Setup Firefly III

modules/hosts/nixos/nixnuc/default.nix

@@ -84,6 +84,8 @@ in {
          3000 # PsiTransfer in oci-container
          3001 # immich-kiosk in compose
          3002 # grafana
+         3005 # Firefly III
+         3006 # Firefly III Data Importer
          3030 # Forgejo
          8001 # Tube Archivist
          8384 # Syncthing gui
@@ -177,6 +179,24 @@ in {
       '';
       passwordFile = "${config.sops.secrets.gandi_api.path}";
     };
+    firefly-iii = {
+      enable = true;
+      enableNginx = true;
+      settings.APP_KEY_FILE = "${config.sops.secrets.firefly_app_key.path}";
+      virtualHost = "budget.${home_domain}";
+    };
+    firefly-iii-data-importer = {
+      enable = true;
+      enableNginx = true;
+      settings = {
+        FIREFLY_III_URL = "http://localhost:3005";
+        VANITY_URL_FILE = "${config.sops.secrets.firefly_vanity_url.path}";
+        FIREFLY_III_ACCESS_TOKEN_FILE = "${config.sops.secrets.firefly_pat_data_import.path}";
+        SIMPLEFIN_TOKEN_FILE = "${config.sops.secrets.firefly_simplefin_token.path}";
+        TZ = "America/New_York";
+      };
+      virtualHost = "budget-importer.${home_domain}";
+    };
     forgejo = {
       enable = true;
       database.type = "postgres";
@@ -349,6 +369,9 @@ in {
           forceSSL = true;
           locations."/".proxyPass = "http://${backend_ip}:8888";
         };
+        # budget.${home_domain}
+        "${config.services.firefly-iii.virtualHost}".listen = [{ port = 3005; addr = "0.0.0.0"; ssl = false; }];
+        "${config.services.firefly-iii-data-importer.virtualHost}".listen = [{ port = 3006; addr = "0.0.0.0"; ssl = false; }];
         "git.${home_domain}" = {
           listen = [{ port = https_port; addr = "0.0.0.0"; ssl = true; }];
           enableACME = true;
@@ -638,6 +661,31 @@ in {
     age.keyFile = "${config.users.users.${username}.home}/.config/sops/age/keys.txt";
     defaultSopsFile = ./secrets.yaml;
     secrets = {
+      firefly_app_key = {
+        owner = config.services.firefly-iii.user;
+        restartUnits = ["nginx.service"];
+      };
+      firefly_pat_data_import = {
+        owner = config.services.firefly-iii-data-importer.user;
+        restartUnits = [
+          "firefly-iii-data-importer-setup.service"
+          "phpfpm-firefly-iii-data-importer.service"
+        ];
+      };
+      firefly_simplefin_token = {
+        owner = config.services.firefly-iii-data-importer.user;
+        restartUnits = [
+          "firefly-iii-data-importer-setup.service"
+          "phpfpm-firefly-iii-data-importer.service"
+        ];
+      };
+      firefly_vanity_url = {
