Initial commit

Signed-off-by: Julien Riou <julien@riou.xyz>
2026-02-16 08:50:48 +01:00 · 2026-02-16 08:50:48 +01:00 · c4388611eb
commit c4388611eb
parent ad30a8307f
47 changed files with 1674 additions and 2 deletions
--- a/roles/firefly/README.md
+++ b/roles/firefly/README.md
@ -0,0 +1,39 @@
+# Ansible Role Firefly
+
+Ansible role to manage a [Firefly III](https://firefly-iii.org/) instance.
+
+## Configuration
+
+See [Variable
+precedence](https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#ansible-variable-precedence)
+to find where you should put your own variables.
+
+Then define at least `firefly_static_cron_token`, `firefly_db_password` and
+`firefly_app_key` variables with a strong and secure password, encrypted using
+[ansible-vault](https://docs.ansible.com/ansible/latest/cli/ansible-vault.html).
+
+See list of [default variables](defaults/main.yml).
+
+
+## Usage
+
+Example of a basic firefly.yml playbook:
+
+```yaml
+hosts:
+  - firefly
+
+roles:
+  - firefly
+```
+
+Then run the playbook:
+
+```
+ansible-playbook firefly.yml
+```
+
+## Donate
+
+As we all love FOSS projects, you should consider [sponsoring and/or
+contribute](https://github.com/firefly-iii/firefly-iii).
--- a/roles/firefly/defaults/main.yml
+++ b/roles/firefly/defaults/main.yml
@ -0,0 +1,14 @@
+---
+firefly_version: latest
+firefly_port: 8080
+firefly_static_cron_token: CHANGEME
+firefly_home: /var/lib/firefly
+firefly_site_owner: root@localhost
+firefly_app_key: CHANGEME
+firefly_language: en_US
+firefly_tz: Etc/UTC
+firefly_db_database: firefly
+firefly_db_username: firefly
+firefly_db_password: CHANGEME
+firefly_manage_iptables: false
+firefly_allowed_sources: []
--- a/roles/firefly/handlers/main.yml
+++ b/roles/firefly/handlers/main.yml
@ -0,0 +1,4 @@
+---
+- name: save iptables
+  ansible.builtin.shell:
+    cmd: netfilter-persistent save
--- a/roles/firefly/meta/main.yml
+++ b/roles/firefly/meta/main.yml
@ -0,0 +1,3 @@
+---
+dependencies:
+- role: geerlingguy.docker
--- a/roles/firefly/tasks/main.yml
+++ b/roles/firefly/tasks/main.yml
@ -0,0 +1,40 @@
+---
+- name: install dependencies
+  ansible.builtin.apt:
+    name:
+      - python3-docker
+      - python3-compose
+
+- name: create directories
+  ansible.builtin.file:
+    path: /etc/firefly
+    state: directory
+
+- name: create configuration files
+  ansible.builtin.template:
+    src: "{{ item }}.j2"
+    dest: "/etc/firefly/{{ item }}"
+    mode: "0600"
+  loop:
+    - docker-compose.yml
+    - db.env
+    - app.env
+
+- name: start service
+  community.docker.docker_compose_v2:
+    project_src: /etc/firefly
+    files:
+      - docker-compose.yml
+
+- name: allow with iptables
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    source: "{{ item }}"
+    destination_ports:
+      - "{{ firefly_port }}"
+    jump: ACCEPT
+    comment: firefly
+  loop: "{{ firefly_allowed_sources }}"
+  notify: save iptables
+  when: firefly_manage_iptables
--- a/roles/firefly/templates/app.env.j2
+++ b/roles/firefly/templates/app.env.j2
@ -0,0 +1,132 @@
+APP_ENV=local
+APP_DEBUG=false
+
+SITE_OWNER={{ firefly_site_owner }}
+
+APP_KEY={{ firefly_app_key }}
+
+DEFAULT_LANGUAGE={{ firefly_language }}
+DEFAULT_LOCALE=equal
+
+TZ={{ firefly_tz }}
+
+TRUSTED_PROXIES=*
+
+LOG_CHANNEL=stack
+
+APP_LOG_LEVEL=notice
+
+AUDIT_LOG_LEVEL=emergency
+AUDIT_LOG_CHANNEL=
+PAPERTRAIL_HOST=
+PAPERTRAIL_PORT=
+
+# Database credentials. Make sure the database exists. I recommend a dedicated user for Firefly III
+# For other database types, please see the FAQ: https://docs.firefly-iii.org/firefly-iii/faq/self-hosted/#i-want-to-use-sqlite
+# If you use Docker or similar, you can set these variables from a file by appending them with _FILE
+# Use "pgsql" for PostgreSQL
+# Use "mysql" for MySQL and MariaDB.
+# Use "sqlite" for SQLite.
