🔧 [pi4] Temporary disable Actual budget

➕ [pi4] ADd roomba dependency to home assistant️
🔒 [pi4] Do not require password for sudo️
2025-08-12 16:40:05 +00:00 · 2025-08-12 16:40:04 +00:00 · 2025-08-12 16:40:04 +00:00
3 changed files with 77 additions and 54 deletions
--- a/hosts/pi4/actual.nix
+++ b/hosts/pi4/actual.nix
@ -5,7 +5,7 @@ let
 in
 {
  networking.nat = {
-    enable = true;
+    enable = false;
    internalInterfaces = [ "ve-*" ];
    externalInterface = "wlan0";
    # Lazy IPv6 connectivity for the container
@ -13,7 +13,7 @@ in
  };

  containers.actual = {
-    autoStart = true;
+    autoStart = false;
    privateNetwork = true;
    hostAddress = "192.168.10.188";
    localAddress = "192.168.10.11";
@ -23,7 +23,7 @@ in
        networking.firewall.allowedTCPPorts = [ port ];
        services = {
          actual = {
-            enable = true;
+            enable = false;
            settings = {
              inherit port;
              loginMethod = "password";
--- a/hosts/pi4/home-assitant.nix
+++ b/hosts/pi4/home-assitant.nix
@ -6,60 +6,68 @@ let
 in
 {

-  services.home-assistant = {
-    enable = true;
-    package =
-      (pkgs.home-assistant.override {
-        extraPackages = py: with py; [ psycopg2 ];
-      }).overrideAttrs
-        (oldAttrs: {
-          # Avoid long install checks
-          doInstallCheck = false;
-        });
-    extraComponents = [
-      # Components required to complete the onboarding
-      "esphome"
-      "met"
-      "radio_browser"
-    ];
-    config = {
-      # Includes dependencies for a basic setup
-      # https://www.home-assistant.io/integrations/default_config/
-      default_config = { };
-      homeassistant = {
-        name = "Hjem";
-        unit_system = "metric";
-        temperature_unit = "C";
+  services = {
+    home-assistant = {
+      enable = true;
+      package =
+        (pkgs.home-assistant.override {
+          extraPackages =
+            py: with py; [
+              # Postgres
+              psycopg2
+              # Roomba
+              roombapy
+            ];
+        }).overrideAttrs
+          (oldAttrs: {
+            # Avoid long install checks
+            doInstallCheck = false;
+          });
+      extraComponents = [
+        # Components required to complete the onboarding
+        "esphome"
+        "met"
+        "radio_browser"
+      ];
+      config = {
+        # Includes dependencies for a basic setup
+        # https://www.home-assistant.io/integrations/default_config/
+        default_config = { };
+        homeassistant = {
+          name = "Hjem";
+          unit_system = "metric";
+          temperature_unit = "C";
+        };
+        http = {
+          server_host = "::1";
+          trusted_proxies = [ "::1" ];
+          use_x_forwarded_for = true;
+          server_port = port;
+        };
+        recorder.db_url = "postgresql://@/${dbName}";
      };
-      http = {
-        server_host = "::1";
-        trusted_proxies = [ "::1" ];
-        use_x_forwarded_for = true;
-        server_port = port;
-      };
-      recorder.db_url = "postgresql://@/${dbName}";
    };
-  };

-  services.nginx.virtualHosts.${domain} = {
-    forceSSL = true;
-    enableACME = true;
-    extraConfig = ''
-      proxy_buffering off;
-    '';
-    locations."/" = {
-      proxyPass = "http://[::1]:${toString port}";
-      proxyWebsockets = true;
+    nginx.virtualHosts.${domain} = {
+      forceSSL = true;
+      enableACME = true;
+      extraConfig = ''
+        proxy_buffering off;
+      '';
+      locations."/" = {
+        proxyPass = "http://[::1]:${toString port}";
+        proxyWebsockets = true;
+      };
+    };
+    postgresql = {
+      enable = true;
+      ensureDatabases = [ dbName ];
+      ensureUsers = [
+        {
+          name = dbName;
+          ensureDBOwnership = true;
+        }
+      ];
    };
-  };
-  services.postgresql = {
-    enable = true;
-    ensureDatabases = [ dbName ];
-    ensureUsers = [
-      {
-        name = dbName;
-        ensureDBOwnership = true;
-      }
-    ];
  };
 }
--- a/hosts/pi4/security/default.nix
+++ b/hosts/pi4/security/default.nix
@ -1,7 +1,22 @@
+{ systemConfig, ... }:
+
 {
  imports = [
    ./firewall.nix
  ];

+  security.sudo.extraRules = [
+    {
+      users = [ systemConfig.username ];
+      runAs = "ALL:ALL";
+      commands = [
+        {
+          command = "ALL";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
+
  services.pcscd.enable = true;
 }
Author	SHA1	Message	Date
Martin Berg Alstad	c4c7e95e7d	🔧 [pi4] Temporary disable Actual budget	2025-08-12 16:40:05 +00:00
Martin Berg Alstad	cb6e38604d	➕ [pi4] ADd roomba dependency to home assistant️	2025-08-12 16:40:04 +00:00
Martin Berg Alstad	859a0e22c2	🔒 [pi4] Do not require password for sudo️	2025-08-12 16:40:04 +00:00