nix-config/config/services/firefly.nix

44 lines
1 KiB
Nix
Raw Normal View History

2024-12-20 20:40:27 +01:00
{
config,
nodes,
globals,
...
}:
2024-04-05 13:31:30 +02:00
{
2024-07-26 22:12:48 +02:00
i18n.supportedLocales = [ "all" ];
2024-12-20 20:40:27 +01:00
wireguard.services = {
client.via = "nucnix";
firewallRuleForNode.nucnix-nginx.allowedTCPPorts = [ 80 ];
2024-04-02 21:57:59 +02:00
};
2024-04-24 01:00:57 +02:00
age.secrets.appKey = {
generator.script = _: ''
echo "base64:$(head -c 32 /dev/urandom | base64)"
'';
owner = "firefly-iii";
};
2024-04-02 21:57:59 +02:00
services.firefly-iii = {
enable = true;
2024-04-24 01:00:57 +02:00
enableNginx = true;
2024-12-20 20:40:27 +01:00
virtualHost = globals.services.firefly.domain;
2024-04-02 21:57:59 +02:00
settings = {
2024-12-20 20:40:27 +01:00
APP_URL = "https://${globals.services.firefly.domain}";
2024-04-02 21:57:59 +02:00
TZ = "Europe/Berlin";
2024-12-20 20:40:27 +01:00
TRUSTED_PROXIES = nodes.nucnix-nginx.config.wireguard.services.ipv4;
SITE_OWNER = "firefly-admin@${globals.domains.mail_public}";
2024-04-24 01:00:57 +02:00
APP_KEY_FILE = config.age.secrets.appKey.path;
2024-05-24 22:03:14 +02:00
AUTHENTICATION_GUARD = "remote_user_guard";
AUTHENTICATION_GUARD_HEADER = "X-User";
AUTHENTICATION_GUARD_EMAIL = "X-Email";
2024-04-02 21:57:59 +02:00
};
};
2024-04-05 15:07:54 +02:00
environment.persistence."/persist".directories = [
{
directory = "/var/lib/firefly-iii";
2024-04-05 21:54:41 +02:00
user = "firefly-iii";
2024-04-05 15:07:54 +02:00
}
];
2024-04-02 21:57:59 +02:00
}