fae: add invoiceplane

2024-06-24 23:00:22 +02:00 · 2024-06-24 23:00:22 +02:00 · 43ffecce76
parent e4a36c87eb
commit 43ffecce76
6 changed files with 106 additions and 0 deletions
--- a/flake.lock
+++ b/flake.lock
@ -164,6 +164,29 @@
        "type": "github"
      }
    },
+    "invoiceplane-template": {
+      "inputs": {
+        "flake-parts": [
+          "flake-parts"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1718578450,
+        "narHash": "sha256-Nl6/5AzCg6yoU7OlJrOz8h4w2ENXZyj3AuCFXKxZ/W0=",
+        "ref": "refs/heads/main",
+        "rev": "79b1fdc7af77863a48dd58b22af57f4729660284",
+        "revCount": 29,
+        "type": "git",
+        "url": "https://git.pub.solar/teutat3s/invoiceplane-templates.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.pub.solar/teutat3s/invoiceplane-templates.git"
+      }
+    },
    "nix-darwin": {
      "inputs": {
        "nixpkgs": [
@ -282,6 +305,7 @@
        "flake-compat": "flake-compat",
        "flake-parts": "flake-parts",
        "home-manager": "home-manager",
+        "invoiceplane-template": "invoiceplane-template",
        "nix-darwin": "nix-darwin",
        "nixos-22-05": "nixos-22-05",
        "nixos-flake": "nixos-flake",
--- a/flake.nix
+++ b/flake.nix
@ -34,6 +34,10 @@

    nixos-hardware.url = "github:nixos/nixos-hardware";

+    invoiceplane-template.url = "git+https://git.pub.solar/teutat3s/invoiceplane-templates.git";
+    invoiceplane-template.inputs.nixpkgs.follows = "nixpkgs";
+    invoiceplane-template.inputs.flake-parts.follows = "flake-parts";
+
    # PubSolarOS additions
    triton-vmtools.url = "git+https://git.pub.solar/pub-solar/infra-vintage?ref=main&dir=vmtools";
    triton-vmtools.inputs.nixpkgs.follows = "nixpkgs";
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -43,6 +43,7 @@
          ./fae
          self.nixosModules.pub-solar
          self.nixosModules.acme
+          self.nixosModules.invoiceplane
        ];
      };

--- a/hosts/fae/default.nix
+++ b/hosts/fae/default.nix
@ -1,6 +1,7 @@
 {...}: {
  imports = [
    ./paperless.nix
+    ./invoiceplane.nix
    ./fae.nix
  ];
 }
--- a/hosts/fae/invoiceplane.nix
+++ b/hosts/fae/invoiceplane.nix
@ -0,0 +1,73 @@
+{
+  flake,
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+  backupDir = "/var/lib/invoiceplane/backup";
+in {
+  security.acme.certs = {
+    "billing.faenix.eu" = {};
+  };
+
+  services.nginx.virtualHosts = {
+    "billing.faenix.eu" = {
+      forceSSL = true;
+      useACMEHost = "billing.faenix.eu";
+    };
+  };
+
+  services.invoiceplane = {
+    webserver = "nginx";
+    sites."billing.faenix.eu" = {
+      enable = true;
+
+      invoiceTemplates = [ flake.self.inputs.invoiceplane-template.packages.${pkgs.system}.invoiceplane-template ];
+
+      settings = {
+        IP_URL = "https://billing.faenix.eu";
+        DISABLE_SETUP = true;
+        SETUP_COMPLETED = true;
+      };
+
+      poolConfig = {
+        "pm" = "dynamic";
+        "pm.max_children" = 32;
+        "pm.max_requests" = 500;
+        "pm.max_spare_servers" = 4;
+        "pm.min_spare_servers" = 2;
+        "pm.start_servers" = 2;
+        "php_admin_value[date.timezone]" = "Europe/Berlin";
+        "php_admin_value[error_log]" = "/var/lib/invoiceplane/billing.faenix.eu/logs/php-error.log";
+        "php_admin_flag[display_errors]" = "off";
+        "php_admin_flag[log_errors]" = "on";
+        "catch_workers_output" = "yes";
+      };
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d '${backupDir}' 0700 root root - -"
+  ];
+
+  #services.restic.backups = {
+  #  invoiceplane = {
+  #    paths = [
+  #      backupDir
+  #      "/var/lib/invoiceplane/billing.faenix.eu"
+  #    ];
+  #    initialize = true;
+  #    passwordFile = config.age.secrets."restic-password".path;
+  #    # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
+  #    repository = "rclone:cloud.pub.solar:/backups/InvoicePlane";
+  #    backupPrepareCommand = ''
+  #      PW=$(cat ${config.age.secrets."invoiceplane-db-password".path})
+  #      ${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql"
+  #    '';
+  #    rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
+  #  };
+  #};
+}
--- a/hosts/fae/paperless.nix
+++ b/hosts/fae/paperless.nix
@ -57,6 +57,9 @@ in {

    virtualHosts = {
      "paperless.faenix.eu" = {
+        #listenAddresses = [
+        #  "192.168.13.35"
+        #];
        forceSSL = true;
        useACMEHost = "paperless.faenix.eu";
        locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.paperless.port}";