From bd5aa2cef59d1deefabb5709d98f4fb81cc3f1f7 Mon Sep 17 00:00:00 2001 From: Antoine Martin Date: Sat, 7 Aug 2021 15:19:45 +0200 Subject: [PATCH] services: setup fava service --- hosts/poseidon/default.nix | 6 +++ services/default.nix | 1 + services/fava.nix | 82 ++++++++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+) create mode 100644 services/fava.nix diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix index c96fc35..e45b02a 100644 --- a/hosts/poseidon/default.nix +++ b/hosts/poseidon/default.nix @@ -75,6 +75,12 @@ in enable = true; }; + fava = { + enable = true; + port = 8084; + filePath = "accounts/current.beancount"; + }; + gitea = { enable = true; privatePort = 8082; diff --git a/services/default.nix b/services/default.nix index 79b72f4..2904314 100644 --- a/services/default.nix +++ b/services/default.nix @@ -5,6 +5,7 @@ ./bitwarden_rs.nix ./borg-backup.nix ./fail2ban.nix + ./fava.nix ./gitea ./jellyfin.nix ./lohr.nix diff --git a/services/fava.nix b/services/fava.nix new file mode 100644 index 0000000..16e7b5a --- /dev/null +++ b/services/fava.nix @@ -0,0 +1,82 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.my.services.fava; + my = config.my; + domain = config.networking.domain; + secrets = config.my.secrets; +in +{ + options.my.services.fava = { + enable = lib.mkEnableOption "Fava"; + + home = mkOption { + type = types.str; + default = "/var/lib/fava"; + example = "/var/lib/fava"; + description = "Home for the fava service, where data will be stored"; + }; + + port = mkOption { + type = types.port; + default = 8080; + example = 8080; + description = "Internal port for Fava"; + }; + + filePath = mkOption { + type = types.str; + example = "my_dir/money.beancount"; + description = "File to load in Fava"; + }; + }; + + config = mkIf cfg.enable { + systemd.services.fava = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Environment = []; + ExecStart = "${pkgs.unstable.fava}/bin/fava -H 127.0.0.1 -p ${toString cfg.port} ${cfg.filePath}"; + WorkingDirectory = cfg.home; + User = "fava"; + Group = "fava"; + }; + path = with pkgs; []; + }; + + users.users.fava = { + isSystemUser = true; + home = cfg.home; + createHome = true; + group = "fava"; + }; + users.groups.fava = { }; + + services.nginx.virtualHosts = { + "fava.${domain}" = { + forceSSL = true; + useACMEHost = domain; + + listen = [ + # FIXME: hardcoded tailscale IP + { + addr = "100.80.61.67"; + port = 443; + ssl = true; + } + { + addr = "100.80.61.67"; + port = 80; + ssl = false; + } + ]; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + }; + }; + }; + }; +}