Install actual on Raspberry Pi

2024-04-12 13:34:45 +02:00 · 2024-04-12 13:34:45 +02:00 · 6c0425418e
commit 6c0425418e
parent 64fa1562dd
9 changed files with 109 additions and 8 deletions
--- a/roles/actual/handlers/main.yml
+++ b/roles/actual/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: Restart Nginx
+  become: true
+  ansible.builtin.systemd:
+    name: nginx.service
+    state: restarted
--- a/roles/actual/tasks/main.yml
+++ b/roles/actual/tasks/main.yml
@ -0,0 +1,47 @@
+---
+- name: Install Podman
+  become: true
+  ansible.builtin.apt:
+    name: podman
+    state: present
+- name: Create a new user
+  ansible.builtin.include_role:
+    name: user
+  vars:
+    username: "{{ actual_user }}"
+    password: "{{ actual_password }}"
+- name: Create a directory for holding actual's (volume) data
+  become: true
+  become_user: "{{ actual_user }}"
+  ansible.builtin.file:
+    path: "/home/{{ actual_user }}/actual_data"
+    state: directory
+    mode: '0700'
+# Unfortunatelly I can't set the web password in the container, a user has to manually do this on startup.
+- name: Start the Actual container
+  become: true
+  become_user: "{{ actual_user }}"
+  containers.podman.podman_container:
+    name: actual-server
+    image: docker.io/actualbudget/actual-server:24.4.0
+    restart_policy: on-failure
+    publish:
+      - 127.0.0.1:5006:5006
+    volumes:
+      - "/home/{{ actual_user }}/actual_data:/data"
+    state: started
+- name: Install certificate for actual.kleinendorst.info
+  become: true
+  ansible.builtin.command:
+    cmd: register_certbot_domain.sh actual.kleinendorst.info
+    creates: /etc/letsencrypt/live/actual.kleinendorst.info # The certificate directory
+- name: Set Nginx configuration
+  become: true
+  ansible.builtin.template:
+    src: actual.conf.j2
+    dest: /etc/nginx/conf.d/actual.conf
+    mode: '0644'
+  notify: Restart Nginx
+- name: Debug
+  ansible.builtin.debug:
+    msg: "Don't forget to manually add a DNS record for actual.kleinendorst.info pointing to: {{ ansible_facts['default_ipv4']['address'] }}."
--- a/roles/actual/templates/actual.conf.j2
+++ b/roles/actual/templates/actual.conf.j2
@ -0,0 +1,25 @@
+# Template comes from the actual documentation: https://actualbudget.org/docs/config/reverse-proxies/#nginx
+# It was however modified in some ways because the referenced files weren't created.
+server {
+  listen 443 ssl;
+  listen [::]:443 ssl;
+  server_name actual.kleinendorst.info;
+
+  client_max_body_size 20M; # The budgets can become quite large and need to be uploaded
+
+  # SSL via Let's Encrypt
+  ssl_certificate /etc/letsencrypt/live/actual.kleinendorst.info/fullchain.pem; # managed by Certbot
+  ssl_certificate_key /etc/letsencrypt/live/actual.kleinendorst.info/privkey.pem; # managed by Certbot
+  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+  ssl_ciphers         HIGH:!aNULL:!MD5;
+
+  location / {
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header Host $host;
+
+    set $upstream_address 127.0.0.1;
+    set $upstream_port 5006;
+    set $upstream_proto http;
+    proxy_pass $upstream_proto://$upstream_address:$upstream_port;
+  }
+}
--- a/roles/actual/vars/main/defaults.yml
+++ b/roles/actual/vars/main/defaults.yml
@ -0,0 +1,2 @@
+---
+actual_user: actual
--- a/roles/actual/vars/main/vault.yml
+++ b/roles/actual/vars/main/vault.yml
@ -0,0 +1,8 @@
+$ANSIBLE_VAULT;1.1;AES256
+33376134646463343235646461303131626139663865333436646535383064383437616231323334
+6162306132343165666134323966363739333638353332620a663034326361383233356639646463
+65386537303530363335363234636464626330343864363162626233613430633430643334396636
+6635653735633730310a343036363136333933653561663839613238336338633061613534326536
+39343563343863643636616130316235316236656531626433613432303561383834333764336534
+35636438613832643433346135623934323964346464383931353539633464333038626561643963
+633839343438623261343239613534393233