+        owner = config.services.firefly-iii-data-importer.user;
+        restartUnits = [
+          "firefly-iii-data-importer-setup.service"
+          "phpfpm-firefly-iii-data-importer.service"
+        ];
+      };
       home_assistant_token = {
         owner = config.users.users.prometheus.name;
         restartUnits = ["prometheus.service"];

modules/hosts/nixos/nixnuc/secrets.yaml

@@ -1,6 +1,10 @@
 tailscale_key: ENC[AES256_GCM,data:d6Fgyr6SXhj3/rVu+KvNqHUODIH6aFqL+eKaITO7zRVhwrwRxcHVT901Ts8RjkMhZjWHOlC45AUBA/ZMFA==,iv:X22cerxp5Ak/nWTQAvy2/cN6zqfarg4mJhKmYAzeqIQ=,tag:b5jNpanzIYGaUEoTJzwh1g==,type:str]
 local_git_config: ENC[AES256_GCM,data:P5a6cABRQOA5apaDHdDcTEyXFMbewO/G0Jx9JR7REEH9r32eKKN7lGSfw79oG2jrbrlTtAgSvrbCWx0xaMbiGON0164SKX3zU9whOgljNzgqxVI32KxeWHe9ljef/Gj9y4Q0zedKF4M93qv5CmeZKn6+mK0ltctZANdXbEI=,iv:Dh8JOHqxCJ82OVE8EW4XEaamZBZ+dn+OHi5bPx6ksDs=,tag:JqfHmsdATxfn1IeVSwV8iA==,type:str]
 local_private_env: ENC[AES256_GCM,data:qOPXTS2uo/1jyVEKCtBvuK/dzZaPf1K5tHuSVF2hBg4fdPYIsDPkM108cGVxJviebB3xVZejn/JVOdUDXQj6,iv:TtyMTOJXaPUrbSaAdtMaGPBlwLl/Y/IBYVCzhhiZozY=,tag:hUyVL8xk3w1iMwNAZw5QUw==,type:str]
+firefly_app_key: ENC[AES256_GCM,data:sNaqRgFOSmdSS0lCmEG8Nxy/3N7F/hQyS6iPnwau3sQbm6zCL5j6qfuvJtMx7C5NePMW,iv:WT16cRGiDRaOjNwP8d0Ee71K9wTH2xOjGwj2osinF/8=,tag:MNaGAEDBPYJRsNJn7QTSaA==,type:str]
+firefly_pat_data_import: ENC[AES256_GCM,data:mZ32gVaDZGEnpsu4HBHeIZ8UtkTQMrHNWp6iv1jOxsUNJlswWS0kU3IN/sVRWT734KcBGUnriWcXIFvZTx6KXhOjWdEYXyO+g9ws88CWCAguCssiPJI23XaDwMhaqjWRvauzPgjzGXdvg4pFs+myxui+MkLyqcv/ZOBoMt85Nn/M6xuMyyzzmalvTtovCgkja3LJDgxCK7AZoGkXK3X9v15ShHaAjM6mEYkSpONeprew+a7PfmPkM8ynMMOgdCQbRLf/34tLXnTer9qL/kz/Xt14PZsQ5+Fj+fxVwt08xv4FWi3VqUR9wL4Fs4G/yJQHUkDQXDcCk67+TgHxFnsYcxZw6k0ue8u1Ab1aDPyEhUD/UwyzTKyIjzCCIc8NBnst6o8kV62d6ei7dG4PWvNk8m2yNhZVlvoKEjmvZg0Bxv7xGniSimXpvTcMs18+mB0nOcYFUZJf6S0tolcClEDBEegwf0kD+p2F7jXsUjcJsaxqh9Xk215qbTi9iRVtQMWfPO8dCo4EC9vs7MFNmtJsGEp0WR2nwGFh7eIRbzug5+HC5OtUEGbmIUhLmTYnrohkJUKauMYALeYUS7j8GwFdfN0qT0N5r1d5OC/uOih2W5jWiMsOkNWKlaxZ/D1TOTYjLdcHCmIDlQHv9XVFUketsy6KPyg3XkmicKYq18xMi2pkWwGwDV0rd0aqHqRLTNfj3BoXI53eWSsZo8CKuUgWyXM4mIRy7yle2s52a2Idsc8/Zx42MmbWov3c5CNaQDjaseTSO8bv57U30GBY43UBJ4n+p6AIBnXQAN9d/YQ2Wvphe80ZdqyfHzTgj+6PEQKFXzs4KJDE83es/1+HVZdKehpUksenPeQ8UAxoIFtgFjdz6p9JBdXcuFhkWs6oAT96VQtkS6aHgOOUSTN2+H0Q/l6yvIvQB/QcI88r4BiU2vroGqzuVRCbgaXZqjUU06lS608gJOGqIe2a2bHbxwKU+SHEglTdDzRP4n02v8Ua5+BpcWVmhamEzd+8qhLEp/awYi9rd2Kc38T/vowsumLQAvfuZHUt8ySS1JEsyjrWsXQ/cfAiKMeTWkL7b2vEmvx30D8Acz68wDmXwxI/pWDKSe+jagegkmPWVnGQz7MATfApjIl4ZksDQH/O88WrYVF71YYfhA2Qpxr+2FHJ0F2kTPV6tv3QPcteJH4s8pVXvgpYZ050FL9/gJ+gB4rt23Lp0pGW+WEo6YenZ0plbWe4ixf8+U4he5eecGAlAYFEVYZnl6WKLLhX9/xMG9vNJODnUxF97csMPDYiGBhupT8dVk6+1ww=,iv:L0Ff7RYYOPqPeR81LJuTMZ5dsmeQrJtfO1e7Aei+tc4=,tag:wK5s7gRQNpk2aOnsIhtr2A==,type:str]
