aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKarel Kočí <cynerd@email.cz>2025-07-21 18:35:08 +0200
committerKarel Kočí <cynerd@email.cz>2025-07-21 18:35:08 +0200
commitb02aaf9076e92532a9129ec3f829755f73fc820a (patch)
tree05156a009af451b9c191914d5f42171314815eb3
parente9788650e4bef53e77794a7bec5e37e5a1946a92 (diff)
downloadnixos-personal-b02aaf9076e92532a9129ec3f829755f73fc820a.tar.gz
nixos-personal-b02aaf9076e92532a9129ec3f829755f73fc820a.tar.bz2
nixos-personal-b02aaf9076e92532a9129ec3f829755f73fc820a.zip
nixos: rework home assistant
-rw-r--r--flake.lock8
-rw-r--r--nixos/configurations/spt-mox.nix15
-rw-r--r--nixos/configurations/spt-omnia.nix55
-rw-r--r--nixos/modules/homeassistant.nix61
4 files changed, 83 insertions, 56 deletions
diff --git a/flake.lock b/flake.lock
index b74cdfa..1396c78 100644
--- a/flake.lock
+++ b/flake.lock
@@ -315,11 +315,11 @@
},
"personal-secret": {
"locked": {
- "lastModified": 1750422364,
- "narHash": "sha256-+ok+HVwcAonP0QZXIvcH2Bc0L/EmZlXjkFhLOPMuNxM=",
+ "lastModified": 1753114457,
+ "narHash": "sha256-LXS93E46n/whB1iNfcA8l545pFGq8hbkD+QzwlOG5OM=",
"ref": "refs/heads/master",
- "rev": "a3d3d5200b06cd689be0b66b53faf43ed3ae1799",
- "revCount": 134,
+ "rev": "27eb0905e0523eb2d4273b0f8bf41d02eff5610c",
+ "revCount": 135,
"type": "git",
"url": "ssh://git@cynerd.cz/nixos-personal-secret"
},
diff --git a/nixos/configurations/spt-mox.nix b/nixos/configurations/spt-mox.nix
index 8af976c..a9f4965 100644
--- a/nixos/configurations/spt-mox.nix
+++ b/nixos/configurations/spt-mox.nix
@@ -75,25 +75,10 @@
acl = ["read bigclown/node/#"];
passwordFile = "/run/secrets/mosquitto.telegraf.pass";
};
- homeassistant = {
- acl = [
- "readwrite homeassistant/#"
- "readwrite bigclown/#"
- "readwrite zigbee2mqtt/#"
- ];
- passwordFile = "/run/secrets/mosquitto.homeassistant.pass";
- };
bigclown = {
acl = ["readwrite bigclown/#"];
passwordFile = "/run/secrets/mosquitto.bigclown.pass";
};
- zigbee2mqtt = {
- acl = [
- "readwrite homeassistant/#"
- "readwrite zigbee2mqtt/#"
- ];
- passwordFile = "/run/secrets/mosquitto.zigbee2mqtt.pass";
- };
};
}
];
diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix
index 9abe74f..8449f0d 100644
--- a/nixos/configurations/spt-omnia.nix
+++ b/nixos/configurations/spt-omnia.nix
@@ -39,18 +39,20 @@ in {
monitoring.speedtest = true;
};
- services.journald.extraConfig = ''
- SystemMaxUse=8G
- '';
+ services = {
+ journald.extraConfig = ''
+ SystemMaxUse=8G
+ '';
- services.btrfs.autoScrub = {
- enable = true;
- fileSystems = ["/"];
- };
+ btrfs.autoScrub = {
+ enable = true;
+ fileSystems = ["/"];
+ };
- services.fail2ban = {
- enable = true;
- ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"];
+ fail2ban = {
+ enable = true;
+ ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"];
+ };
};
networking.useDHCP = false;
@@ -134,32 +136,11 @@ in {
'';
##############################################################################
- services = {
- zigbee2mqtt = {
- enable = true;
- settings = {
- serial.port = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00";
- mqtt = {
- server = "mqtt://${config.cynerd.hosts.spt.mox}:1883";
- user = "zigbee2mqtt";
- password = "!secret.yaml mqtt_password";
- };
- advanced = {
- network_key = "!secret.yaml network_key";
- homeassistant_legacy_entity_attributes = false;
- legacy_api = false;
- legacy_availability_payload = false;
- last_seen = "epoch";
- };
- frontend = true;
- availability = true;
- homeassistant = {
- legacy_triggers = false;
- };
- device_options.legacy = false;
- permit_join = false;
- devices = config.secrets.zigbee2mqttDevices;
- };
- };
+ cynerd.ha = {
+ enable = true;
+ domain = "spt.cynerd.cz";
+ extraOptions = [
+ "--device=/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00:/dev/ttyACM0"
+ ];
};
}
diff --git a/nixos/modules/homeassistant.nix b/nixos/modules/homeassistant.nix
new file mode 100644
index 0000000..000e6c4
--- /dev/null
+++ b/nixos/modules/homeassistant.nix
@@ -0,0 +1,61 @@
+{
+ config,
+ lib,
+ ...
+}: let
+ inherit (lib) mkOption mkEnableOption types mkIf;
+ cnf = config.cynerd.ha;
+in {
+ options.cynerd.ha = {
+ enable = mkEnableOption "Home assistant setup on the primary router.";
+ domain = mkOption {
+ type = with types; str;
+ description = "The domain name of the system.";
+ };
+ extraOptions = mkOption {
+ type = with types; listOf str;
+ default = [];
+ description = "Extra options passed to the container.";
+ };
+ };
+
+ config = mkIf cnf.enable {
+ virtualisation.oci-containers = {
+ backend = "podman";
+ containers.homeassistant = {
+ volumes = ["home-assistant:/config" "/run/dbus:/run/dbus:ro"];
+ environment.TZ = "Europe/Prague";
+ image = "ghcr.io/home-assistant/armv7-homeassistant:stable";
+ extraOptions =
+ [
+ "--privileged"
+ "--pull=always"
+ "--network=host"
+ ]
+ ++ cnf.extraOptions;
+ };
+ };
+
+ services.nginx = {
+ enable = true;
+ virtualHosts = {
+ "${cnf.domain}" = {
+ forceSSL = true;
+ enableACME = true;
+ locations."/" = {
+ proxyPass = "http://localhost:8123";
+ proxyWebsockets = true;
+ recommendedProxySettings = true;
+ };
+ };
+ };
+ };
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "cynerd+acme@email.cz";
+ certs."${cnf.domain}" = {};
+ };
+
+ networking.firewall.allowedTCPPorts = [80 443];
+ };
+}