nixos: refactor the home automationHEADmaster

This moves zigbee to spt-omnia.

8 files changed, 196 insertions, 241 deletions

diff --git a/flake.lock b/flake.lock
index 9a0355b..bf4cadc 100644
--- a/flake.lock
+++ b/flake.lock
@@ -333,11 +333,11 @@
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1715772678,
-        "narHash": "sha256-UxVyJzWt4/TzJhfbX2LcKAb1fhAH0PXJA9boUaHsyZ0=",
+        "lastModified": 1737711206,
+        "narHash": "sha256-REAllCehBD7otzk2m/nG32eYQ/uH1giurpqpheOSbAI=",
         "owner": "cynerd",
         "repo": "nixturris",
-        "rev": "c3cf29dba9af8a226e527f11b80305bcdd22e5dd",
+        "rev": "b7873f03f303f1cfaaee4989b70da22d2ff760b6",
         "type": "gitlab"
       },
       "original": {
@@ -348,11 +348,11 @@
     },
     "personal-secret": {
       "locked": {
-        "lastModified": 1737384491,
-        "narHash": "sha256-5ePb3HAOoepnaADMZF2ATdkMr0bBP/s9zDqSqyrlX+A=",
+        "lastModified": 1737712272,
+        "narHash": "sha256-vSumdcYN3vjO1B+44FHIl7Wr2YOS1H/wmPDiKKenLbU=",
         "ref": "refs/heads/master",
-        "rev": "81298163c38df333577b498eaf372e287b31ba93",
-        "revCount": 122,
+        "rev": "97ec652e8a60ca8362aea0e7f6f1f1066417b354",
+        "revCount": 123,
         "type": "git",
         "url": "ssh://git@cynerd.cz/nixos-personal-secret"
       },
diff --git a/nixos/configurations/errol.nix b/nixos/configurations/errol.nix
index 407cf82..e9b0599 100644
--- a/nixos/configurations/errol.nix
+++ b/nixos/configurations/errol.nix
@@ -89,75 +89,50 @@ in {
     pkgs.nvtopPackages.amd
   ];
 
-  services.syncthing = {
-    enable = true;
-    user = mkDefault "cynerd";
-    group = mkDefault "cynerd";
-    openDefaultPorts = true;
-
-    overrideDevices = false;
-    overrideFolders = false;
+  ##############################################################################
+  services = {
+    syncthing = {
+      enable = true;
+      user = mkDefault "cynerd";
+      group = mkDefault "cynerd";
+      openDefaultPorts = true;
 
-    dataDir = "/home/cynerd";
-    configDir = "/home/cynerd/.config/syncthing";
-  };
+      overrideDevices = false;
+      overrideFolders = false;
 
-  nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # TODO
-  services.home-assistant = {
-    enable = true;
-    openFirewall = true;
-    configDir = "/var/lib/hass";
-    config = {
-      homeassistant = {
-        name = "SPT";
-        latitude = "!secret latitude";
-        longitude = "!secret longitude";
-        elevation = "!secret elevation";
-        time_zone = "Europe/Prague";
-        country = "CZ";
-      };
-      http.server_port = 8808;
-      mqtt = {
-        sensor = import ../modules/home-assistant/sensors.nix;
-        light = import ../modules/home-assistant/light.nix;
-      };
-      default_config = {};
-      automation = "!include automations.yaml";
-    };
-    extraComponents = ["met"];
-    package = pkgs.home-assistant.override {
-      extraPackages = pkgs:
-        with pkgs; [
-          securetar
-          pyipp
-        ];
+      dataDir = "/home/cynerd";
+      configDir = "/home/cynerd/.config/syncthing";
     };
-  };
 
