{ config, common, ... }:
let
  domain = "beta.budget.${common.domain}";
in
{
  networking.nat = {
    enable = true;
    internalInterfaces = [ "ve-*" ];
    externalInterface = "wlan0";
    # Lazy IPv6 connectivity for the container
    enableIPv6 = true;
  };

  containers.actual = {
    autoStart = true;
    privateNetwork = true;
    hostAddress = "192.168.10.188";
    localAddress = "192.168.10.11";
    config =
      { ... }:
      {
        services = {
          actual = {
            enable = true;
            settings = {
              port = 8084;
              loginMethod = "password";
            };
          };
        };
        system.stateVersion = common.system.version;
      };
  };
  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://${config.containers.actual.localAddress}:8084";
      proxyWebsockets = true;
    };
  };
}