diff --git a/flake.lock b/flake.lock index cb34db1..63e2bde 100755 --- a/flake.lock +++ b/flake.lock @@ -678,7 +678,7 @@ "flake-utils": "flake-utils", "napalm": "napalm", "nixpkgs": [ - "nas-nixpkgs" + "nas-nixpkgs-stable" ], "poetry2nix": "poetry2nix", "systems": "systems" @@ -748,16 +748,15 @@ ] }, "locked": { - "lastModified": 1744117652, - "narHash": "sha256-t7dFCDl4vIOOUMhEZnJF15aAzkpaup9x4ZRGToDFYWI=", + "lastModified": 1745016969, + "narHash": "sha256-nDK8Z+LsNWrUsQ1JjnndNB57lvCmvy2QZUoCakoJCcI=", "owner": "nix-community", "repo": "home-manager", - "rev": "b4e98224ad1336751a2ac7493967a4c9f6d9cb3f", + "rev": "67f60ebce88a89939fb509f304ac554bcdc5bfa6", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-24.11", "repo": "home-manager", "type": "github" } @@ -821,11 +820,27 @@ }, "nas-nixpkgs": { "locked": { - "lastModified": 1744309437, - "narHash": "sha256-QZnNHM823am8apCqKSPdtnzPGTy2ZB4zIXOVoBp5+W0=", + "lastModified": 1744932701, + "narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f9ebe33a928b5d529c895202263a5ce46bdf12f7", + "rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nas-nixpkgs-stable": { + "locked": { + "lastModified": 1744440957, + "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "type": "github" }, "original": { @@ -1325,6 +1340,7 @@ "nas-lanzaboote": "nas-lanzaboote", "nas-nixos-hardware": "nas-nixos-hardware", "nas-nixpkgs": "nas-nixpkgs", + "nas-nixpkgs-stable": "nas-nixpkgs-stable", "nas-sops-nix": "nas-sops-nix", "nix-darwin": "nix-darwin", "nixpkgs-stable": "nixpkgs-stable_4", diff --git a/flake.nix b/flake.nix index dfa404e..098e807 100755 --- a/flake.nix +++ b/flake.nix @@ -58,13 +58,18 @@ # nixpgs nas-nixpkgs = { + # url = "github:NixOS/nixpkgs/nixos-24.11"; + url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + + nas-nixpkgs-stable = { url = "github:NixOS/nixpkgs/nixos-24.11"; }; # Authentik nas-authentik-nix = { url = "github:nix-community/authentik-nix"; - inputs.nixpkgs.follows = "nas-nixpkgs"; + inputs.nixpkgs.follows = "nas-nixpkgs-stable"; }; # cosmic launcher @@ -81,7 +86,8 @@ # Home Manager nas-home-manager = { - url = "github:nix-community/home-manager/release-24.11"; + # url = "github:nix-community/home-manager/release-24.11"; + url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nas-nixpkgs"; }; @@ -232,6 +238,7 @@ # NAS nas-nixpkgs, + nas-nixpkgs-stable, nas-authentik-nix, nas-cosmic, nas-crowdsec, diff --git a/hosts/nas/apps.nix b/hosts/nas/apps.nix index d8b4e2e..f3bb997 100755 --- a/hosts/nas/apps.nix +++ b/hosts/nas/apps.nix @@ -1,11 +1,13 @@ { ... }: { imports = [ + ./apps/actual ./apps/arrs # ./apps/crowdsec ./apps/gitea ./apps/jellyfin ./apps/jellyseerr + # ./apps/maybe ./apps/netbootxyz ./apps/nextcloud ./apps/ollama diff --git a/hosts/nas/apps/actual/default.nix b/hosts/nas/apps/actual/default.nix new file mode 100644 index 0000000..4a111ba --- /dev/null +++ b/hosts/nas/apps/actual/default.nix @@ -0,0 +1,21 @@ +{ ... }: +{ + services.actual = { + enable = true; + openFirewall = true; + settings = { + trustedProxies = [ "10.0.1.18" ]; + port = 3333; + config = { + dataDir = "/media/nas/ssd/nix-app-data/actual"; + openId = { + issuer = "https://authentik.mjallen.dev/application/o/actual-budget/"; + client_id = "1PGCrRdndq7SoOSLuNMnXFmHpgd1NKRMOa5LSia2"; + client_secret = "1PGCrRdndq7SoOSLuNMnXFmHpgd1NKRMOa5LSia2"; + server_hostname = "https://actual.mjallen.dev"; + authMethod = "openid"; + }; + }; + }; + }; +} \ No newline at end of file diff --git a/hosts/nas/apps/maybe/default.nix b/hosts/nas/apps/maybe/default.nix new file mode 100644 index 0000000..70f4229 --- /dev/null +++ b/hosts/nas/apps/maybe/default.nix @@ -0,0 +1,46 @@ +{ config, ... }: +{ + virtualisation.oci-containers.containers.maybe-web = { + autoStart = true; + image = "ghcr.io/maybe-finance/maybe"; + ports = [ "3300:3000" ]; + volumes = [ "/media/nas/ssd/nix-app-data/maybe-finance:/rails/storage" ]; + environment = { + PUID = toString config.users.users.nix-apps.uid; + PGID = toString config.users.groups.jallen-nas.gid; + TZ = "America/Chicago"; + SECRET_KEY_BASE = "37d9b98e93c03acb9c14020165666efa6ac3013be88b421aa49fbe5d3f3e4303daf5e883ef847b73c4bbaa90b02773d7319ee2844cce9ed13a286039c8d38226"; + PESTGRES_PASSWORD = "BogieDudie1"; + SELF_HOSTED = "true"; + RAILS_FORCE_SSL = "false"; + RAILS_ASSUME_SSL = "false"; + DB_HOST = "10.0.1.18"; + DB_PORT = "5432"; + REDIS_URL = "redis://10.0.1.18:6381/1"; + POSTGRES_USER = "maybe_finance"; + POSTGRES_PASSWORD = "BogieDudie1"; + POSTGRES_DB = "maybe_finance"; + }; + }; + + virtualisation.oci-containers.containers.maybe-worker = { + image = "ghcr.io/maybe-finance/maybe"; + environment = { + PUID = toString config.users.users.nix-apps.uid; + PGID = toString config.users.groups.jallen-nas.gid; + TZ = "America/Chicago"; + SECRET_KEY_BASE = "37d9b98e93c03acb9c14020165666efa6ac3013be88b421aa49fbe5d3f3e4303daf5e883ef847b73c4bbaa90b02773d7319ee2844cce9ed13a286039c8d38226"; + PESTGRES_PASSWORD = "BogieDudie1"; + SELF_HOSTED = "true"; + RAILS_FORCE_SSL = "false"; + RAILS_ASSUME_SSL = "false"; + DB_HOST = "10.0.1.18"; + DB_PORT = "5432"; + REDIS_URL = "redis://10.0.1.18:6381/1"; + POSTGRES_USER = "maybe_finance"; + POSTGRES_PASSWORD = "BogieDudie1"; + POSTGRES_DB = "maybe_finance"; + }; + cmd = [ "bundle" "exec" "sidekiq" ]; + }; +} \ No newline at end of file diff --git a/hosts/nas/apps/traefik/default.nix b/hosts/nas/apps/traefik/default.nix index da31cda..1cb77f0 100755 --- a/hosts/nas/apps/traefik/default.nix +++ b/hosts/nas/apps/traefik/default.nix @@ -13,6 +13,7 @@ let paperlessUrl = "http://10.0.1.20:28981"; cacheUrl = "http://10.0.1.18:5000"; giteaUrl = "http://10.0.1.18:3000"; + actualUrl = "http://10.0.1.18:3333"; in { networking.firewall = { @@ -183,6 +184,11 @@ in url = giteaUrl; } ]; + actual.loadBalancer.servers = [ + { + url = actualUrl; + } + ]; }; routers = { @@ -230,6 +236,12 @@ in service = "gitea"; tls.certResolver = "letsencrypt"; }; + actual = { + entryPoints = [ "websecure" ]; + rule = "Host(`actual.${domain}`)"; + service = "actual"; + tls.certResolver = "letsencrypt"; + }; hass = { entryPoints = [ "websecure" ]; rule = "Host(`hass.${domain}`)"; diff --git a/hosts/nas/networking.nix b/hosts/nas/networking.nix index cbd7227..b3c5efa 100755 --- a/hosts/nas/networking.nix +++ b/hosts/nas/networking.nix @@ -16,6 +16,7 @@ let 4000 # netbootxyz 4080 # netbootxyz 3000 # gitea + 3300 ]; in { diff --git a/hosts/nas/services.nix b/hosts/nas/services.nix index d274b54..5f84773 100755 --- a/hosts/nas/services.nix +++ b/hosts/nas/services.nix @@ -183,12 +183,16 @@ in enable = true; package = pkgs.postgresql_16; dataDir = "/media/nas/ssd/nix-app-data/postgresql"; - ensureDatabases = [ "authentik" ]; + ensureDatabases = [ "authentik" "maybe_finance" ]; ensureUsers = [ { name = "authentik"; ensureDBOwnership = true; } + { + name = "maybe_finance"; + ensureDBOwnership = true; + } ]; }; @@ -204,6 +208,11 @@ in port = 6380; # user = "911";#"${config.users.users.nix-apps.name}:${config.users.groups.jallen-nas.name}"; }; + + maybe = { + enable = true; + port = 6381; + }; }; }; @@ -211,7 +220,8 @@ in enable = true; dataDir = "/media/nas/main/backup/restic"; prometheus = true; - listenAddress = "8008"; + listenAddress = "0.0.0.0:8008"; + htpasswd-file = "/media/nas/main/backup/restic/.htpasswd"; }; };