAUsE2wYCB6/lKeL8yeh/t1RW1lw1b7pWl5Y8f0EDAPD5IlhyurtHf2Sv2QdK1qHRbNfAOWZVeRr4ZNq7h5RgP/Q1o0IBKCrvQWA9Ryh6pwbjqIaeIkJQ0l5JDfaWFDKrRPH7FB+giSYJPM5OqZIjT+7oAK6M6XxpuFmxm9Km9B8jzrVgU3v19k4pbTxIUcBC5c/2s+Vmxm1NgIK0spPhqEJXtVB6IR/v/YLySWmOo028uIMekdCpMZUoo7KtT18raOGhFg9IP6/QCy7K0DxYdYXH1R3KN3juQL83fkL3f9r3yhiM9iBUqKWku557TFF8oAg6VHZrXybU45rYnxxZunO9QYlkO7j4HmE9Lt8HOpjLZRExhtsJ6tFVykEahJdHHvcLWawn0z1PnEFgcOMf5hSOlkTFTuV3ZnbdVdy9P2R/sNoJO0xYGl4H5IMbh20I3xXT+HkkXZqwuE2uG4759ELgJmLPlFCqMNGOAFDNVJwOD8wep9PSez2bHXSYp0xeKRHRTCMAuTQR7WMDpLhHgKO3bMD473IZ7jpgO33erekPjJZKb+zMetn5/BK8iEmFCoIKc2fF3EZKfZ32l3eS0dgU/Rixmwe3lT/ZQp0+ufL9qI5HHYfbGrNy4UFDp1DvN186a5VqXqTs1cJLOzli6n8G9f3625dRlaSDJVmsRJfssOUuJwB2EgbvTM8DzALKpwiDZBu3tD+cgRJB4z5OCFCnazvYrBKQYgxQsq2+7/axuEID0RsXcS1MTj/0VtqfH1bUmlxYWhIOrVKM2wEIDgtScAvz6/FOedMHFf7c5qdkR/ZqYSWf5yyL/p6NWCk31kFfWtzuR6m8dsPk5U5r248uXXyGvfRGWyLiYjiZwgJdkBD5bp9E8hMHcKLnrQQl3YMk6pfkYI5ji/KW1pR61abQe6J0P7D9qrtiDAJCEIv3FNUiJMzUlEFKPOfKLrJGIHNnX+EZeYTKF9RlgM57g5rNACO5D/I34mz6YYkLVEmyF1IKg/UTmZfFInVKGzO0In8ZNYwKzIx0C1HGs0BWhbgDt+M28Lx/T9EFAbgNpUyPbZA5/8vL2rOFlp2hBbG7pGJbDNoM61lyf0YRlzUDCBlUt+rXbiLS,iv:gXckW5jdV3b1g6Er0pWaeBAbUDfkx3K+FTG5Rio9BzA=,tag:RxIYCdhAovSO2LaMbAgm9Q==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age17pdqkpfh6kc6wm7gxzdnwf6vphlwddv9yfpdu3j76e24y3amd9tq3avfc8", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvWDBjQjIrTkdNMFBMeW1K\ndVJwaXZvdkhMZlZoS3Z3aVZramo1VWJLdEdRClQvbk1ITDNYcUJ2eTlyQTMzQmp4\nZlFMVGVKU1drbnJneVlvOHVobjg5bzQKLS0tIDI4anFaWDhGeCsyTnhKWUI2NWw0\nL1VyK2p0VkRzUktyTTdQenlxTTJsOUUK8R+OZZ7o4gT0wHGLi4DTcWUSHGOg20a8\nbs0TPt4rpj6tg0aw/9e/pmUX39lJ6WYKwSWYNckjHMLWXjhTg/zsig==\n-----END AGE ENCRYPTED FILE-----\n" + }, + { + "recipient": "age15mgf89h220puhz48rjpwxwu4n2h4edur60w6cd8gku2hh4e5kqpsghvnyw", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZeEltNU1YWHFHY3pwcXdM\na1VhZHJxMnVTREpzTkVMTURCZTNKVkNiL3k0CmtzZGZjdjhKWm1mdjdQZ1VqVjUz\nUE8xaUxwV29aMFE5RW5lNkE4UkR5ZFUKLS0tIFhDdldMOHFzckFQVDlYVkVleUI1\nVFB1eklMMjE4MnBnZUFJQVNBRlpjeEEKjKlhj/lqfd5pMVWhfJOq6yFqEwqsMCbc\ngDyxmyf8sRALL5/WqZ7W+udReI/Gwt3ewr2VYmcNj2WnZj3MguMl+w==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2025-01-21T12:11:39Z", + "mac": "ENC[AES256_GCM,data:eVwt+Zl32OqMvevQjeKCCiQd6GR5r0Y69T8MJFUl9EZwsOo0qgJsmth8z6TPM/RkZub1UxCtnRE2kyUGZijVGdiBbUh/qsOXd+W82I6tQtK8HUCg8IcFOJ5qj8wpQ/sWd+FMhK7vesNxUM5Sk8WjmX0htSIAMLq8pw8L0wwIzjU=,iv:tqTlAx5cn6d8ZGAItL6lBiH44X9WjpvAPIY3VOa3RS4=,tag:Qj1Vv79nFGA+zlL18dZtYw==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.2" + } +} \ No newline at end of file