From 7d2e36bdd0747c006a830d2f3889b96f9cc2318f Mon Sep 17 00:00:00 2001 From: JuliusFreudenberger Date: Sat, 19 Mar 2022 20:02:37 +0100 Subject: [PATCH] Add firefly --- firefly3/.env | 313 ++++++++++++++++++++++++++++++++++++ firefly3/README.md | 15 ++ firefly3/docker-compose.yml | 47 ++++++ 3 files changed, 375 insertions(+) create mode 100644 firefly3/.env create mode 100644 firefly3/README.md create mode 100644 firefly3/docker-compose.yml diff --git a/firefly3/.env b/firefly3/.env new file mode 100644 index 0000000..a40df14 --- /dev/null +++ b/firefly3/.env @@ -0,0 +1,313 @@ +# You can leave this on "local". If you change it to production most console commands will ask for extra confirmation. +# Never set it to "testing". +APP_ENV=local + +# Set to true if you want to see debug information in error screens. +APP_DEBUG=false + +# This should be your email address. +# If you use Docker or similar, you can set this variable from a file by using SITE_OWNER_FILE +SITE_OWNER=mail@example.com + +# The encryption key for your sessions. Keep this very secure. +# Change it to a string of exactly 32 chars or use something like `php artisan key:generate` to generate it. +# If you use Docker or similar, you can set this variable from a file by using APP_KEY_FILE +APP_KEY=SomeRandomStringOf32CharsExactly + +# Firefly III will launch using this language (for new users and unauthenticated visitors) +# For a list of available languages: https://github.com/firefly-iii/firefly-iii/tree/main/resources/lang +# +# If text is still in English, remember that not everything may have been translated. +DEFAULT_LANGUAGE=de_DE + +# The locale defines how numbers are formatted. +# by default this value is the same as whatever the language is. +DEFAULT_LOCALE=equal + +# Change this value to your preferred time zone. +# Example: Europe/Amsterdam +# For a list of supported time zones, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +TZ=Europe/Berlin + +# TRUSTED_PROXIES is a useful variable when using Docker and/or a reverse proxy. +# Set it to ** and reverse proxies work just fine. +TRUSTED_PROXIES=** + +# The log channel defines where your log entries go to. +# Several other options exist. You can use 'single' for one big fat error log (not recommended). +# Also available are 'syslog', 'errorlog' and 'stdout' which will log to the system itself. +# A rotating log option is 'daily', creates 5 files that (surprise) rotate. +# A cool option is 'papertrail' for cloud logging +# Default setting 'stack' will log to 'daily' and to 'stdout' at the same time. +LOG_CHANNEL=stack + +# +# Used when logging to papertrail: +# +PAPERTRAIL_HOST= +PAPERTRAIL_PORT= + +# Log level. You can set this from least severe to most severe: +# debug, info, notice, warning, error, critical, alert, emergency +# If you set it to debug your logs will grow large, and fast. If you set it to emergency probably +# nothing will get logged, ever. +APP_LOG_LEVEL=notice + +# Audit log level. +# Set this to "emergency" if you dont want to store audit logs, leave on info otherwise. +AUDIT_LOG_LEVEL=info + +# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III +# For other database types, please see the FAQ: https://docs.firefly-iii.org/support/faq +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +# Use "pgsql" for PostgreSQL +# Use "mysql" for MySQL and MariaDB. +# Use "sqlite" for SQLite. +DB_CONNECTION=pgsql +DB_HOST=db +DB_PORT=5432 +DB_DATABASE=firefly +DB_USERNAME=firefly +DB_PASSWORD=firefly + +# MySQL supports SSL. You can configure it here. +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +#MYSQL_USE_SSL=false +#MYSQL_SSL_VERIFY_SERVER_CERT=true +# You need to set at least of these options +#MYSQL_SSL_CAPATH=/etc/ssl/certs/ +#MYSQL_SSL_CA= +#MYSQL_SSL_CERT= +#MYSQL_SSL_KEY= +#MYSQL_SSL_CIPHER= + +# PostgreSQL supports SSL. You can configure it here. +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +PGSQL_SSL_MODE=prefer +PGSQL_SSL_ROOT_CERT=null +PGSQL_SSL_CERT=null +PGSQL_SSL_KEY=null +PGSQL_SSL_CRL_FILE=null + +# If you're looking for performance improvements, you could install memcached or redis +CACHE_DRIVER=file +SESSION_DRIVER=file + +# If you set either of the options above to 'redis', you might want to update these settings too +# If you use Docker or similar, you can set REDIS_HOST_FILE, REDIS_PASSWORD_FILE or +# REDIS_PORT_FILE to set the value from a file instead of from an environment variable + +# can be tcp, unix or http +REDIS_SCHEME=tcp + +# use only when using 'unix' for REDIS_SCHEME. Leave empty otherwie. +REDIS_PATH= + +# use only when using 'tcp' or 