✨ [pi4] Add reverse proxy for martials.no staging environment

🐛 [pi4] Fix Actual container not working
✨ [shared] Add Httpie-desktop
2025-07-10 18:47:08 +00:00 · 2025-07-10 18:47:08 +00:00 · 2025-07-03 21:50:48 +02:00 · 2025-06-23 19:18:40 +00:00 · 2025-06-23 18:17:08 +00:00 · 2025-06-23 18:07:09 +00:00
6 changed files with 59 additions and 8 deletions
--- a/hosts/pi4/actual.nix
+++ b/hosts/pi4/actual.nix
@ -0,0 +1,44 @@
 { config, common, ... }:
 let
  domain = "beta.budget.${common.domain}";
  port = 8084;
 in
 {
  networking.nat = {
    enable = true;
    internalInterfaces = [ "ve-*" ];
    externalInterface = "wlan0";
    # Lazy IPv6 connectivity for the container
    enableIPv6 = true;
  };
  containers.actual = {
    autoStart = true;
    privateNetwork = true;
    hostAddress = "192.168.10.188";
    localAddress = "192.168.10.11";
    config =
      { ... }:
      {
        networking.firewall.allowedTCPPorts = [ port ];
        services = {
          actual = {
            enable = true;
            settings = {
              inherit port;
              loginMethod = "password";
            };
          };
        };
        system.stateVersion = common.system.version;
      };
  };
  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://${config.containers.actual.localAddress}:${toString port}";
      proxyWebsockets = true;
    };
  };
 }
--- a/hosts/pi4/default.nix
+++ b/hosts/pi4/default.nix
@ -3,6 +3,7 @@
 {
  imports = with lib.custom; [
    (relativeToBase "modules")
    ./actual.nix
    ./boot.nix
    ./caddy.nix
    ./forgejo.nix
--- a/hosts/pi4/nginx.nix
+++ b/hosts/pi4/nginx.nix
@ -33,6 +33,7 @@ in
      # Beta is currently stable
      "www.${domain}" = redirect "";
      "beta.${domain}" = redirect "";
      "dev.${domain}" = homelabProxy 4322;
      "git.${domain}" = redirect "code";
      "kitchenowl.${domain}" = redirect "grocery";
      # Gitea
--- a/hosts/pi4/security/firewall.nix
+++ b/hosts/pi4/security/firewall.nix
@ -1,3 +1,5 @@
 { common, ... }:
 {
  networking = {
    firewall = {
@ -6,13 +8,8 @@
        80
        443
      ];
-      trustedInterfaces = [ "tailscale0" ];
+      extraInputRules = ''
-      extraInputRules =
+        ip saddr ${common.localIpRange} accept
        let
          localIPv4Range = "192.168.10.0/24";
        in
        ''
          ip saddr ${localIPv4Range} accept
      '';
    };
    nftables.enable = true;
--- a/shared/common.nix
+++ b/shared/common.nix
@ -16,6 +16,7 @@ rec {
  domain = "martials.no";
  tailnetDomain = "dns.${domain}";
  localIpPrefix = "192.168.10.";
  localIpRange = "${localIpPrefix}0/24";
  localIpAddr = subAddr: "${localIpPrefix}${builtins.toString subAddr}";
  tailnetAddr = host: "${host}.${tailnetDomain}";
--- a/shared/desktop/modules/development/httpie.nix
+++ b/shared/desktop/modules/development/httpie.nix
@ -0,0 +1,7 @@
 { pkgs, ... }:
 {
  environment.systemPackages = with pkgs; [
    httpie-desktop
  ];
 }
Author	SHA1	Message	Date
Martin Berg Alstad	055c399d31	✨ [pi4] Add reverse proxy for martials.no staging environment	2025-07-10 18:47:08 +00:00
Martin Berg Alstad	4985fd4a89	🐛 [pi4] Fix Actual container not working	2025-07-10 18:47:08 +00:00
Martin Berg Alstad	9064fc6d1d	✨ [shared] Add Httpie-desktop	2025-07-03 21:50:48 +02:00
Martin Berg Alstad	3e718fadfc	✨ [pi4] Containerize Actual service	2025-06-23 19:18:40 +00:00
Martin Berg Alstad	763ee6312a	♻️ [pi4] Refactor firewall with variables	2025-06-23 18:17:08 +00:00
Martin Berg Alstad	5704ebe712	✨ [pi4] Initial Actual Budget service	2025-06-23 18:07:09 +00:00