From 41cf24637a35d2c038aa2119b18f228f758850c6 Mon Sep 17 00:00:00 2001 From: TheWanderingCrow Date: Sat, 27 Sep 2025 17:28:28 -0400 Subject: [PATCH] actualbudget http api --- modules/services/actualbudget/default.nix | 36 ++++++++++++++++++++--- 1 file changed, 32 insertions(+), 4 deletions(-) diff --git a/modules/services/actualbudget/default.nix b/modules/services/actualbudget/default.nix index 6394d40..96a6b06 100644 --- a/modules/services/actualbudget/default.nix +++ b/modules/services/actualbudget/default.nix @@ -1,5 +1,5 @@ { - lib, + inputs, config, ... }: let @@ -7,13 +7,32 @@ in { systemd.tmpfiles.rules = [ "d ${volumePath}/actualbudget" + "d ${volumePath}/actualbudget-api" ]; + sops = { + secrets = { + "actualbudget/pass" = {}; + "actualbudget/key" = {}; + }; + templates."actualbudget-api-env".content = '' + ACTUAL_SERVER_PASSWORD="${config.sops.placeholder."actualbudget/pass"}" + API_KEY="${config.sops.placeholder."actualbudget/key"}" + ''; + }; + services.caddy = { enable = true; - virtualHosts."budget.wanderingcrow.net".extraConfig = '' - reverse_proxy http://10.88.0.12 - ''; + virtualHosts = { + "budget.wanderingcrow.net".extraConfig = '' + reverse_proxy http://10.88.0.12 + ''; + "docs.budget.wanderingcrow.net".extraConfig = '' + @block not remote_ip ${inputs.nix-secrets.network.primary.publicIP} private_ranges + abort @block + reverse_proxy http://10.88.0.13:5007 + ''; + }; }; virtualisation.oci-containers = { backend = "podman"; @@ -26,6 +45,15 @@ in { ACTUAL_PORT = "80"; }; }; + "actualbudget-api" = { + image = "jhonderson/actual-http-api:latest"; + volumes = ["${volumePath}/actualbudget-api:/data"]; + extraOptions = ["--ip=10.88.0.13"]; + environment = { + ACTUAL_SERVER_URL = "http://10.88.0.12"; + }; + environmentFiles = [config.sops.templates."actualbudget-api-env".path]; + }; }; }; }