'http' for REDIS_SCHEME. Leave empty otherwise. +REDIS_HOST=127.0.0.1 +REDIS_PORT=6379 +REDIS_PASSWORD=null + +# always use quotes and make sure redis db "0" and "1" exists. Otherwise change accordingly. +REDIS_DB="0" +REDIS_CACHE_DB="1" + +# Cookie settings. Should not be necessary to change these. +# If you use Docker or similar, you can set COOKIE_DOMAIN_FILE to set +# the value from a file instead of from an environment variable +# Setting samesite to "strict" may give you trouble logging in. +COOKIE_PATH="/" +COOKIE_DOMAIN= +COOKIE_SECURE=false +COOKIE_SAMESITE=lax + +# If you want Firefly III to email you, update these settings +# For instructions, see: https://docs.firefly-iii.org/advanced-installation/email +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MAIL_MAILER=smtp +MAIL_HOST=mail.jfreudenberger.de +MAIL_PORT=465 +MAIL_FROM=system@jfreudenberger.de +MAIL_USERNAME=system@jfreudenberger.de +MAIL_PASSWORD=null +MAIL_ENCRYPTION=tls + +# Other mail drivers: +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MAILGUN_DOMAIN= +MAILGUN_SECRET= + + +# If you are on EU region in mailgun, use api.eu.mailgun.net, otherwise use api.mailgun.net +# If you use Docker or similar, you can set this variable from a file by appending it with _FILE +MAILGUN_ENDPOINT=api.mailgun.net + +# If you use Docker or similar, you can set these variables from a file by appending them with _FILE +MANDRILL_SECRET= +SPARKPOST_SECRET= + +# Firefly III can send you the following messages. +SEND_REGISTRATION_MAIL=true +SEND_ERROR_MESSAGE=true +SEND_LOGIN_NEW_IP_WARNING=true + +# These messages contain (sensitive) transaction information: +SEND_REPORT_JOURNALS=true + +# Set this value to true if you want to set the location +# of certain things, like transactions. Since this involves an external service, it's optional +# and disabled by default. +ENABLE_EXTERNAL_MAP=false + +# The map will default to this location: +MAP_DEFAULT_LAT=51.983333 +MAP_DEFAULT_LONG=5.916667 +MAP_DEFAULT_ZOOM=6 + +# +# Firefly III authentication settings +# + +# +# Firefly III supports a few authentication methods: +# - 'web' (default, uses built in DB) +# - 'ldap' +# - 'remote_user_guard' for Authelia etc +# Read more about these settings in the documentation. +# https://docs.firefly-iii.org/advanced-installation/authentication +AUTHENTICATION_GUARD=web + +# +# Your LDAP server may speak a dialect. You can choose between 'OpenLDAP' and 'ActiveDirectory' +# Anything else defaults to 'ActiveDirectory' +# +LDAP_DIALECT=OpenLDAP + +# +# LDAP connection settings: +# +LDAP_HOST=ldap.yourserver.com +LDAP_PORT=389 +LDAP_TIMEOUT=5 +LDAP_SSL=false +LDAP_TLS=false + +LDAP_BASE_DN="o=something,dc=site,dc=com" +LDAP_USERNAME="uid=X,ou=,o=,dc=something,dc=com" +LDAP_PASSWORD=super_secret + +LDAP_AUTH_FIELD=uid + +# +# If you wish to only authenticate users from a specific group, use the base DN above. +# +# If you require extra/special filters please use the LDAP_EXTRA_FILTER with a valid DN. +# +# The extra filter will only be applied after the user is authenticated. +# +LDAP_EXTRA_FILTER= + +# +# Remote user guard settings +# +AUTHENTICATION_GUARD_HEADER=REMOTE_USER +AUTHENTICATION_GUARD_EMAIL= + +# +# Extra authentication settings +# +CUSTOM_LOGOUT_URL= + +# You can disable the X-Frame-Options header if it interferes with tools like +# Organizr. This is at your own risk. Applications running in frames run the risk +# of leaking information to their parent frame. +DISABLE_FRAME_HEADER=false + +# You can disable the Content Security Policy header when you're using an ancient browser +# or any version of Microsoft Edge / Internet Explorer (which amounts to the same thing really) +# This leaves you with the risk of not being able to stop XSS bugs should they ever surface. +# This is at your own risk. +DISABLE_CSP_HEADER=false + +# If you wish to track your own behavior over Firefly III, set valid analytics tracker information here. +# Nobody uses this except for me on the demo site. But hey, feel free to use this if you want to. +# Do not prepend the TRACKER_URL with http:// or https:// +# The only tracker supported is Matomo. +# You can set the following variables from a file by appending them with _FILE: +TRACKER_SITE_ID= +TRACKER_URL= + +# +# Firefly III supports webhooks. These are security sensitive and must be enabled manually first. +# +ALLOW_WEBHOOKS=false + +# +# The static cron job token can be useful when you use Docker and wish to manage cron jobs. +# 1. Set this token to any 32-character value (this is important!). +# 2. Use this token in the cron URL instead of a user's command