-  services.zigbee2mqtt = {
-    enable = true;
-    settings = {
-      serial.port = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00";
-      mqtt = {
-        server = "mqtt://${config.cynerd.hosts.spt.mox}:1883";
-        user = "zigbee2mqtt";
-        password = "!secret.yaml mqtt_password";
-      };
-      advanced = {
-        network_key = "!secret.yaml network_key";
-        homeassistant_legacy_entity_attributes = false;
-        legacy_api = false;
-        legacy_availability_payload = false;
-        last_seen = "epoch";
+    home-assistant = {
+      enable = true;
+      openFirewall = true;
+      configDir = "/var/lib/hass";
+      config = {
+        homeassistant = {
+          name = "SPT";
+          latitude = "!secret latitude";
+          longitude = "!secret longitude";
+          elevation = "!secret elevation";
+          time_zone = "Europe/Prague";
+          country = "CZ";
+        };
+        http.server_port = 8808;
+        mqtt = {
+          sensor = import ../home-assistant/sensors.nix;
+          light = import ../home-assistant/light.nix;
+        };
+        default_config = {};
+        automation = "!include automations.yaml";
       };
-      frontend = true;
-      availability = true;
-      homeassistant = {
-        legacy_triggers = false;
+      extraComponents = ["met"];
+      package = pkgs.home-assistant.override {
+        extraPackages = pkgs:
+          with pkgs; [
+            securetar
+            pyipp
+          ];
       };
-      device_options.legacy = false;
-      permit_join = false;
-      devices = config.secrets.zigbee2mqttDevices;
     };
   };
 }
diff --git a/nixos/configurations/spt-mox.nix b/nixos/configurations/spt-mox.nix
index 989df29..682e4fb 100644
--- a/nixos/configurations/spt-mox.nix
+++ b/nixos/configurations/spt-mox.nix
@@ -1,4 +1,8 @@
-{config, ...}: {
+{
+  config,
+  pkgs,
+  ...
+}: {
   turris.board = "mox";
   deploy = {
     enable = true;
@@ -6,7 +10,6 @@
   };
 
