mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
1af719c1e21f1e5b8019885fb5e966a4a3af09f8
nix-config/hosts/nas/apps/actual/default.nix
mjallen18 1af719c1e2 containerize actual
2025-04-24 13:46:03 -05:00

84 lines
2.2 KiB
Nix
Raw Blame History

{ ... }:
let
actualPort = 3333;
hostDataDir = "/media/nas/ssd/nix-app-data/jellyseerr";
dataDir = "/var/lib/private/actual-data";
stateDir = "/var/lib/private/actual";
hostAddress = "10.0.1.18";
localAddress = "10.0.3.18";
in
{
containers.actual = {
autoStart = true;
privateNetwork = true;
hostAddress = hostAddress;
localAddress = localAddress;
bindMounts = {
${dataDir} = {
hostPath = hostDataDir;
isReadOnly = false;
};
${stateDir} = {
hostPath = stateDir;
isReadOnly = false;
};
};
config = { lib, ... }:
{
services.actual = {
enable = true;
openFirewall = true;
settings = {
trustedProxies = [ hostAddress ];
port = actualPort;
config = {
dataDir = dataDir;
openId = {
issuer = "https://authentik.mjallen.dev/application/o/actual-budget/";
client_id = "1PGCrRdndq7SoOSLuNMnXFmHpgd1NKRMOa5LSia2";
client_secret = "1PGCrRdndq7SoOSLuNMnXFmHpgd1NKRMOa5LSia2";
server_hostname = "https://actual.mjallen.dev";
authMethod = "openid";
};
};
};
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [ actualPort ];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
# Create and set permissions for required directories
# system.activationScripts.actual-dirs = ''
# mkdir -p /var/lib/private/actual-data
# chown -R nobody:nogroup /var/lib/private/actual-data
# chmod -R 775 /var/lib/private/actual-data
# ln -sf /var/lib/private/actual /var/lib/actual-data
# '';
services.resolved.enable = true;
system.stateVersion = "23.11";
};
};
networking.nat = {
forwardPorts = [
{
destination = "${localAddress}:${toString actualPort}";
sourcePort = actualPort;
}
];
};
}
Reference in New Issue View Git Blame Copy Permalink