mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
86fffbd512f98104b50a396241dca66fca892517
nix-config/modules/nixos/services/actual/default.nix
mjallen18 86fffbd512 upd
2026-04-13 13:25:52 -05:00

69 lines
2.1 KiB
Nix
Executable File
Raw Blame History

{
config,
pkgs,
lib,
namespace,
...
}:
with lib;
let
name = "actual";
cfg = config.${namespace}.services.${name};
actualConfig = lib.${namespace}.mkModule {
inherit config name;
description = "Actual Personal Finance Planner";
options = { };
moduleConfig = {
sops = {
secrets = {
"jallen-nas/actual/client-id" = {
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = "actual";
restartUnits = [ "actual.service" ];
};
"jallen-nas/actual/client-secret" = {
sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml";
owner = "actual";
restartUnits = [ "actual.service" ];
};
};
};
services.actual = {
inherit (cfg) openFirewall;
enable = true;
settings = {
inherit (cfg) port;
trustedProxies = [ config.${namespace}.network.ipv4.address ];
serverFiles = "${cfg.configDir}/${name}/server-files";
userFiles = "${cfg.configDir}/${name}/user-files";
dataDir = "${cfg.configDir}/${name}";
openId = {
discoveryURL = "https://authentik.mjallen.dev/application/o/actual/.well-known/openid-configuration";
client_id._secret = config.sops.secrets."jallen-nas/actual/client-id".path;
client_secret._secret = config.sops.secrets."jallen-nas/actual/client-secret".path;
server_hostname = "https://authentik.mjallen.dev";
authMethod = "openid";
};
};
};
systemd.services = lib.mkIf cfg.createUser {
actual = {
environment.ACTUAL_CONFIG_PATH = lib.mkForce "/run/actual/config.json";
serviceConfig = {
ExecStart = lib.mkForce "${lib.getExe pkgs.actual-server} --config /run/actual/config.json";
WorkingDirectory = lib.mkForce "${cfg.configDir}/${name}";
StateDirectoryMode = lib.mkForce 700;
DynamicUser = lib.mkForce false;
ProtectSystem = lib.mkForce "full";
};
};
};
};
};
in
{
imports = [ actualConfig ];
}
Reference in New Issue View Git Blame Copy Permalink