62 lines
1.5 KiB
Nix
Executable file
62 lines
1.5 KiB
Nix
Executable file
{
|
|
fqdn ? null,
|
|
proxy ? true,
|
|
}:
|
|
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
inherit (lib) mkIf;
|
|
|
|
finalFqdn = if fqdn != null then fqdn else config.networking.fqdn;
|
|
in
|
|
{
|
|
users.users.actual = {
|
|
isSystemUser = true;
|
|
group = "actual";
|
|
};
|
|
|
|
users.groups.actual = { };
|
|
|
|
services = {
|
|
actual = {
|
|
enable = true;
|
|
user = config.users.users.actual.name;
|
|
group = config.users.users.actual.group;
|
|
settings = {
|
|
port = 31000;
|
|
hostname = "127.0.0.1";
|
|
serverFiles = "/var/lib/actual/server-files";
|
|
userFiles = "/var/lib/actual/user-files";
|
|
};
|
|
};
|
|
|
|
actual-budget-api = {
|
|
enable = true;
|
|
listenPort = 31001;
|
|
listenHost = "127.0.0.1";
|
|
serverURL = "https://${finalFqdn}";
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."${finalFqdn}" = mkIf proxy {
|
|
forceSSL = true;
|
|
|
|
locations."/api/".proxyPass =
|
|
"http://127.0.0.1:${toString config.services.actual-budget-api.listenPort}/";
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString config.services.actual.settings.port}";
|
|
extraConfig = ''
|
|
proxy_hide_header Cross-Origin-Embedder-Policy;
|
|
proxy_hide_header Cross-Origin-Opener-Policy;
|
|
add_header Cross-Origin-Embedder-Policy "require-corp" always;
|
|
add_header Cross-Origin-Opener-Policy "same-origin" always;
|
|
add_header Origin-Agent-Cluster "?1" always;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header Host $host;
|
|
'';
|
|
};
|
|
};
|
|
}
|