line token. +# +# For more info: https://docs.firefly-iii.org/firefly-iii/advanced-installation/cron/ +# +STATIC_CRON_TOKEN=SomeRandomStringOf32CharsExactly + +# You can fine tune the start-up of a Docker container by editing these environment variables. +# Use this at your own risk. Disabling certain checks and features may result in lost of inconsistent data. +# However if you know what you're doing you can significantly speed up container start times. +# Set each value to true to enable, or false to disable. + +# Check if the SQLite database exists. Can be skipped if you're not using SQLite. +# Won't significantly speed up things. +DKR_CHECK_SQLITE=true + +# Run database creation and migration commands. Disable this only if you're 100% sure the DB exists +# and is up to date. +DKR_RUN_MIGRATION=true + +# Run database upgrade commands. Disable this only when you're 100% sure your DB is up-to-date +# with the latest fixes (outside of migrations!) +DKR_RUN_UPGRADE=true + +# Verify database integrity. Includes all data checks and verifications. +# Disabling this makes Firefly III assume your DB is intact. +DKR_RUN_VERIFY=true + +# Run database reporting commands. When disabled, Firefly III won't go over your data to report current state. +# Disabling this should have no impact on data integrity or safety but it won't warn you of possible issues. +DKR_RUN_REPORT=true + +# Generate OAuth2 keys. +# When disabled, Firefly III won't attempt to generate OAuth2 Passport keys. This won't be an issue, IFF (if and only if) +# you had previously generated keys already and they're stored in your database for restoration. +DKR_RUN_PASSPORT_INSTALL=true + +# Leave the following configuration vars as is. +# Unless you like to tinker and know what you're doing. +APP_NAME=FireflyIII +ADLDAP_CONNECTION=default +BROADCAST_DRIVER=log +QUEUE_DRIVER=sync +CACHE_PREFIX=firefly +PUSHER_KEY= +IPINFO_TOKEN= +PUSHER_SECRET= +PUSHER_ID= +DEMO_USERNAME= +DEMO_PASSWORD= +IS_HEROKU=false +FIREFLY_III_LAYOUT=v1 + +# +# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable. +# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking. +# This configuration value WILL NOT HELP. +# +# Notable exception to this rule is Synology, which, according to some users, will use APP_URL to rewrite stuff. +# +# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else. +# So when configuring anything WEB related this variable doesn't do anything. Nothing +# +# If you're stuck I understand you get desperate but look SOMEWHERE ELSE. +# +APP_URL=https://firefly.jfreudenberger.de + diff --git a/firefly3/README.md b/firefly3/README.md new file mode 100644 index 0000000..1fb8b46 --- /dev/null +++ b/firefly3/README.md @@ -0,0 +1,15 @@ +# fireflyiii + +Firefly III is a manager for your personal finances. +It is self-hosted and open source. +This means that it's free, it has no ads and no tracking. + +## Important step when deploying +Several environment variables have to be set: +- firefly_version +- postgres_version +Firefly specific: +- APP_KEY: A random string of exactly 32 chars +- STATIC_CRON_TOKEN: A random string of exactly 32 chars +- MAIL_PASSWORD: The password for the mail account + diff --git a/firefly3/docker-compose.yml b/firefly3/docker-compose.yml new file mode 100644 index 0000000..25f138f --- /dev/null +++ b/firefly3/docker-compose.yml @@ -0,0 +1,47 @@ +version: '3.3' + +services: + app: + image: fireflyiii/core:${firefly_version:-latest} + volumes: + - firefly_iii_upload:/var/www/html/storage/upload + env_file: .env + environment: + - APP_KEY=${APP_KEY:-SomeRandomStringOf32CharsExactly} + - MAIL_PASSWORD=${MAIL_PASSWORD:-null} + - STATIC_CRON_TOKEN=${STATIC_CRON_TOKEN:-SomeRandomStringOf32CharsExactly} + - VIRTUAL_HOST=firefly.jfreudenberger.de # the domain where the service should be reached + - VIRTUAL_PORT=8080 # the port the service listens in the container + - LETSENCRYPT_HOST=firefly.jfreudenberger.de # the same domain as VIRTUAL_HOST; this enables ssl + depends_on: + - db + networks: + - firefly + - webproxy + + db: + image: postgres:${postgres_version:-14} + environment: + - POSTGRES_USER=firefly + - POSTGRES_PASSWORD=firefly + - POSTGRES_DB=firefly + volumes: + - firefly_iii_db:/var/lib/postgresql/data + networks: + - firefly + + cron: + image: alpine + command: sh -c "echo \"0 3 * * * wget -qO- http://app:8080/api/v1/cron/${STATIC_CRON_TOKEN:-SomeRandomStringOf32CharsExactly}\" | crontab - && crond -f -L /dev/stdout" + networks: + - firefly + +volumes: + firefly_iii_upload: + firefly_iii_db: + +networks: + firefly: + webproxy: + external: + name: webproxy