Cloonar/cloonar-assistant
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fe7c353015f5a7c666bb4bd8b176cbfdad3e9e44
cloonar-assistant/modules/cloonar-assistant/home-assistant/default.nix

208 lines
5.2 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
let
domain = config.cloonar-assistant.domain;
pkgs-with-home-assistant = import (builtins.fetchGit {
name = "new-home-assistant";
url = "https://github.com/nixos/nixpkgs/";
rev = "18dd725c29603f582cf1900e0d25f9f1063dbf11";
}) {};
ha-extraComponents = config.services.home-assistant.extraComponents ++ [
"mobile_app"
"backup"
];
ha-config = lib.recursiveUpdate config.services.home-assistant.config {
recorder = {
db_url = "mysql://hass@localhost/hass?unix_socket=/var/run/mysqld/mysqld.sock";
};
homeassistant = {
name = "Home";
latitude = "!secret home_latitude";
longitude = "!secret home_longitude";
elevation = "!secret home_elevation";
unit_system = "metric";
currency = "EUR";
country = "AT";
time_zone = "Europe/Vienna";
external_url = "https://${domain}";
};
zone = {
name = "Home";
latitude = "!secret home_latitude";
longitude = "!secret home_longitude";
radius = 35;
icon = "mdi:account-multiple";
};
automation = "!include automations.yaml";
frontend = { };
http = {
use_x_forwarded_for = true;
trusted_proxies = [
"127.0.0.1"
"::1"
];
};
api = { };
history.exclude = {
entities = [
"sensor.last_boot"
"sensor.date"
];
domains = [
"automation"
"updater"
];
};
"map" = { };
# logbook.exclude.entities = "hiddenEntities";
logger = {
default = "warning";
};
network = { };
zeroconf = { };
system_health = { };
default_config = { };
system_log = { };
}
uid = config.ids.uids.hass;
gid = config.ids.gids.hass;
in
{
users.users.hass = {
home = "/var/lib/hass";
createHome = true;
group = "hass";
uid = uid;
extraGroups = [ "dialout" ];
};
users.groups.hass.gid = gid;
users.users.nginx.extraGroups = [ "ssl-users" ];
services.nginx.enable = true;
services.nginx.virtualHosts."${domain}" = {
root = "/var/www";
sslCertificate = "/var/lib/acme/${domain}/fullchain.pem";
sslCertificateKey = "/var/lib/acme/${domain}/key.pem";
sslTrustedCertificate = "/var/lib/acme/${domain}/chain.pem";
forceSSL = true;
extraConfig = ''
proxy_buffering off;
'';
locations."^~ /.well-known/acme-challenge/".extraConfig = ''
auth_basic off;
auth_request off;
'';
locations."/".extraConfig = ''
proxy_pass http://10.233.0.2:8123;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
security.acme.acceptTerms = true;
security.acme.certs."${domain}" = {
group = "ssl-users";
email = "acme@cloonar.com";
webroot = "/var/www";
};
users.groups.ssl-users = {};
sops.secrets."home-assistant-secrets.yaml" = {
owner = "hass";
restartUnits = [ "container@hass.service" ];
};
containers.hass = {
autoStart = true;
ephemeral = false;
privateNetwork = true;
hostAddress = "10.233.0.1";
localAddress = "10.233.0.2";
bindMounts = {
"/etc/localtime" = {
hostPath = "/etc/localtime";
};
"/var/lib/hass" = {
hostPath = "/var/lib/hass/";
isReadOnly = false;
};
"/var/lib/hass/secrets.yaml" = {
hostPath = config.sops.secrets."home-assistant-secrets.yaml".path;
};
};
config = { lib, config, pkgs, ... }: {
imports = [
];
environment.systemPackages = [
pkgs.mariadb
];
services.home-assistant = {
package = pkgs-with-home-assistant.home-assistant;
extraComponents = ha-extraComponents;
extraPackages = ps: with ps; [
mysqlclient
];
config = ha-config;
};
systemd.services.install-hacs = {
description = "Install HACS";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
};
script = ''
set -e
HACS_VERSION="2.0.5" # Replace with the latest version
HACS_DIR="/var/lib/hass/custom_components/hacs"
mkdir -p "$HACS_DIR"
${pkgs.curl}/bin/curl -L "https://github.com/hacs/integration/releases/download/$HACS_VERSION/hacs.zip" -o /tmp/hacs.zip
${pkgs.unzip}/bin/unzip -o /tmp/hacs.zip -d "$HACS_DIR"
rm /tmp/hacs.zip
chown -R hass:hass "$HACS_DIR"
'';
};
services.mysql = {
enable = true;
package = pkgs.mariadb;
ensureDatabases = [ "hass" ];
ensureUsers = [
{
name = "hass";
ensurePermissions = {
"hass.*" = "ALL PRIVILEGES";
};
}
];
};
services.mysqlBackup = {
enable = true;
databases = [ "hass" ];
};
users.users.hass.extraGroups = [ "dialout" ];
networking.firewall.allowedTCPPorts = [ 8123 ];
system.stateVersion = "24.11";
};
};
}
Reference in New Issue View Git Blame Copy Permalink