From ea2110d182b5cce2dbb9fbd78d013e7ee89f2b3b Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Wed, 28 May 2025 11:23:44 -0500 Subject: [PATCH] fix actual again --- hosts/nas/apps/actual/default.nix | 48 ++++++++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 4 deletions(-) diff --git a/hosts/nas/apps/actual/default.nix b/hosts/nas/apps/actual/default.nix index 07578b9..30bd662 100644 --- a/hosts/nas/apps/actual/default.nix +++ b/hosts/nas/apps/actual/default.nix @@ -1,10 +1,12 @@ -{ ... }: +{ config, pkgs, lib, ... }: let actualPort = 3333; hostDataDir = "/media/nas/ssd/nix-app-data/actual"; - dataDir = "/var/lib/actual"; + dataDir = "/data"; hostAddress = "10.0.1.18"; localAddress = "10.0.3.18"; + actualUserId = config.users.users.nix-apps.uid; + actualGroupId = config.users.groups.jallen-nas.gid; in { containers.actual = { @@ -28,8 +30,46 @@ in settings = { trustedProxies = [ hostAddress ]; port = actualPort; - config = { - dataDir = dataDir; + dataDir = dataDir; + serverFiles = "${dataDir}/server-files"; + userFiles = "${dataDir}/user-files"; + }; + }; + + users.users.actual = { + isSystemUser = true; + uid = lib.mkForce actualUserId; + group = "actual"; + }; + + users.groups = { + actual = { + gid = lib.mkForce actualGroupId; + }; + }; + + # System packages + environment.systemPackages = with pkgs; [ + sqlite + ]; + + # Create and set permissions for required directories + system.activationScripts.actual-dirs = '' + mkdir -p ${dataDir} + chown -R actual:actual ${dataDir} + chmod -R 0700 ${dataDir} + ''; + + systemd.services = { + actual = { + environment.ACTUAL_CONFIG_PATH = lib.mkForce "${dataDir}/config.json"; + serviceConfig = { + ExecStart = lib.mkForce "${pkgs.actual-server}/bin/actual-server --config ${dataDir}/config.json"; + WorkingDirectory = lib.mkForce dataDir; + StateDirectory = lib.mkForce dataDir; + StateDirectoryMode = lib.mkForce 0700; + DynamicUser = lib.mkForce false; + ProtectSystem = lib.mkForce null; }; }; };