   cynerd = {
-    home-assistant = true;
     monitoring.drives = false;
     switch = {
       enable = true;
@@ -49,4 +52,119 @@
       ];
     };
   };
+
+  ##############################################################################
+  networking.firewall.allowedTCPPorts = [
+    1883 # Mosquitto
+  ];
+  services = {
+    mosquitto = {
+      enable = true;
+      listeners = [
+        {
+          users = {
+            cynerd = {
+              acl = ["readwrite #"];
+              passwordFile = "/run/secrets/mosquitto.cynerd.pass";
+            };
+            telegraf = {
+              acl = ["read bigclown/node/#"];
+              passwordFile = "/run/secrets/mosquitto.telegraf.pass";
+            };
+            homeassistant = {
+              acl = [
+                "readwrite homeassistant/#"
+                "readwrite bigclown/#"
+                "readwrite zigbee2mqtt/#"
+              ];
+              passwordFile = "/run/secrets/mosquitto.homeassistant.pass";
+            };
+            bigclown = {
+              acl = ["readwrite bigclown/#"];
+              passwordFile = "/run/secrets/mosquitto.bigclown.pass";
+            };
+            zigbee2mqtt = {
+              acl = [
+                "readwrite homeassistant/#"
+                "readwrite zigbee2mqtt/#"
+              ];
+              passwordFile = "/run/secrets/mosquitto.zigbee2mqtt.pass";
+            };
+          };
+        }
+      ];
+    };
+
+    telegraf.extraConfig = {
+      outputs.influxdb_v2 = [
+        {
+          urls = ["http://cynerd.cz:8086"];
+          token = "$INFLUX_TOKEN";
+          organization = "personal";
+          bucket = "bigclown";
+          tagpass.source = ["bigclown"];
+        }
+      ];
+      inputs.mqtt_consumer = let
+        consumer = data_type: topics: {
+          tags = {source = "bigclown";};
+          servers = ["tcp://localhost:1883"];
+          inherit topics;
+          username = "telegraf";
+          password = "$MQTT_PASSWORD";
+          data_format = "value";
+          inherit data_type;
+          topic_parsing = [
+            {
+              topic = "bigclown/node/+/+/+/+";
+              measurement = "_/_/_/_/_/measurement";
+              tags = "_/_/device/field/_/_";
+            }
+          ];
+        };
+      in [
+        (consumer "float" [
+          "bigclown/node/+/battery/+/voltage"
+          "bigclown/node/+/thermometer/+/temperature"
+          "bigclown/node/+/hygrometer/+/relative-humidity"
+          "bigclown/node/+/lux-meter/+/illuminance"
+          "bigclown/node/+/barometer/+/pressure"
+          "bigclown/node/+/pir/+/event-count"
+          "bigclown/node/+/push-button/+/event-count"
+        ])
+        (consumer "boolean" [
+          "bigclown/node/+/flood-detector/+/alarm"
+        ])
+      ];
+      processors.pivot = [
+        {
+          tag_key = "field";
+          value_key = "value";
+          tagpass.source = ["bigclown"];
+        }
+      ];
+    };
+
+    bcg = {
+      enable = true;
+      device = "/dev/ttyUSB0";
+      baseTopicPrefix = "bigclown/";
+      environmentFiles = ["/run/secrets/bigclown.env"];
+      mqtt = {
+        username = "bigclown";
+        password = "\${MQTT_PASSWORD}";
+      };
+    };
+  };
+
+  systemd.services = {
+    telegraf.wants = ["mosquitto.service"];
+
+    bigclown-leds = {
+      description = "Bigclown LEDs control";
+      wantedBy = ["multi-user.target"];
+      wants = ["mosquitto.service"];
+      serviceConfig.ExecStart = "${pkgs.bigclown-leds}/bin/bigclown-leds /run/secrets/bigclown-leds.ini";
+    };
+  };
 }
diff --git a/nixos/configurations/spt-mox2.nix b/nixos/configurations/spt-mox2.nix
index b416671..9fb4197 100644
--- a/nixos/configurations/spt-mox2.nix
+++ b/nixos/configurations/spt-mox2.nix
@@ -1,8 +1,4 @@
-{
-  config,
-  pkgs,
-  ...
-}: {
+{config, ...}: {
   turris.board = "mox";
   deploy = {
     enable = true;
diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix
index 23aa006..e5d2433 100644
--- a/nixos/configurations/spt-omnia.nix
+++ b/nixos/configurations/spt-omnia.nix
@@ -130,4 +130,34 @@ in {
     tcp flags syn tcp option maxseg size set rt mtu comment "Needed for PPPoE to fix IPv4"
     iifname {"home", "wg"} oifname {"home", "wg"} accept
   '';
+
+  ##############################################################################
+  services = {
+    zigbee2mqtt = {
+      enable = true;
+      settings = {
+        serial.port = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00";
+        mqtt = {
+          server = "mqtt://${config.cynerd.hosts.spt.mox}:1883";
+          user = "zigbee2mqtt";
+          password = "!secret.yaml mqtt_password";
+        };
+        advanced = {
+          network_key = "!secret.yaml network_key";
+          homeassistant_legacy_entity_attributes = false;
+          legacy_api = false;
+          legacy_availability_payload = false;
+          last_seen = "epoch";
+        };
+        frontend = true;
+        availability = true;
+        homeassistant = {
+          legacy_triggers = false;
+        };
+        device_options.legacy = false;
+        permit_join = false;
+        devices = config.secrets.zigbee2mqttDevices;
+      };
+    };
+  };
 }
diff --git a/nixos/modules/home-assistant/light.nix b/nixos/home-assistant/light.nix
index a9d158b..a9d158b 100644
