Add as flake input to use the module:

  inputs.firefly.url = "github:timhae/firefly";
  inputs.firefly.inputs.nixpkgs.follows = "nixos";
  inputs.nixos.url = "github:NixOS/nixpkgs/nixos-22.11";
  outputs = { self, nixos, firefly }: {
    nixosConfigurations.myMachine = nixos.lib.nixosSystem {
      system = "x86_64-linux";
      modules = [
          nixpkgs.overlays = [

Set up:

services.firefly-iii = {
  enable = true;
  appURL = "https://example.com";
  appKeyFile = "/etc/firefly-iii/appkey";
  hostname = "firefly.example.com";
  nginx = {
    serverAliases = [ "firefly.example.com" ];
    forceSSL = true;
    enableACME = true;
  group = "nginx";
  database.createLocally = true;

At the moment, group = "nginx" has to be set for the php-fpm-pool being able to access nginx. modules/firefly-iii.nix defines all available settings.

RECOMMENDED: add the appkey with agenix like so:

age.secrets.fireflyAppkey = {
  file = ../secrets/fireflyAppkey.age;
  mode = "770";
  owner = "firefly-iii";
  group = "nginx";
appKeyFile = config.age.secrets.fireflyAppkey.path;

The appkey is a file containing the Laravel APP_KEY - a 32 character long key used for encryption where needed. Can be generated with head /dev/urandom | LC_ALL=C tr -dc 'A-Za-z0-9' | head -c 32 && echo

There is also a cachix cache:

nix.settings = {
  substituters = [ "https://timhae-firefly.cachix.org" ];
  trusted-public-keys = [ "timhae-firefly.cachix.org-1:TMexYUvP5SKkeKG11WDbYUVLh/4dqvCqSE/c028sqis=" ];

Update the Lavarel dependencies with nix develop -c ./update.sh