add hledger

home/jokke/default.nix

@@ -24,6 +24,9 @@
       darktable
       openscad
       shutter
+      hledger
+      hledger-ui
+      hledger-iadd
     ];
 
     gnome.profilePicture = ../assets/profile-pictures/jokke.png;

hosts/freun-dev/secrets.nix

@@ -41,5 +41,9 @@
         file = ../../secrets/hastebin-tokens.age;
         owner = if (config.services.hastebin.enable) then config.users.users.hastebin.name else "root";
       };
+      hledger-basic-auth = {
+        file = ../../secrets/hledger-basic-auth.age;
+        owner = if (config.services.hledger-web.enable) then "nginx" else "root";
+      };
     };
 }

hosts/freun-dev/services.nix

@@ -375,5 +375,17 @@ in
       enable = true;
       subdomain = "irc";
     };
+
+    hledger-web = {
+      enable = true;
+      subdomain = "ledger";
+      stateDir = "${syncthingDataDir}/ledger";
+      basicAuthFile = secrets.hledger-basic-auth.path;
+      user = config.systemd.services.syncthing.serviceConfig.User;
+      group = config.systemd.services.syncthing.serviceConfig.Group;
+      journalFiles = [
+        "main.ldg"
+      ];
+    };
   };
 }

modules/services/default.nix

@@ -24,5 +24,6 @@
     ./mosquitto.nix
     ./home-assistant.nix
     ./weechat.nix
+    ./hledger-web.nix
   ];
 }

modules/services/hledger-web.nix

@@ -0,0 +1,43 @@
+{ config, lib, ... }:
+let
+  cfg = config.services.hledger-web;
+  fqdn = "${cfg.subdomain}.${config.networking.domain}";
+in
+{
+  options.services.hledger-web = {
+    subdomain = lib.mkOption {
+      type = lib.types.str;
+    };
+    basicAuthFile = lib.mkOption {
+      type = lib.types.path;
+    };
+    user = lib.mkOption {
+      type = lib.types.str;
+    };
+    group = lib.mkOption {
+      type = lib.types.str;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services = {
+      hledger-web = {
+        allow = lib.mkDefault "edit";
+        baseUrl = "https://${fqdn}";
+      };
+
+      webserver = {
+        enable = lib.mkDefault true;
+        vHosts.${fqdn}.locations."/" = {
+          proxyPort = cfg.port;
+          basicAuthFile = cfg.basicAuthFile;
+        };
+      };
+    };
+
+    systemd.services.hledger-web.serviceConfig = {
+      User = lib.mkForce cfg.user;
+      Group = lib.mkForce cfg.group;
+    };
+  };
+}

modules/services/webserver.nix

@@ -13,6 +13,10 @@ let
           type = lib.types.nullOr lib.types.path;
           default = null;
         };
+        basicAuthFile = lib.mkOption {
+          type = lib.types.nullOr lib.types.path;
+          default = null;
+        };
         extraConfig = lib.mkOption {
           type = lib.types.str;
           default = "";
@@ -91,9 +95,10 @@ in
                 proxyPort,
                 extraConfig,
                 root,
+                basicAuthFile,
               }:
               lib.mergeAttrsList [
-                { inherit extraConfig root; }
+                { inherit extraConfig root basicAuthFile; }
                 (
                   if (lib.isInt proxyPort) then
                     {

secrets/hledger-basic-auth.age

@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 osOCZA gReLtbgzdbsykLo/OWs/S0CWvvUJr0B/660n5NtQO3Q
+lxP6i2EA0ZvM9ShkM7012TLs47fP+sKzOAJehgvZEoU
+-> ssh-ed25519 DFiohQ OPP2MdPUYqMuViWTiNavSyXqxfxIRMx+tMKip094ohM
+lLxrJF672ZkbY3ynX7Wrx3srJvg1gfFeynZMeIYL4II
+-> ssh-ed25519 PT7ffg v0j5GfBvjmf4qNiyVr/foSp2Zw8sJOmjikWa68yoNnI
+WwhUOPXdrrs2ezKfYaUdT0EV/b7U3267E5bpy+RGyxU
+--- v/hWe76x98rBQgOhANw5wsaE3hlCaFKYSl+x8KjnRNQ
+:bl	
+‰~E¡3ã®éåN<C3A5>"]Œ`´Âª¨ c#Ç;¯vt½=‚A<>ƒ)ÍÕa¦/<Mì›®áŠl#ˆ~¾ÖU
ïgfí£„¦ò½RÉ;<<3C>­%á†:!ã$)!Sž¯È<C2AF>‡

secrets/secrets.nix

@@ -37,4 +37,5 @@ in
   "gitlab-runner/default.age".publicKeys = users ++ [ freun-dev ];
   "gitlab-runner/docker.age".publicKeys = users ++ [ freun-dev ];
   "hetzner.age".publicKeys = users ++ [ apu ];
+  "hledger-basic-auth.age".publicKeys = users ++ [ freun-dev ];
 }