+DB_CONNECTION=pgsql
+DB_HOST=db
+DB_PORT=5432
+DB_DATABASE={{ firefly_db_database }}
+DB_USERNAME={{ firefly_db_username }}
+DB_PASSWORD={{ firefly_db_password }}
+DB_SOCKET=
+
+PGSQL_SSL_MODE=prefer
+PGSQL_SCHEMA=public
+
+CACHE_DRIVER=file
+SESSION_DRIVER=file
+
+REDIS_SCHEME=tcp
+REDIS_PATH=
+REDIS_HOST=redis
+REDIS_PORT=6379
+REDIS_USERNAME=firefly
+REDIS_PASSWORD=
+REDIS_DB="0"
+REDIS_CACHE_DB="1"
+
+COOKIE_PATH="/"
+COOKIE_DOMAIN=
+COOKIE_SECURE=false
+COOKIE_SAMESITE=lax
+
+MAIL_MAILER=log
+MAIL_HOST=null
+MAIL_PORT=2525
+MAIL_FROM=changeme@example.com
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+MAIL_SENDMAIL_COMMAND=
+MAILGUN_DOMAIN=
+MAILGUN_SECRET=
+MAILGUN_ENDPOINT=api.mailgun.net
+MANDRILL_SECRET=
+SPARKPOST_SECRET=
+SEND_ERROR_MESSAGE=true
+SEND_REPORT_JOURNALS=true
+
+ENABLE_EXTERNAL_MAP=false
+ENABLE_EXTERNAL_RATES=false
+MAP_DEFAULT_LAT=51.983333
+MAP_DEFAULT_LONG=5.916667
+MAP_DEFAULT_ZOOM=6
+
+VALID_URL_PROTOCOLS=
+
+AUTHENTICATION_GUARD=web
+AUTHENTICATION_GUARD_HEADER=REMOTE_USER
+AUTHENTICATION_GUARD_EMAIL=
+
+PASSPORT_PRIVATE_KEY=
+PASSPORT_PUBLIC_KEY=
+
+CUSTOM_LOGOUT_URL=
+
+DISABLE_FRAME_HEADER=false
+DISABLE_CSP_HEADER=false
+TRACKER_SITE_ID=
+TRACKER_URL=
+
+ALLOW_WEBHOOKS=false
+
+STATIC_CRON_TOKEN={{ firefly_static_cron_token }}
+
+DKR_BUILD_LOCALE=false
+DKR_CHECK_SQLITE=true
+DKR_RUN_MIGRATION=true
+DKR_RUN_UPGRADE=true
+DKR_RUN_VERIFY=true
+DKR_RUN_REPORT=true
+DKR_RUN_PASSPORT_INSTALL=true
+
+APP_NAME=FireflyIII
+BROADCAST_DRIVER=log
+QUEUE_DRIVER=sync
+CACHE_PREFIX=firefly
+PUSHER_KEY=
+IPINFO_TOKEN=
+PUSHER_SECRET=
+PUSHER_ID=
+DEMO_USERNAME=
+DEMO_PASSWORD=
+FIREFLY_III_LAYOUT=v1
+
+#
+# If you have trouble configuring your Firefly III installation, DON'T BOTHER setting this variable.
+# It won't work. It doesn't do ANYTHING. Don't believe the lies you read online. I'm not joking.
+# This configuration value WILL NOT HELP.
+#
+# Notable exception to this rule is Synology, which, according to some users, will use APP_URL to rewrite stuff.
+#
+# This variable is ONLY used in some of the emails Firefly III sends around. Nowhere else.
+# So when configuring anything WEB related this variable doesn't do anything. Nothing
+#
+# If you're stuck I understand you get desperate but look SOMEWHERE ELSE.
+#
+APP_URL=http://localhost
--- a/roles/firefly/templates/db.env.j2
+++ b/roles/firefly/templates/db.env.j2
@ -0,0 +1,5 @@
+POSTGRES_USER={{ firefly_db_username }}
+POSTGRES_PASSWORD={{ firefly_db_password }}
+POSTGRES_DB={{ firefly_db_database }}
+POSTGRES_INITDB_ARGS="--data-checksums"
+POSTGRES_HOST_AUTH_METHOD=scram-sha-256
--- a/roles/firefly/templates/docker-compose.yml.j2
+++ b/roles/firefly/templates/docker-compose.yml.j2
@ -0,0 +1,40 @@
+---
+{{ ansible_managed | comment }}
+services:
+  app:
+    image: fireflyiii/core:{{ firefly_version }}
+    hostname: app
+    container_name: firefly_iii_core
+    restart: always
+    volumes:
+      - {{ firefly_home }}/app/upload:/var/www/html/storage/upload
+    env_file: /etc/firefly/app.env
+    networks:
+      - firefly_iii
+    ports:
+      - {{ firefly_port }}:8080
+    depends_on:
+      - db
+  db:
+    image: postgres:17
+    hostname: db
+    container_name: firefly_iii_db
+    restart: always
+    env_file: /etc/firefly/db.env
+    networks:
+      - firefly_iii
+    volumes:
+      - {{ firefly_home }}/db/data:/var/lib/postgresql/data
+      - {{ firefly_home }}/db/backup:/var/lib/postgresql/backup
+
+  cron:
+    image: alpine
+    restart: always
+    container_name: firefly_iii_cron
+    command: sh -c "echo \"0 3 * * * wget -qO- http://app:8080/api/v1/cron/{{ firefly_static_cron_token }}\" | crontab - && crond -f -L /dev/stdout"
+    networks:
+      - firefly_iii
+
+networks:
+  firefly_iii:
+    driver: bridge