nix-dotfiles/nixosModules/services/fava/service.nix

{ config, pkgs, lib, ... }:

{
  options.fava = {
    enable = lib.mkEnableOption "Enables fava double entry accounting";
    ledgerFiles = lib.mkOption { 
      default = ["/var/lib/fava/ledger.beancount"];
    };
    port = lib.mkOption { default = 5000; };
    host = lib.mkOption { default = "localhost"; };
    favaHome = lib.mkOption { default = "/var/lib/fava"; };
  };

  config = lib.mkIf config.fava.enable {
    systemd.services.fava = {
      description = "Fava";
      after = [ "network-online.target" ];
      wants = [ "network-online.target" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        ExecStart = with config.fava; let
          command = lib.concatStringsSep " " ([
            "${pkgs.fava}/bin/fava"
            "--port ${builtins.toString port}"
            "--host ${host}"
          ] ++ ["--"] ++ ledgerFiles);
        in command;
        Type = "simple";
        User = "fava";
        Group = "fava";
        Restart = "on-failure";
        RestartSec = "5s";
        NoNewPrivileges = true;
        PrivateTmp = true;
        PrivateDevices = true;
        ProtectHome = true;
        ProtectSystem = "full";
        ReadWriteDirectories = config.fava.favaHome;
      };
    };

    networking.firewall.allowedTCPPorts = [ config.fava.port ];

    users.users.fava = {
      home = config.fava.favaHome;
      createHome = true;
      isSystemUser = true;
      group = "fava";
    };
    users.groups.fava = {};

    system.extraPkgs = [
      pkgs.beancount
    ];
  };
}
Fava, setup service; enable for Juri 2025-08-26 08:55:51 -07:00			`{ config, pkgs, lib, ... }:`

			`{`
			`options.fava = {`
			`enable = lib.mkEnableOption "Enables fava double entry accounting";`
Fava, change ledgers to list 2025-09-15 11:29:52 -07:00			`ledgerFiles = lib.mkOption {`
			`default = ["/var/lib/fava/ledger.beancount"];`
			`};`
Fava, change port to number; open port 2025-09-16 17:35:34 -07:00			`port = lib.mkOption { default = 5000; };`
Fava, setup service; enable for Juri 2025-08-26 08:55:51 -07:00			`host = lib.mkOption { default = "localhost"; };`
Fava, change ledgers to list 2025-09-15 11:29:52 -07:00			`favaHome = lib.mkOption { default = "/var/lib/fava"; };`
Fava, setup service; enable for Juri 2025-08-26 08:55:51 -07:00			`};`

			`config = lib.mkIf config.fava.enable {`
			`systemd.services.fava = {`
			`description = "Fava";`
			`after = [ "network-online.target" ];`
			`wants = [ "network-online.target" ];`
			`wantedBy = [ "multi-user.target" ];`
			`serviceConfig = {`
Fava, change ledgers to list 2025-09-15 11:29:52 -07:00			`ExecStart = with config.fava; let`
			`command = lib.concatStringsSep " " ([`
			`"${pkgs.fava}/bin/fava"`
Fava, change port to number; open port 2025-09-16 17:35:34 -07:00			`"--port ${builtins.toString port}"`
Fava, change ledgers to list 2025-09-15 11:29:52 -07:00			`"--host ${host}"`
			`] ++ ["--"] ++ ledgerFiles);`
			`in command;`
Fava, setup service; enable for Juri 2025-08-26 08:55:51 -07:00			`Type = "simple";`
			`User = "fava";`
			`Group = "fava";`
			`Restart = "on-failure";`
			`RestartSec = "5s";`
			`NoNewPrivileges = true;`
			`PrivateTmp = true;`
			`PrivateDevices = true;`
			`ProtectHome = true;`
			`ProtectSystem = "full";`
Fava, change ledgers to list 2025-09-15 11:29:52 -07:00			`ReadWriteDirectories = config.fava.favaHome;`
Fava, setup service; enable for Juri 2025-08-26 08:55:51 -07:00			`};`
			`};`

Fava, change port to number; open port 2025-09-16 17:35:34 -07:00			`networking.firewall.allowedTCPPorts = [ config.fava.port ];`

Fava, setup service; enable for Juri 2025-08-26 08:55:51 -07:00			`users.users.fava = {`
Fava, change ledgers to list 2025-09-15 11:29:52 -07:00			`home = config.fava.favaHome;`
Fava, setup service; enable for Juri 2025-08-26 08:55:51 -07:00			`createHome = true;`
			`isSystemUser = true;`
			`group = "fava";`
			`};`
			`users.groups.fava = {};`

			`system.extraPkgs = [`
			`pkgs.beancount`
			`];`
			`};`
			`}`