From 06c876eba56545b6e3d4bc93c30ac4c44c71660b Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Sat, 9 Dec 2023 15:16:49 +0100
Subject: [PATCH] initial home assistant change

---
 config.sh                                     |  2 +-
 hosts/fw.cloonar.com/configuration.nix        |  2 +-
 hosts/fw.cloonar.com/modules/dhcp4.nix        |  5 +++
 hosts/fw.cloonar.com/modules/gitea.nix        |  4 ---
 .../fw.cloonar.com/modules/home-assistant.nix | 36 +++++++++++++------
 hosts/fw.cloonar.com/modules/unbound.nix      |  8 +----
 6 files changed, 33 insertions(+), 24 deletions(-)

diff --git a/config.sh b/config.sh
index 987ac87..4223cdf 100644
--- a/config.sh
+++ b/config.sh
@@ -1,5 +1,5 @@
 CHROOT_DIR=/home/chroot
-REMOTE_IP=fw.cloonar.com
+REMOTE_IP=git.cloonar.com
 
 # Optional
 
diff --git a/hosts/fw.cloonar.com/configuration.nix b/hosts/fw.cloonar.com/configuration.nix
index a6dfea4..736fcb3 100644
--- a/hosts/fw.cloonar.com/configuration.nix
+++ b/hosts/fw.cloonar.com/configuration.nix
@@ -31,7 +31,7 @@
     # ./modules/podman.nix
     
     # home assistant
-    # ./modules/home-assistant.nix
+    ./modules/home-assistant.nix
     # ./modules/mopidy.nix
     # ./modules/mosquitto.nix
     # ./modules/snapserver.nix
diff --git a/hosts/fw.cloonar.com/modules/dhcp4.nix b/hosts/fw.cloonar.com/modules/dhcp4.nix
index d11e076..c737aac 100644
--- a/hosts/fw.cloonar.com/modules/dhcp4.nix
+++ b/hosts/fw.cloonar.com/modules/dhcp4.nix
@@ -98,6 +98,11 @@
               ip-address = "10.42.97.50";
               server-hostname = "git.cloonar.com";
             }
+            {
+              hw-address = "1a:c4:04:6e:29:01";
+              ip-address = "10.42.97.20";
+              server-hostname = "home-assistant.cloonar.com";
+            }
           ];
         }
         {
diff --git a/hosts/fw.cloonar.com/modules/gitea.nix b/hosts/fw.cloonar.com/modules/gitea.nix
index bb68ce2..3f560f5 100644
--- a/hosts/fw.cloonar.com/modules/gitea.nix
+++ b/hosts/fw.cloonar.com/modules/gitea.nix
@@ -100,10 +100,6 @@ in
     };
   };
 
-  sops.secrets.gitea-runner-token = {
-    owner = "gitea-runner";
-  };
-
   services.gitea-actions-runner.instances.main = {
     enable = true;
     url = "https://git.cloonar.com";
diff --git a/hosts/fw.cloonar.com/modules/home-assistant.nix b/hosts/fw.cloonar.com/modules/home-assistant.nix
index d136d9c..02bdeb9 100644
--- a/hosts/fw.cloonar.com/modules/home-assistant.nix
+++ b/hosts/fw.cloonar.com/modules/home-assistant.nix
@@ -1,14 +1,28 @@
 { ... }: {
-  virtualisation.oci-containers = {
-    backend = "podman";
-    containers.homeassistant = {
-      volumes = [ "home-assistant:/config" ];
-      environment.TZ = "Europe/Vienna";
-      image = "ghcr.io/home-assistant/home-assistant:2023.9.3";
-      extraOptions = [ 
-        "--ip=10.42.97.20" 
-        "--device=/dev/serial/by-id/usb-EnOcean_GmbH_EnOcean_USB_300_DC_FT5OI9YG-if00-port0:/dev/serial/by-id/usb-EnOcean_GmbH_EnOcean_USB_300_DC_FT5OI9YG-if00-port0"
-      ];
+  users.users.homeassistant = {
+    isSystemUser = true;
+    group = "homeassistant";
+    home = "/var/lib/homeassistant";
+    createHome = true;
+  };
+  users.groups.homeassistant = { };
+
+  # TODO: check if we can run docker service as other user than root
+  virtualisation = {
+    oci-containers.containers = {
+      homeassistant = {
+        autoStart = true;
+        image = "ghcr.io/home-assistant/home-assistant:2023.9.3";
+        volumes = [
+          "/var/lib/homeassistant:/config"
+        ];
+        environment.TZ = "Europe/Vienna";
+        extraOptions = [
+          "--network=server"
+          "--mac-address=1a:c4:04:6e:29:01"
+          "--device=/dev/serial/by-id/usb-EnOcean_GmbH_EnOcean_USB_300_DC_FT5OI9YG-if00-port0:/dev/serial/by-id/usb-EnOcean_GmbH_EnOcean_USB_300_DC_FT5OI9YG-if00-port0"
+        ];
+      };
     };
   };
 
@@ -20,7 +34,7 @@
       proxy_buffering off;
     '';
     locations."/".extraConfig = ''
-      proxy_pass http://127.0.0.1:8123;
+      proxy_pass http://10.42.97.20:8123;
       proxy_set_header Host $host;
       proxy_redirect http:// https://;
       proxy_http_version 1.1;
diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix
index f0dbf91..4526f02 100644
--- a/hosts/fw.cloonar.com/modules/unbound.nix
+++ b/hosts/fw.cloonar.com/modules/unbound.nix
@@ -32,8 +32,7 @@ let
         "\"switch.cloonar.com IN A 10.42.97.10\""
         "\"drone.cloonar.com IN A 10.42.97.118\""
         "\"hv-02.cloonar.com IN A 10.42.97.3\""
-        "\"home-assistant.cloonar.com IN A 10.42.97.20\""
-        "\"home-assistant.cloonar.old IN A 10.44.97.20\""
+        "\"home-assistant.cloonar.com IN A 10.42.97.1\""
         "\"deconz.cloonar.com IN A 10.42.97.20\""
         "\"mopidy.cloonar.com IN A 10.42.97.20\""
         "\"snapcast.cloonar.com IN A 10.42.97.20\""
@@ -75,12 +74,7 @@ let
       local-data-ptr = [
         "\"127.0.0.1 localhost\""
         "\"::1 localhost\""
-        "\"10.42.97.10 switch.cloonar.com\""
         "\"10.42.97.1 fw.cloonar.com\""
-        "\"10.42.97.118 drone.cloonar.com\""
-        "\"10.42.97.3 hv-02.cloonar.com\""
-        "\"10.42.97.20 home-assistant.cloonar.com\""
-        "\"10.42.97.9 cl-storage-01.cloonar.com\""
 
         "\"10.254.235.22 stage.wsw.at\""
         "\"10.254.217.23 prod.wsw.at\""