Cloonar/cloonar-assistant
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-04-25 23:34:04 +02:00
commit 11a34aa04c
7 changed files with 921 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

249
modules/cloonar-assistant/home-assistant/default.nix Normal file
View File

@@ -0,0 +1,249 @@
{ config, pkgs, ... }:
let
domain = "home-assistant.${config.cloonar-assistant.domain}";
pkgs-with-home-assistant = import (builtins.fetchGit {
name = "new-home-assistant";
url = "https://github.com/nixos/nixpkgs/";
rev = "18dd725c29603f582cf1900e0d25f9f1063dbf11";
}) {};
networkPrefix = config.networkPrefix;
home-assistant-config = config.home-assistant;
home-assistant-config.package = pkgs-with-home-assistant.home-assistant;
certDir = "/var/lib/ssl/home-assistant";
certFile = "${certDir}/selfsigned.crt";
keyFile = "${certDir}/selfsigned.key";
in
{
users.users.hass = {
home = "/var/lib/hass";
createHome = true;
group = "hass";
uid = config.ids.uids.hass;
extraGroups = [ "dialout" ];
};
users.groups.hass.gid = config.ids.gids.hass;
security.acme.certs."${domain}" = {
group = "nginx";
};
sops.secrets."home-assistant-secrets.yaml" = {
owner = "hass";
restartUnits = [ "container@hass.service" ];
};
containers.hass = {
autoStart = true;
ephemeral = false;
privateNetwork = true;
hostBridge = "server";
hostAddress = "${networkPrefix}.97.1";
localAddress = "${networkPrefix}.97.20/24";
extraFlags = [
"--capability=CAP_NET_ADMIN"
"--capability=CAP_MKNOD"
];
bindMounts = {
"/etc/localtime" = {
hostPath = "/etc/localtime";
};
"/var/lib/hass" = {
hostPath = "/var/lib/hass/";
isReadOnly = false;
};
"/var/lib/acme/hass/" = {
hostPath = "${config.security.acme.certs.${domain}.directory}";
};
"/var/lib/hass/secrets.yaml" = {
hostPath = config.sops.secrets."home-assistant-secrets.yaml".path;
};
};
config = { lib, config, pkgs, ... }: {
networkPrefix = networkPrefix;
imports = [
];
networking = {
hostName = "home-assistant";
useHostResolvConf = false;
defaultGateway = {
address = "${networkPrefix}.96.1";
interface = "eth0";
};
firewall.enable = false;
nameservers = [ "${networkPrefix}.97.1" ];
};
environment.systemPackages = [
pkgs.mariadb
];
systemd.services.generate-selfsigned-cert = {
description = "Generate/renew self-signed SSL certificate";
wantedBy = [ "nginx.service" ];
path = [ pkgs.openssl pkgs.gnugrep ];
script = ''
if [ -f ${certFile} ]; then
expiry=$(openssl x509 -enddate -noout -in ${certFile} | cut -d= -f2)
expiry_epoch=$(date -d "$expiry" +%s)
current_epoch=$(date +%s)
days_left=$(( (expiry_epoch - current_epoch) / 86400 ))
if [ $days_left -lt 30 ]; then # Regenerate if expiring in <30 days
echo "Certificate expiring soon, regenerating..."
rm ${certFile} ${keyFile}
fi
fi
if [ ! -f ${certFile} ] || [ ! -f ${keyFile} ]; then
openssl req -x509 -nodes -days 365 \
-newkey rsa:2048 \
-keyout ${keyFile} \
-out ${certFile} \
-subj "/CN=${domain}"
fi
'';
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
};
services.nginx.enable = true;
services.nginx.virtualHosts."${domain}" = {
sslCertificate = certFile;
sslCertificateKey = keyFile;
forceSSL = true;
extraConfig = ''
proxy_buffering off;
'';
locations."/".extraConfig = ''
proxy_pass http://127.0.0.1:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
services.home-assistant = home-assistant-config;
services.home-assistant.extraComponents = [
"mobile_app"
"backup"
];
systemd.services.install-hacs = {
description = "Install HACS";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
};
script = ''
set -e
HACS_VERSION="2.0.5" # Replace with the latest version
HACS_DIR="/var/lib/hass/custom_components/hacs"
mkdir -p "$HACS_DIR"
${pkgs.curl}/bin/curl -L "https://github.com/hacs/integration/releases/download/$HACS_VERSION/hacs.zip" -o /tmp/hacs.zip
${pkgs.unzip}/bin/unzip -o /tmp/hacs.zip -d "$HACS_DIR"
rm /tmp/hacs.zip
chown -R hass:hass "$HACS_DIR"
'';
};
services.home-assistant.extraPackages = ps: with ps; [
mysqlclient
];
services.mysql = {
enable = true;
package = pkgs.mariadb;
ensureDatabases = [ "hass" ];
ensureUsers = [
{
name = "hass";
ensurePermissions = {
"hass.*" = "ALL PRIVILEGES";
};
}
];
};
services.mysqlBackup = {
enable = true;
databases = [ "hass" ];
};
services.home-assistant.config =
let
hiddenEntities = [
"sensor.last_boot"
"sensor.date"
];
in
{
recorder = {
db_url = "mysql://hass@localhost/hass?unix_socket=/var/run/mysqld/mysqld.sock";
};
homeassistant = {
name = "Home";
latitude = "!secret home_latitude";
longitude = "!secret home_longitude";
elevation = "!secret home_elevation";
unit_system = "metric";
currency = "EUR";
country = "AT";
time_zone = "Europe/Vienna";
external_url = "https://${domain}";
};
zone = {
name = "Home";
latitude = "!secret home_latitude";
longitude = "!secret home_longitude";
radius = 35;
icon = "mdi:account-multiple";
};
automation = "!include automations.yaml";
frontend = { };
http = {
use_x_forwarded_for = true;
trusted_proxies = [
"127.0.0.1"
"::1"
];
};
api = { };
history.exclude = {
entities = hiddenEntities;
domains = [
"automation"
"updater"
];
};
"map" = { };
# logbook.exclude.entities = "hiddenEntities";
logger = {
default = "warning";
};
network = { };
zeroconf = { };
system_health = { };
default_config = { };
system_log = { };
};
users.users.hass.extraGroups = [ "dialout" ];
system.stateVersion = "23.05";
};
};
}