From bd5aa2cef59d1deefabb5709d98f4fb81cc3f1f7 Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Sat, 7 Aug 2021 15:19:45 +0200
Subject: [PATCH] services: setup fava service

---
 hosts/poseidon/default.nix |  6 +++
 services/default.nix       |  1 +
 services/fava.nix          | 82 ++++++++++++++++++++++++++++++++++++++
 3 files changed, 89 insertions(+)
 create mode 100644 services/fava.nix

diff --git a/hosts/poseidon/default.nix b/hosts/poseidon/default.nix
index c96fc35..e45b02a 100644
--- a/hosts/poseidon/default.nix
+++ b/hosts/poseidon/default.nix
@@ -75,6 +75,12 @@ in
       enable = true;
     };
 
+    fava = {
+      enable = true;
+      port = 8084;
+      filePath = "accounts/current.beancount";
+    };
+
     gitea = {
       enable = true;
       privatePort = 8082;
diff --git a/services/default.nix b/services/default.nix
index 79b72f4..2904314 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -5,6 +5,7 @@
     ./bitwarden_rs.nix
     ./borg-backup.nix
     ./fail2ban.nix
+    ./fava.nix
     ./gitea
     ./jellyfin.nix
     ./lohr.nix
diff --git a/services/fava.nix b/services/fava.nix
new file mode 100644
index 0000000..16e7b5a
--- /dev/null
+++ b/services/fava.nix
@@ -0,0 +1,82 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.my.services.fava;
+  my = config.my;
+  domain = config.networking.domain;
+  secrets = config.my.secrets;
+in
+{
+  options.my.services.fava = {
+    enable = lib.mkEnableOption "Fava";
+
+    home = mkOption {
+      type = types.str;
+      default = "/var/lib/fava";
+      example = "/var/lib/fava";
+      description = "Home for the fava service, where data will be stored";
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 8080;
+      example = 8080;
+      description = "Internal port for Fava";
+    };
+
+    filePath = mkOption {
+      type = types.str;
+      example = "my_dir/money.beancount";
+      description = "File to load in Fava";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.fava = {
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Environment = [];
+        ExecStart = "${pkgs.unstable.fava}/bin/fava -H 127.0.0.1 -p ${toString cfg.port} ${cfg.filePath}";
+        WorkingDirectory = cfg.home;
+        User = "fava";
+        Group = "fava";
+      };
+      path = with pkgs; [];
+    };
+
+    users.users.fava = {
+      isSystemUser = true;
+      home = cfg.home;
+      createHome = true;
+      group = "fava";
+    };
+    users.groups.fava = { };
+
+    services.nginx.virtualHosts = {
+      "fava.${domain}" = {
+        forceSSL = true;
+        useACMEHost = domain;
+
+        listen = [
+          # FIXME: hardcoded tailscale IP
+          {
+            addr = "100.80.61.67";
+            port = 443;
+            ssl = true;
+          }
+          {
+            addr = "100.80.61.67";
+            port = 80;
+            ssl = false;
+          }
+        ];
+
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${toString cfg.port}";
+        };
+      };
+    };
+  };
+}