From 4f6e691e1c21d221c67e0edfddb2c73850b692dd Mon Sep 17 00:00:00 2001 From: Martin Fischer Date: Wed, 14 Jan 2026 18:03:06 +0100 Subject: feat(ev): add Actual Budget --- nixos/hosts/ev/default.nix | 9 +++++++++ nixos/hosts/ev/ports.nix | 2 ++ nixos/profiles/workstation/firefox.nix | 4 ++++ 3 files changed, 15 insertions(+) (limited to 'nixos') diff --git a/nixos/hosts/ev/default.nix b/nixos/hosts/ev/default.nix index fc7d425..0b8b2f3 100644 --- a/nixos/hosts/ev/default.nix +++ b/nixos/hosts/ev/default.nix @@ -126,6 +126,15 @@ in virtualHosts."ev.tailnet" = helpers.serviceIndexHost "ev.tailnet" ports.webUis; }; + # Actual Budget requires a "secure context" but I'm accessing it via http:// and Tailscale. + # To make it work I'm allowlisting the host in my browser settings. + services.actual = { + enable = true; + settings = { + port = ports.actual; + }; + }; + home-automation = { zigbee2mqttPort = ports.zigbee2mqtt; zigbeeSerialPort = "/dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_e2fed465c59ded11962fd7a5a7669f5d-if00-port0"; diff --git a/nixos/hosts/ev/ports.nix b/nixos/hosts/ev/ports.nix index b68a046..0f1f5b6 100644 --- a/nixos/hosts/ev/ports.nix +++ b/nixos/hosts/ev/ports.nix @@ -4,6 +4,7 @@ rec { hosehawk = 4000; miniflux = 4001; navidrome = 4002; + actual = 4003; prometheus = 9090; prometheusNodeExporter = 9002; prometheusSqlExporter = 9003; @@ -13,6 +14,7 @@ rec { webUis = { inherit + actual grafanaAlloy hosehawk miniflux diff --git a/nixos/profiles/workstation/firefox.nix b/nixos/profiles/workstation/firefox.nix index ce77960..facfc3d 100644 --- a/nixos/profiles/workstation/firefox.nix +++ b/nixos/profiles/workstation/firefox.nix @@ -20,6 +20,10 @@ "browser.tabs.insertAfterCurrent" = true; "browser.translations.automaticallyPopup" = false; "browser.uidensity" = 1; + # For Actual Budget which requires a secure context. This domain points to ev's tailscale IP. + # Using a separate domain rather than ev.tailnet because this preference doesn't support ports (https://connect.mozilla.org/t5/ideas/-/idi-p/116011) + # and the https upgrading breaks other web apps. + "dom.securecontext.allowlist" = "ev.push-f.com"; "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; # can be changed via UI despite this about:config setting being locked "identity.fxaccounts.enabled" = false; "sidebar.revamp" = false; # with the revamped sidebar Ctrl+B opens but not closes the sidebar which is annoying -- cgit v1.3.1