blob: 000e6c4092de0ddb3f5968a26d16c380cae02cf8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
{
config,
lib,
...
}: let
inherit (lib) mkOption mkEnableOption types mkIf;
cnf = config.cynerd.ha;
in {
options.cynerd.ha = {
enable = mkEnableOption "Home assistant setup on the primary router.";
domain = mkOption {
type = with types; str;
description = "The domain name of the system.";
};
extraOptions = mkOption {
type = with types; listOf str;
default = [];
description = "Extra options passed to the container.";
};
};
config = mkIf cnf.enable {
virtualisation.oci-containers = {
backend = "podman";
containers.homeassistant = {
volumes = ["home-assistant:/config" "/run/dbus:/run/dbus:ro"];
environment.TZ = "Europe/Prague";
image = "ghcr.io/home-assistant/armv7-homeassistant:stable";
extraOptions =
[
"--privileged"
"--pull=always"
"--network=host"
]
++ cnf.extraOptions;
};
};
services.nginx = {
enable = true;
virtualHosts = {
"${cnf.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8123";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "cynerd+acme@email.cz";
certs."${cnf.domain}" = {};
};
networking.firewall.allowedTCPPorts = [80 443];
};
}
|