+firefly_simplefin_token: ENC[AES256_GCM,data:xJGII+ChIinSpJt+DNU8k8xtgxZkQPmr+02MpO39SylPI6qLHUiXib8xHGrxSSoux19dVdUVXsGO3jRsdIfrX4R6vt/zrIi7yK2gSTZaaoYI1nRg125aino1tIu1Xc+btbro26gDUL8ExlGOg+xvCdPrsmEPbuxVEKm1XxSOOjfvHFjhaMr8XV8/ewqcf5fYlUXEOtNyb6TCrNnp1eSp8+/Uii9GU5O8dlCt1Rof2wNeGQD4lV+lRZqOD0QX2aL5fyXxNUm5W8qFXLiscS8XCl0x2MM9X/mSQ6PC9MlY4WOHXw9/1S3jiVpUyM0U7wJO,iv:+/EwhdcfEwDm+1nhMuIFMiRvT/wbH+vIsmiOLP8bX8g=,tag:RjBomarf49a3xT2TPSTV+A==,type:str]
+firefly_vanity_url: ENC[AES256_GCM,data:ypIv2VA/B8RStW5Ifj5J20n/MI+jevd0vYrJPchERpt+txPJ0fo=,iv:16/hQyr/TJgLlNjJSUirEpth7jSHP/ooXQ/Vr97wBiA=,tag:p4WiNKm1zkizQCOFVKcW0Q==,type:str]
 home_assistant_token: ENC[AES256_GCM,data:fNpoH60rXAsoVx/NBoDobDw/e6IoeoZfef1uDR7HbmnHNI101b+kQKkB8wBXEDLf7MlqlXVc1ExlgYFUo7+h2msx4WZUCGzuHtp1cMP0O9s2PZoQU8KQM2Frd69vOUcOT5y5ShJZPRrf6H2UKrm//3jE9zDOxxy3cQj6Q+jQLXX4AfZ12JAKzSiee9URWdU8eCHbnquUl1RNHF7zZQ8Mr9m41sBOrpBXt7ErsrhxxRhwlk7qprLt,iv:1j/QmOkLYd7nA+wXS49drBHU09HzMP3XxPbPdaErV6E=,tag:ftyOeNaN5PwNebeMPNAmTg==,type:str]
 immich_kiosk_basic_auth: ENC[AES256_GCM,data:R/vaYXe0SRwSUg8zC367vA/OYhjIcgfbHxR3OhLt1YYUhPNXVuUGmn199zLD,iv:GBEjJKvbwHAS75negE2whTlI4wS8K2nQYNm3015DFoY=,tag:zs+bJEr9JlIrJtikHycN4g==,type:str]
 mealie: ENC[AES256_GCM,data:fZFBWlh/nbxK0GA6+fb1FK6aFfbiV/GsBYKYRPgavcsB9h4HwRSZN94gPQ3AfGnk1q08ORPBYShNUIaVdsf4+t3taDC7bNTwPqFGRxoeKOU15BPj6Fpw7SHlplApUg7RDmuTWZuXDH0F49N+09GU/Lc26ewHMAzL8CtGg/H7s3CQfFEqCYYcXJeUcnNDu6PRnKFIAppflSScREp29CUf/IfTYQXidQC25upZgcvGJ+dCTDyNFftlhQiFQh8nFRFVJfKk4iBqnig3fOYsTD32ohAotfDGsSUWb9yjoYQNnNn0V14/,iv:WRFiBtavTP3iP5YSaCMkd7ag8ccx1BO76Vlw6axPkJU=,tag:4BhAxbF8JUB0MV12yx86uQ==,type:str]
@@ -20,7 +24,7 @@ sops:
             bHZlNTZDV2NYU1hQQy9mem80SFF6TFkKfmjkJBfTdh0vTtGaVx1t3tHJvSsAwdYD
             PF025X9U+yG2oIopwXEVBkxcD70eyuJn3OqH0xoVLBkbhNM9i8LHrA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-16T23:59:14Z"
-    mac: ENC[AES256_GCM,data:0LA6+4HwqHAlwvCLN0n8n3eo7bnzhwmmwUVxJ1jOmJzyYXwDQ84LqxS/A5gOevMigBlgNnwZ+8BQrWBS7/mBYV6PGWmjXN/qEXKdRMddtBDlHKENdGb+7DeGy8F77muTbwYR9GsnCROGvJZyOfVF6DFWZB6vRgdsiTP6VK6KD8c=,iv:NHUyvx2BCASzLZKRBiUc73F60/pwNQ2zNmQAEF2MuRE=,tag:zLIncSbtmnVEpFLt32EzNA==,type:str]
+    lastmodified: "2025-10-06T12:07:03Z"
+    mac: ENC[AES256_GCM,data:9CiwZouVAkxj8kFANfD5rXltouVZ5C1Pd8a10TeC61uCtqAJkDxDTD4odZZcODUtKigCmtgo2q1ru9njBhbW463IOEDFhdQ1mPVbWVXmyLNuSpQAfH2pFyy1kWuOj2Ol00qO/bca5ng/Yi+nAEHLUgOJSkU31DMWRBR5b3080IM=,iv:HkwXc7Oibp90D/no66PcwwNR+UfbwqdDvXHBz3+D2Oo=,tag:2mM7zEA+mHG9Oi3lOgqWLA==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2