{ config, ... }:

{
  systemd.tmpfiles.rules = [
    "d /var/lib/actual 0755 root root"
  ];

  virtualisation.oci-containers.containers.actual = {
    image = "actualbudget/actual-server:latest";
    ports = [
      "5006:5006"
    ];
    environment = {
      ACTUAL_LOGIN_METHOD = "header";
    };
    volumes = [ "/var/lib/actual:/data" ];
  };

  services.caddy.virtualHosts."https://budget.tailc50184.ts.net".extraConfig = ''
    bind tailscale/budget
    reverse_proxy http://localhost:5006
  '';
}