From 8b04d9039ec1cc7782c8adfb11d15121e550bbfd Mon Sep 17 00:00:00 2001
From: Katherina Walshe-Grey <git@qenya.tel>
Date: Thu, 26 Sep 2024 12:16:33 +0100
Subject: [PATCH] orm: serve actual

---
 flake.lock            | 46 ++++++++++++++++++++++++++++++++++++++-----
 flake.nix             |  4 +++-
 hosts/orm/default.nix | 10 ++++++++++
 services/actual.nix   | 31 +++++++++++++++++++++++++++++
 services/default.nix  |  1 +
 5 files changed, 86 insertions(+), 6 deletions(-)
 create mode 100644 services/actual.nix

diff --git a/flake.lock b/flake.lock
index e65e4f4..859793f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,24 @@
 {
   "nodes": {
+    "actual": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1725392458,
+        "narHash": "sha256-sp1Ps5XBrIwDE0e2QOm2dJRRJ12aEWtJBhzohFwn+K4=",
+        "ref": "main",
+        "rev": "4cc6a8289f809ec4470eb01429aa6ed548349a56",
+        "revCount": 14,
+        "type": "git",
+        "url": "https://git.xeno.science/xenofem/actual-nix"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "https://git.xeno.science/xenofem/actual-nix"
+      }
+    },
     "agenix": {
       "inputs": {
         "darwin": [],
@@ -137,16 +156,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1726969270,
-        "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=",
+        "lastModified": 1725103162,
+        "narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075",
+        "rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-24.05",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -167,6 +186,22 @@
         "type": "github"
       }
     },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1726969270,
+        "narHash": "sha256-8fnFlXBgM/uSvBlLWjZ0Z0sOdRBesyNdH0+esxqizGc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "23cbb250f3bf4f516a2d0bf03c51a30900848075",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-24.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nur": {
       "locked": {
         "lastModified": 1727141325,
@@ -223,11 +258,12 @@
     },
     "root": {
       "inputs": {
+        "actual": "actual",
         "agenix": "agenix",
         "birdsong": "birdsong",
         "colmena": "colmena",
         "home-manager": "home-manager_2",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_2",
         "nixpkgsSmall": "nixpkgsSmall",
         "nur": "nur",
         "plasma-manager": "plasma-manager",
diff --git a/flake.nix b/flake.nix
index 61126be..fa2a9d7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -33,10 +33,11 @@
       flake = false;
     };
 
+    actual.url = "git+https://git.xeno.science/xenofem/actual-nix?ref=main";
     birdsong.url = "git+https://git.qenya.tel/qenya/birdsong?ref=main";
   };
 
-  outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, randomcat, birdsong, ... }: {
+  outputs = inputs@{ self, nixpkgs, nixpkgsSmall, home-manager, plasma-manager, nur, agenix, colmena, randomcat, actual, birdsong, ... }: {
     nixosConfigurations = (colmena.lib.makeHive self.outputs.colmena).nodes;
 
     # The name of this output type is not standardised. I have picked
@@ -82,6 +83,7 @@
           { nixpkgs.overlays = [ nur.overlay ]; }
           agenix.nixosModules.default
           birdsong.nixosModules.default
+          actual.nixosModules.default
           ./common
           ./services
           (builtins.toPath "${randomcat}/services/default.nix")
diff --git a/hosts/orm/default.nix b/hosts/orm/default.nix
index c76bd6b..e70bf1c 100644
--- a/hosts/orm/default.nix
+++ b/hosts/orm/default.nix
@@ -21,5 +21,15 @@
     privateKeyFile = config.age.secrets.wireguard-peer-orm.path;
   };
 
+  randomcat.services.zfs.datasets = {
+    "rpool_orm/state" = { mountpoint = "none"; };
+    "rpool_orm/state/actual" = { mountpoint = "/var/lib/actual"; };
+  };
+
+  qenya.services.actual = {
+    enable = true;
+    domain = "actual.qenya.tel";
+  };
+
   system.stateVersion = "23.11";
 }
diff --git a/services/actual.nix b/services/actual.nix
new file mode 100644
index 0000000..c78e2ff
--- /dev/null
+++ b/services/actual.nix
@@ -0,0 +1,31 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.qenya.services.actual;
+in
+{
+  options.qenya.services.actual = {
+    enable = mkEnableOption "Actual";
+    domain = mkOption {
+      type = types.str;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      virtualHosts = {
+        ${cfg.domain} = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/".proxyPass = "http://127.0.0.1:5006/";
+        };
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+    services.actual.enable = true;
+  };
+}
diff --git a/services/default.nix b/services/default.nix
index fddd93c..e31416b 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
+    ./actual.nix
     ./forgejo.nix
     ./pipewire-low-latency.nix
   ];