--- a/nixos/modules/home-assistant/light.nix
+++ b/nixos/home-assistant/light.nix
diff --git a/nixos/modules/home-assistant/sensors.nix b/nixos/home-assistant/sensors.nix
index fadd4eb..fadd4eb 100644
--- a/nixos/modules/home-assistant/sensors.nix
+++ b/nixos/home-assistant/sensors.nix
diff --git a/nixos/modules/home-assistant.nix b/nixos/modules/home-assistant.nix
deleted file mode 100644
index ab16e8a..0000000
--- a/nixos/modules/home-assistant.nix
+++ /dev/null
@@ -1,164 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
-  inherit (lib) mkIf mkEnableOption;
-in {
-  options = {
-    cynerd.home-assistant = mkEnableOption "Enable Home Assistant and Bigclown";
-  };
-
-  config = mkIf config.cynerd.home-assistant {
-    services.mosquitto = {
-      enable = true;
-      listeners = [
-        {
-          users = {
-            cynerd = {
-              acl = ["readwrite #"];
-              passwordFile = "/run/secrets/mosquitto.cynerd.pass";
-            };
-            telegraf = {
-              acl = ["read bigclown/node/#"];
-              passwordFile = "/run/secrets/mosquitto.telegraf.pass";
-            };
-            homeassistant = {
-              acl = [
-                "readwrite homeassistant/#"
-                "readwrite bigclown/#"
-                "readwrite zigbee2mqtt/#"
-              ];
-              passwordFile = "/run/secrets/mosquitto.homeassistant.pass";
-            };
-            bigclown = {
-              acl = ["readwrite bigclown/#"];
-              passwordFile = "/run/secrets/mosquitto.bigclown.pass";
-            };
-            zigbee2mqtt = {
-              acl = [
-                "readwrite homeassistant/#"
-                "readwrite zigbee2mqtt/#"
-              ];
-              passwordFile = "/run/secrets/mosquitto.zigbee2mqtt.pass";
-            };
-          };
-        }
-      ];
-    };
-    networking.firewall.allowedTCPPorts = [
-      1883 # Mosquitto
-    ];
-
-    services.bcg = {
-      enable = true;
-      device = "/dev/ttyUSB0";
-      baseTopicPrefix = "bigclown/";
-      environmentFiles = ["/run/secrets/bigclown.env"];
-      mqtt = {
-        username = "bigclown";
-        password = "\${MQTT_PASSWORD}";
-      };
-    };
-
-    systemd.services.bigclown-leds = {
-      description = "Bigclown LEDs control";
-      wantedBy = ["multi-user.target"];
-      wants = ["mosquitto.service"];
-      serviceConfig.ExecStart = "${pkgs.bigclown-leds}/bin/bigclown-leds /run/secrets/bigclown-leds.ini";
-    };
-
-    services.telegraf.extraConfig = {
-      outputs.influxdb_v2 = [
-        {
-          urls = ["http://cynerd.cz:8086"];
-          token = "$INFLUX_TOKEN";
-          organization = "personal";
-          bucket = "bigclown";
-          tagpass.source = ["bigclown"];
-        }
-      ];
-      inputs.mqtt_consumer = let
-        consumer = data_type: topics: {
-          tags = {source = "bigclown";};
-          servers = ["tcp://localhost:1883"];
-          inherit topics;
-          username = "telegraf";
-          password = "$MQTT_PASSWORD";
-          data_format = "value";
-          inherit data_type;
-          topic_parsing = [
-            {
-              topic = "bigclown/node/+/+/+/+";
-              measurement = "_/_/_/_/_/measurement";
-              tags = "_/_/device/field/_/_";
-            }
-          ];
-        };
-      in [
-        (consumer "float" [
-          "bigclown/node/+/battery/+/voltage"
-          "bigclown/node/+/thermometer/+/temperature"
-          "bigclown/node/+/hygrometer/+/relative-humidity"
-          "bigclown/node/+/lux-meter/+/illuminance"
-          "bigclown/node/+/barometer/+/pressure"
-          "bigclown/node/+/pir/+/event-count"
-          "bigclown/node/+/push-button/+/event-count"
-        ])
-        (consumer "boolean" [
-          "bigclown/node/+/flood-detector/+/alarm"
-        ])
-      ];
-      processors.pivot = [
-        {
-          tag_key = "field";
-          value_key = "value";
-          tagpass.source = ["bigclown"];
-        }
-      ];
-    };
-    systemd.services.telegraf.wants = ["mosquitto.service"];
-
-    #nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # TODO
-    services.home-assistant = {
-      enable = false;
-      openFirewall = true;
-      configDir = "/var/lib/hass";
-      config = {
-        homeassistant = {
-          name = "SPT";
-          latitude = "!secret latitude";
-          longitude = "!secret longitude";
-          elevation = "!secret elevation";
-          time_zone = "Europe/Prague";
-          country = "CZ";
-        };
-        http.server_port = 8808;
-        mqtt = {
-          sensor = import ./home-assistant/sensors.nix;
-          light = import ./home-assistant/light.nix;
-        };
-        default_config = {};
-        automation = "!include automations.yaml";
-      };
-      extraComponents = ["met"];
-      package = pkgs.home-assistant.override {
-        extraPackages = pkgs:
-          with pkgs; [
-            securetar
-            pyipp
-          ];
-        packageOverrides = _: super: {
-          scapy = super.scapy.override {
-            withPlottingSupport = false;
-          };
-          s3transfer = super.s3transfer.overridePythonAttrs {
-            dontUsePytestCheck = true;
-            dontUseSetuptoolsCheck = true;
-          };
-        };
-      };
-    };
-  };
-}