From d12f4b5327fcb50f82f1ddce5db89941bfd78a8e Mon Sep 17 00:00:00 2001 From: Leyla Becker Date: Thu, 21 Aug 2025 22:02:10 -0500 Subject: [PATCH] installed actual on defiant --- .../nixos/defiant/configuration.nix | 5 ++ modules/nixos-modules/server/actual.nix | 54 +++++++++++++++++++ modules/nixos-modules/server/default.nix | 1 + modules/nixos-modules/users.nix | 15 ++++++ 4 files changed, 75 insertions(+) create mode 100644 modules/nixos-modules/server/actual.nix diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 8b49e4b..9ef4c82 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -284,6 +284,11 @@ subdomain = "search"; }; + actual = { + enable = true; + subdomain = "budget"; + }; + home-assistant = { enable = true; subdomain = "home"; diff --git a/modules/nixos-modules/server/actual.nix b/modules/nixos-modules/server/actual.nix new file mode 100644 index 0000000..7fc0b93 --- /dev/null +++ b/modules/nixos-modules/server/actual.nix @@ -0,0 +1,54 @@ +{ + lib, + config, + ... +}: let + dataDirectory = "/var/lib/actual/"; +in { + options.services.actual = { + subdomain = lib.mkOption { + type = lib.types.str; + default = "actual"; + description = "subdomain of base domain that actual will be hosted at"; + }; + }; + + config = lib.mkIf config.services.actual.enable (lib.mkMerge [ + { + systemd.tmpfiles.rules = [ + "d ${dataDirectory} 2770 actual actual" + ]; + host = { + reverse_proxy.subdomains.${config.services.actual.subdomain} = { + target = "http://localhost:${toString config.services.actual.settings.port}"; + }; + }; + + services.actual = { + settings = { + ACTUAL_DATA_DIR = dataDirectory; + }; + }; + } + (lib.mkIf config.services.fail2ban.enable { + # TODO: configuration for fail2ban for actual + }) + (lib.mkIf config.host.impermanence.enable { + assertions = [ + { + assertion = config.services.actual.settings.ACTUAL_DATA_DIR == dataDirectory; + message = "actual data location does not match persistence"; + } + ]; + environment.persistence."/persist/system/root" = { + directories = [ + { + directory = dataDirectory; + user = "actual"; + group = "actual"; + } + ]; + }; + }) + ]); +} diff --git a/modules/nixos-modules/server/default.nix b/modules/nixos-modules/server/default.nix index 95c7096..4ca50e2 100644 --- a/modules/nixos-modules/server/default.nix +++ b/modules/nixos-modules/server/default.nix @@ -13,5 +13,6 @@ ./immich.nix ./qbittorent.nix ./paperless.nix + ./actual.nix ]; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index eeddafd..7fd43da 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -24,6 +24,7 @@ immich = 2010; qbittorrent = 2011; paperless = 2012; + actual = 2013; }; gids = { @@ -40,6 +41,7 @@ immich = 2010; qbittorrent = 2011; paperless = 2012; + actual = 2013; }; users = config.users.users; @@ -169,6 +171,12 @@ in { isSystemUser = true; group = config.users.users.paperless.name; }; + + actual = { + uid = lib.mkForce uids.actual; + isSystemUser = true; + group = config.users.users.actual.name; + }; }; groups = { @@ -272,6 +280,13 @@ in { users.paperless.name ]; }; + + actual = { + gid = lib.mkForce gids.actual; + members = [ + users.actual.name + ]; + }; }; }; }