🔧 [pi4] Temporary disable Actual budget

hosts/pi4/actual.nix

@@ -5,7 +5,7 @@ let
 in
 {
   networking.nat = {
-    enable = true;
+    enable = false;
     internalInterfaces = [ "ve-*" ];
     externalInterface = "wlan0";
     # Lazy IPv6 connectivity for the container
@@ -13,7 +13,7 @@ in
   };
 
   containers.actual = {
-    autoStart = true;
+    autoStart = false;
     privateNetwork = true;
     hostAddress = "192.168.10.188";
     localAddress = "192.168.10.11";
@@ -23,7 +23,7 @@ in
         networking.firewall.allowedTCPPorts = [ port ];
         services = {
           actual = {
-            enable = true;
+            enable = false;
             settings = {
               inherit port;
               loginMethod = "password";

hosts/pi4/home-assitant.nix

@@ -6,60 +6,68 @@ let
 in
 {
 
-  services.home-assistant = {
+  services = {
-    enable = true;
+    home-assistant = {
-    package =
+      enable = true;
-      (pkgs.home-assistant.override {
+      package =
-        extraPackages = py: with py; [ psycopg2 ];
+        (pkgs.home-assistant.override {
-      }).overrideAttrs
+          extraPackages =
-        (oldAttrs: {
+            py: with py; [
-          # Avoid long install checks
+              # Postgres
-          doInstallCheck = false;
+              psycopg2
-        });
+              # Roomba
-    extraComponents = [
+              roombapy
-      # Components required to complete the onboarding
+            ];
-      "esphome"
+        }).overrideAttrs
-      "met"
+          (oldAttrs: {
-      "radio_browser"
+            # Avoid long install checks
-    ];
+            doInstallCheck = false;
-    config = {
+          });
-      # Includes dependencies for a basic setup
+      extraComponents = [
-      # https://www.home-assistant.io/integrations/default_config/
+        # Components required to complete the onboarding
-      default_config = { };
+        "esphome"
-      homeassistant = {
+        "met"
-        name = "Hjem";
+        "radio_browser"
-        unit_system = "metric";
+      ];
-        temperature_unit = "C";
+      config = {
+        # Includes dependencies for a basic setup
+        # https://www.home-assistant.io/integrations/default_config/
+        default_config = { };
+        homeassistant = {
+          name = "Hjem";
+          unit_system = "metric";
+          temperature_unit = "C";
+        };
+        http = {
+          server_host = "::1";
+          trusted_proxies = [ "::1" ];
+          use_x_forwarded_for = true;
+          server_port = port;
+        };
+        recorder.db_url = "postgresql://@/${dbName}";
       };
-      http = {
-        server_host = "::1";
-        trusted_proxies = [ "::1" ];
-        use_x_forwarded_for = true;
-        server_port = port;
-      };
-      recorder.db_url = "postgresql://@/${dbName}";
     };
-  };
 
-  services.nginx.virtualHosts.${domain} = {
+    nginx.virtualHosts.${domain} = {
-    forceSSL = true;
+      forceSSL = true;
-    enableACME = true;
+      enableACME = true;
-    extraConfig = ''
+      extraConfig = ''
-      proxy_buffering off;
+        proxy_buffering off;
-    '';
+      '';
-    locations."/" = {
+      locations."/" = {
-      proxyPass = "http://[::1]:${toString port}";
+        proxyPass = "http://[::1]:${toString port}";
-      proxyWebsockets = true;
+        proxyWebsockets = true;
+      };
+    };
+    postgresql = {
+      enable = true;
+      ensureDatabases = [ dbName ];
+      ensureUsers = [
+        {
+          name = dbName;
+          ensureDBOwnership = true;
+        }
+      ];
     };
-  };
-  services.postgresql = {
-    enable = true;
-    ensureDatabases = [ dbName ];
-    ensureUsers = [
-      {
-        name = dbName;
-        ensureDBOwnership = true;
-      }
-    ];
   };
 }

hosts/pi4/security/default.nix

@@ -1,7 +1,22 @@
+{ systemConfig, ... }:
+
 {
   imports = [
     ./firewall.nix
   ];
 
+  security.sudo.extraRules = [
+    {
+      users = [ systemConfig.username ];
+      runAs = "ALL:ALL";
+      commands = [
+        {
+          command = "ALL";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
+
   services.pcscd.enable = true;
 }