From 6d8fb63d549e7cff72311cb8973e745c0ed3a749 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Thu, 26 Dec 2024 21:49:24 +0000
Subject: [PATCH] setup actualbudget service

---
 flake.nix                               |  1 +
 hosts/flame/default.nix                 |  1 +
 modules/common/default.nix              |  4 ++
 modules/nixos/services/actualbudget.nix | 68 +++++++++++++++++++++++++
 modules/nixos/services/backups.nix      |  4 +-
 modules/nixos/services/default.nix      |  1 +
 6 files changed, 77 insertions(+), 2 deletions(-)
 create mode 100644 modules/nixos/services/actualbudget.nix

diff --git a/flake.nix b/flake.nix
index feae0be..144a900 100644
--- a/flake.nix
+++ b/flake.nix
@@ -249,6 +249,7 @@
           dotfilesRepo = "https://github.com/nmasur/dotfiles";
           hostnames = {
             audiobooks = "read.${baseName}";
+            budget = "money.${baseName}";
             files = "files.${baseName}";
             git = "git.${baseName}";
             influxdb = "influxdb.${baseName}";
diff --git a/hosts/flame/default.nix b/hosts/flame/default.nix
index 53ed230..8f68d77 100644
--- a/hosts/flame/default.nix
+++ b/hosts/flame/default.nix
@@ -71,6 +71,7 @@ inputs.nixpkgs.lib.nixosSystem rec {
       dotfiles.enable = true; # Clone dotfiles
       neovim.enable = true;
       giteaRunner.enable = true;
+      services.actualbudget.enable = true;
       services.caddy.enable = true;
       services.grafana.enable = true;
       services.thelounge.enable = true;
diff --git a/modules/common/default.nix b/modules/common/default.nix
index f165b67..6af1f50 100644
--- a/modules/common/default.nix
+++ b/modules/common/default.nix
@@ -86,6 +86,10 @@
         type = lib.types.str;
         description = "Hostname for audiobook server (Audiobookshelf).";
       };
+      budget = lib.mkOption {
+        type = lib.types.str;
+        description = "Hostname for budgeting server (ActualBudget).";
+      };
       files = lib.mkOption {
         type = lib.types.str;
         description = "Hostname for files server (Filebrowser).";
diff --git a/modules/nixos/services/actualbudget.nix b/modules/nixos/services/actualbudget.nix
new file mode 100644
index 0000000..9b4ac05
--- /dev/null
+++ b/modules/nixos/services/actualbudget.nix
@@ -0,0 +1,68 @@
+{ config, lib, ... }:
+{
+
+  options = {
+    services.actualbudget = {
+      enable = lib.mkEnableOption "ActualBudget budgeting service";
+      port = lib.mkOption {
+        type = lib.types.port;
+        description = "Port to use for the localhost";
+        default = 5006;
+      };
+    };
+  };
+
+  config = lib.mkIf config.services.actualbudget.enable {
+
+    virtualisation.podman.enable = lib.mkDefault true;
+
+    users.users.actualbudget = {
+      isSystemUser = true;
+      group = "shared";
+      uid = 980;
+    };
+
+    # Create budget directory, allowing others to manage it
+    systemd.tmpfiles.rules = [
+      "d /var/lib/actualbudget 0770 actualbudget shared"
+    ];
+
+    virtualisation.oci-containers.containers.actualbudget = {
+      workdir = null;
+      volumes = [ "/var/lib/actualbudget:/data" ];
+      user = "${toString (builtins.toString config.users.users.actualbudget.uid)}";
+      pull = "missing";
+      privileged = false;
+      ports = [ "127.0.0.1:${builtins.toString config.services.actualbudget.port}:5006" ];
+      networks = [ ];
+      log-driver = "journald";
+      labels = {
+        app = "actualbudget";
+      };
+      image = "ghcr.io/actualbudget/actual-server:latest";
+      hostname = null;
+      environmentFiles = [ ];
+      environment = { };
+      dependsOn = [ ];
+      autoStart = true;
+    };
+
+    # Allow web traffic to Caddy
+    caddy.routes = [
+      {
+        match = [ { host = [ config.hostnames.budget ]; } ];
+        handle = [
+          {
+            handler = "reverse_proxy";
+            upstreams = [ { dial = "localhost:${builtins.toString config.services.actualbudget.port}"; } ];
+          }
+        ];
+      }
+    ];
+
+    # Configure Cloudflare DNS to point to this machine
+    services.cloudflare-dyndns.domains = [ config.hostnames.budget ];
+
+  };
+
+}
diff --git a/modules/nixos/services/backups.nix b/modules/nixos/services/backups.nix
index da54f35..ac95659 100644
--- a/modules/nixos/services/backups.nix
+++ b/modules/nixos/services/backups.nix
@@ -84,10 +84,10 @@
       dest = "${config.secretsDirectory}/restic";
     };
 
-    services.restic.backups = {
+    services.restic.backups = lib.mkIf (config.backup.s3.glacierBucket != null) {
       default = {
         repository = "s3:s3.us-east-1.amazonaws.com/${config.backup.s3.glacierBucket}/restic";
-        paths = [ "/data/images" ];
+        paths = [ ];
         environmentFile = config.secrets.s3-glacier.dest;
         passwordFile = config.secrets.restic.dest;
         pruneOpts = [
diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix
index 141565e..0e1d2e9 100644
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@@ -5,6 +5,7 @@
 {
 
   imports = [
+    ./actualbudget.nix
     ./audiobookshelf.nix
     ./arr.nix
     ./backups.nix