aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMartin Fischer <martin@push-f.com>2026-01-14 18:03:06 +0100
committerMartin Fischer <martin@push-f.com>2026-01-15 19:16:44 +0100
commit4f6e691e1c21d221c67e0edfddb2c73850b692dd (patch)
treea8cff8df745e1b9bc7b6e99fbb238f59842f0123
parent27fe948f381fd4cdb3cb687e2eab87eefa0c82b4 (diff)
feat(ev): add Actual Budget
-rw-r--r--nixos/hosts/ev/default.nix9
-rw-r--r--nixos/hosts/ev/ports.nix2
-rw-r--r--nixos/profiles/workstation/firefox.nix4
3 files changed, 15 insertions, 0 deletions
diff --git a/nixos/hosts/ev/default.nix b/nixos/hosts/ev/default.nix
index fc7d425..0b8b2f3 100644
--- a/nixos/hosts/ev/default.nix
+++ b/nixos/hosts/ev/default.nix
@@ -126,6 +126,15 @@ in
virtualHosts."ev.tailnet" = helpers.serviceIndexHost "ev.tailnet" ports.webUis;
};
+ # Actual Budget requires a "secure context" but I'm accessing it via http:// and Tailscale.
+ # To make it work I'm allowlisting the host in my browser settings.
+ services.actual = {
+ enable = true;
+ settings = {
+ port = ports.actual;
+ };
+ };
+
home-automation = {
zigbee2mqttPort = ports.zigbee2mqtt;
zigbeeSerialPort = "/dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_e2fed465c59ded11962fd7a5a7669f5d-if00-port0";
diff --git a/nixos/hosts/ev/ports.nix b/nixos/hosts/ev/ports.nix
index b68a046..0f1f5b6 100644
--- a/nixos/hosts/ev/ports.nix
+++ b/nixos/hosts/ev/ports.nix
@@ -4,6 +4,7 @@ rec {
hosehawk = 4000;
miniflux = 4001;
navidrome = 4002;
+ actual = 4003;
prometheus = 9090;
prometheusNodeExporter = 9002;
prometheusSqlExporter = 9003;
@@ -13,6 +14,7 @@ rec {
webUis = {
inherit
+ actual
grafanaAlloy
hosehawk
miniflux
diff --git a/nixos/profiles/workstation/firefox.nix b/nixos/profiles/workstation/firefox.nix
index ce77960..facfc3d 100644
--- a/nixos/profiles/workstation/firefox.nix
+++ b/nixos/profiles/workstation/firefox.nix
@@ -20,6 +20,10 @@
"browser.tabs.insertAfterCurrent" = true;
"browser.translations.automaticallyPopup" = false;
"browser.uidensity" = 1;
+ # For Actual Budget which requires a secure context. This domain points to ev's tailscale IP.
+ # Using a separate domain rather than ev.tailnet because this preference doesn't support ports (https://connect.mozilla.org/t5/ideas/-/idi-p/116011)
+ # and the https upgrading breaks other web apps.
+ "dom.securecontext.allowlist" = "ev.push-f.com";
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; # can be changed via UI despite this about:config setting being locked
"identity.fxaccounts.enabled" = false;
"sidebar.revamp" = false; # with the revamped sidebar Ctrl+B opens but not closes the sidebar which is annoying