39 lines
957 B
Nix
39 lines
957 B
Nix
{
|
|
config,
|
|
nodes,
|
|
lib,
|
|
...
|
|
}: {
|
|
wireguard.elisabeth = {
|
|
client.via = "elisabeth";
|
|
firewallRuleForNode.elisabeth.allowedTCPPorts = [80];
|
|
};
|
|
|
|
age.secrets.appKey = {
|
|
generator.script = _: ''
|
|
echo "base64:$(head -c 32 /dev/urandom | base64)"
|
|
'';
|
|
owner = "firefly-iii";
|
|
};
|
|
|
|
services.firefly-iii = {
|
|
enable = true;
|
|
enableNginx = true;
|
|
virtualHost = "money.${config.secrets.secrets.global.domains.web}";
|
|
settings = {
|
|
APP_URL = lib.mkForce "https://money.${config.secrets.secrets.global.domains.web}";
|
|
TZ = "Europe/Berlin";
|
|
TRUSTED_PROXIES = nodes.elisabeth.config.wireguard.elisabeth.ipv4;
|
|
SITE_OWNER = "firefly-admin@${config.secrets.secrets.global.domains.mail_public}";
|
|
APP_KEY_FILE = config.age.secrets.appKey.path;
|
|
};
|
|
};
|
|
|
|
environment.persistence."/persist".directories = [
|
|
{
|
|
directory = "/var/lib/firefly-iii";
|
|
user = "firefly-iii";
|
|
}
|
|
];
|
|
}
|