nix/hosts/actual/default.nix

{
  config,
  pkgs,
  ...
}:
let
  p = import ../parameters.nix;
in
{

  age.secrets = {
    actual-openid-client-secret = {
      file = ../../secrets/actual-openid-client-secret.age;
      owner = "actual";
      group = "actual";
      mode = "0400";
    };
  };

  my = {
    utils = {
      commons.enable = true;
      lxc-standard.enable = true;
    };

    services.actual = {
      enable = true;
      settings = {
        openId = {
          discoveryURL = "https://auth.${p.domains.public}/application/o/actual/.well-known/openid-configuration";
          client_id = "PVOPLIfXxUiXT5ydn9QR7ht6XAoSJVMhwR5Kbt0I";
          client_secret._secret = config.age.secrets.actual-openid-client-secret.path;
          server_hostname = "https://actual.${p.domains.public}";
          authMethod = "openid";
        };
      };
    };

    virtualisation.proxmox.enable = true;
  };

  environment.systemPackages = with pkgs; [ ];

  system.stateVersion = "25.11";
}