actual

2025-04-21 11:01:20 -05:00
parent 3f1945973a
commit 2c06a3b95e
8 changed files with 127 additions and 12 deletions
--- a/hosts/nas/apps.nix
+++ b/hosts/nas/apps.nix
@@ -1,11 +1,13 @@
 { ... }:
 {
  imports = [
+    ./apps/actual
    ./apps/arrs
 #    ./apps/crowdsec
    ./apps/gitea
    ./apps/jellyfin
    ./apps/jellyseerr
+    # ./apps/maybe
    ./apps/netbootxyz
    ./apps/nextcloud
    ./apps/ollama
--- a/hosts/nas/apps/actual/default.nix
+++ b/hosts/nas/apps/actual/default.nix
@@ -0,0 +1,21 @@
+{ ... }:
+{
+  services.actual = {
+    enable = true;
+    openFirewall = true;
+    settings = {
+      trustedProxies = [ "10.0.1.18" ];
+      port = 3333;
+      config = {
+        dataDir = "/media/nas/ssd/nix-app-data/actual";
+        openId = {
+          issuer = "https://authentik.mjallen.dev/application/o/actual-budget/";
+          client_id = "1PGCrRdndq7SoOSLuNMnXFmHpgd1NKRMOa5LSia2";
+          client_secret = "1PGCrRdndq7SoOSLuNMnXFmHpgd1NKRMOa5LSia2";
+          server_hostname = "https://actual.mjallen.dev";
+          authMethod = "openid";
+        };
+      };
+    };
+  };
+}
--- a/hosts/nas/apps/maybe/default.nix
+++ b/hosts/nas/apps/maybe/default.nix
@@ -0,0 +1,46 @@
+{ config, ... }:
+{
+  virtualisation.oci-containers.containers.maybe-web = {
+    autoStart = true;
+    image = "ghcr.io/maybe-finance/maybe";
+    ports = [ "3300:3000" ];
+    volumes = [ "/media/nas/ssd/nix-app-data/maybe-finance:/rails/storage" ];
+    environment = {
+      PUID = toString config.users.users.nix-apps.uid;
+      PGID = toString config.users.groups.jallen-nas.gid;
+      TZ = "America/Chicago";
+      SECRET_KEY_BASE = "37d9b98e93c03acb9c14020165666efa6ac3013be88b421aa49fbe5d3f3e4303daf5e883ef847b73c4bbaa90b02773d7319ee2844cce9ed13a286039c8d38226";
+      PESTGRES_PASSWORD = "BogieDudie1";
+      SELF_HOSTED = "true";
+      RAILS_FORCE_SSL = "false";
+      RAILS_ASSUME_SSL = "false";
+      DB_HOST = "10.0.1.18";
+      DB_PORT = "5432";
+      REDIS_URL = "redis://10.0.1.18:6381/1";
+      POSTGRES_USER = "maybe_finance";
+      POSTGRES_PASSWORD = "BogieDudie1";
+      POSTGRES_DB = "maybe_finance";
+    };
+  };
+  
+  virtualisation.oci-containers.containers.maybe-worker = {
+    image = "ghcr.io/maybe-finance/maybe";
+    environment = {
+      PUID = toString config.users.users.nix-apps.uid;
+      PGID = toString config.users.groups.jallen-nas.gid;
+      TZ = "America/Chicago";
+      SECRET_KEY_BASE = "37d9b98e93c03acb9c14020165666efa6ac3013be88b421aa49fbe5d3f3e4303daf5e883ef847b73c4bbaa90b02773d7319ee2844cce9ed13a286039c8d38226";
+      PESTGRES_PASSWORD = "BogieDudie1";
+      SELF_HOSTED = "true";
+      RAILS_FORCE_SSL = "false";
+      RAILS_ASSUME_SSL = "false";
+      DB_HOST = "10.0.1.18";
+      DB_PORT = "5432";
+      REDIS_URL = "redis://10.0.1.18:6381/1";
+      POSTGRES_USER = "maybe_finance";
+      POSTGRES_PASSWORD = "BogieDudie1";
+      POSTGRES_DB = "maybe_finance";
+    };
+    cmd = [ "bundle" "exec" "sidekiq" ];
+  };
+}
--- a/hosts/nas/apps/traefik/default.nix
+++ b/hosts/nas/apps/traefik/default.nix
@@ -13,6 +13,7 @@ let
  paperlessUrl = "http://10.0.1.20:28981";
  cacheUrl = "http://10.0.1.18:5000";
  giteaUrl = "http://10.0.1.18:3000";
+  actualUrl = "http://10.0.1.18:3333";
 in
 {
  networking.firewall = {
@@ -183,6 +184,11 @@ in
              url = giteaUrl;
            }
          ];
+          actual.loadBalancer.servers = [
+            {
+              url = actualUrl;
+            }
+          ];
        };

        routers = {
@@ -230,6 +236,12 @@ in
            service = "gitea";
            tls.certResolver = "letsencrypt";
          };
+          actual = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`actual.${domain}`)";
+            service = "actual";
+            tls.certResolver = "letsencrypt";
+          };
          hass = {
            entryPoints = [ "websecure" ];
            rule = "Host(`hass.${domain}`)";
--- a/hosts/nas/networking.nix
+++ b/hosts/nas/networking.nix
@@ -16,6 +16,7 @@ let
    4000 # netbootxyz
    4080 # netbootxyz
    3000 # gitea
+    3300
  ];
 in
 {
--- a/hosts/nas/services.nix
+++ b/hosts/nas/services.nix
@@ -183,12 +183,16 @@ in
      enable = true;
      package = pkgs.postgresql_16;
      dataDir = "/media/nas/ssd/nix-app-data/postgresql";
-      ensureDatabases = [ "authentik" ];
+      ensureDatabases = [ "authentik" "maybe_finance" ];
      ensureUsers = [
        {
          name = "authentik";
          ensureDBOwnership = true;
        }
+        {
+          name = "maybe_finance";
+          ensureDBOwnership = true;
+        }
      ];
    };

@@ -204,6 +208,11 @@ in
          port = 6380;
          # user = "911";#"${config.users.users.nix-apps.name}:${config.users.groups.jallen-nas.name}";
        };
+
+        maybe = {
+          enable = true;
+          port = 6381;
+        };
      };
    };

@@ -211,7 +220,8 @@ in
      enable = true;
      dataDir = "/media/nas/main/backup/restic";
      prometheus = true;
-      listenAddress = "8008";
+      listenAddress = "0.0.0.0:8008";
+      htpasswd-file = "/media/nas/main/backup/restic/.htpasswd";
    };
  };