diff options
author | Karel Kočí <cynerd@email.cz> | 2025-07-21 18:35:08 +0200 |
---|---|---|
committer | Karel Kočí <cynerd@email.cz> | 2025-07-21 18:35:08 +0200 |
commit | b02aaf9076e92532a9129ec3f829755f73fc820a (patch) | |
tree | 05156a009af451b9c191914d5f42171314815eb3 | |
parent | e9788650e4bef53e77794a7bec5e37e5a1946a92 (diff) | |
download | nixos-personal-b02aaf9076e92532a9129ec3f829755f73fc820a.tar.gz nixos-personal-b02aaf9076e92532a9129ec3f829755f73fc820a.tar.bz2 nixos-personal-b02aaf9076e92532a9129ec3f829755f73fc820a.zip |
nixos: rework home assistant
-rw-r--r-- | flake.lock | 8 | ||||
-rw-r--r-- | nixos/configurations/spt-mox.nix | 15 | ||||
-rw-r--r-- | nixos/configurations/spt-omnia.nix | 55 | ||||
-rw-r--r-- | nixos/modules/homeassistant.nix | 61 |
4 files changed, 83 insertions, 56 deletions
@@ -315,11 +315,11 @@ }, "personal-secret": { "locked": { - "lastModified": 1750422364, - "narHash": "sha256-+ok+HVwcAonP0QZXIvcH2Bc0L/EmZlXjkFhLOPMuNxM=", + "lastModified": 1753114457, + "narHash": "sha256-LXS93E46n/whB1iNfcA8l545pFGq8hbkD+QzwlOG5OM=", "ref": "refs/heads/master", - "rev": "a3d3d5200b06cd689be0b66b53faf43ed3ae1799", - "revCount": 134, + "rev": "27eb0905e0523eb2d4273b0f8bf41d02eff5610c", + "revCount": 135, "type": "git", "url": "ssh://git@cynerd.cz/nixos-personal-secret" }, diff --git a/nixos/configurations/spt-mox.nix b/nixos/configurations/spt-mox.nix index 8af976c..a9f4965 100644 --- a/nixos/configurations/spt-mox.nix +++ b/nixos/configurations/spt-mox.nix @@ -75,25 +75,10 @@ acl = ["read bigclown/node/#"]; passwordFile = "/run/secrets/mosquitto.telegraf.pass"; }; - homeassistant = { - acl = [ - "readwrite homeassistant/#" - "readwrite bigclown/#" - "readwrite zigbee2mqtt/#" - ]; - passwordFile = "/run/secrets/mosquitto.homeassistant.pass"; - }; bigclown = { acl = ["readwrite bigclown/#"]; passwordFile = "/run/secrets/mosquitto.bigclown.pass"; }; - zigbee2mqtt = { - acl = [ - "readwrite homeassistant/#" - "readwrite zigbee2mqtt/#" - ]; - passwordFile = "/run/secrets/mosquitto.zigbee2mqtt.pass"; - }; }; } ]; diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index 9abe74f..8449f0d 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -39,18 +39,20 @@ in { monitoring.speedtest = true; }; - services.journald.extraConfig = '' - SystemMaxUse=8G - ''; + services = { + journald.extraConfig = '' + SystemMaxUse=8G + ''; - services.btrfs.autoScrub = { - enable = true; - fileSystems = ["/"]; - }; + btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; - services.fail2ban = { - enable = true; - ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"]; + fail2ban = { + enable = true; + ignoreIP = ["10.8.1.0/24" "10.8.2.0/24"]; + }; }; networking.useDHCP = false; @@ -134,32 +136,11 @@ in { ''; ############################################################################## - services = { - zigbee2mqtt = { - enable = true; - settings = { - serial.port = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00"; - mqtt = { - server = "mqtt://${config.cynerd.hosts.spt.mox}:1883"; - user = "zigbee2mqtt"; - password = "!secret.yaml mqtt_password"; - }; - advanced = { - network_key = "!secret.yaml network_key"; - homeassistant_legacy_entity_attributes = false; - legacy_api = false; - legacy_availability_payload = false; - last_seen = "epoch"; - }; - frontend = true; - availability = true; - homeassistant = { - legacy_triggers = false; - }; - device_options.legacy = false; - permit_join = false; - devices = config.secrets.zigbee2mqttDevices; - }; - }; + cynerd.ha = { + enable = true; + domain = "spt.cynerd.cz"; + extraOptions = [ + "--device=/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20220812153849-if00:/dev/ttyACM0" + ]; }; } diff --git a/nixos/modules/homeassistant.nix b/nixos/modules/homeassistant.nix new file mode 100644 index 0000000..000e6c4 --- /dev/null +++ b/nixos/modules/homeassistant.nix @@ -0,0 +1,61 @@ +{ + config, + lib, + ... +}: let + inherit (lib) mkOption mkEnableOption types mkIf; + cnf = config.cynerd.ha; +in { + options.cynerd.ha = { + enable = mkEnableOption "Home assistant setup on the primary router."; + domain = mkOption { + type = with types; str; + description = "The domain name of the system."; + }; + extraOptions = mkOption { + type = with types; listOf str; + default = []; + description = "Extra options passed to the container."; + }; + }; + + config = mkIf cnf.enable { + virtualisation.oci-containers = { + backend = "podman"; + containers.homeassistant = { + volumes = ["home-assistant:/config" "/run/dbus:/run/dbus:ro"]; + environment.TZ = "Europe/Prague"; + image = "ghcr.io/home-assistant/armv7-homeassistant:stable"; + extraOptions = + [ + "--privileged" + "--pull=always" + "--network=host" + ] + ++ cnf.extraOptions; + }; + }; + + services.nginx = { + enable = true; + virtualHosts = { + "${cnf.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:8123"; + proxyWebsockets = true; + recommendedProxySettings = true; + }; + }; + }; + }; + security.acme = { + acceptTerms = true; + defaults.email = "cynerd+acme@email.cz"; + certs."${cnf.domain}" = {}; + }; + + networking.firewall.allowedTCPPorts = [80 443]; + }; +} |