From 82bda66d247ba75a149bcde144d25b98ae0be5aa Mon Sep 17 00:00:00 2001 From: Dominik Polakovics Date: Sun, 10 Dec 2023 18:05:49 +0100 Subject: [PATCH] add deconz --- hosts/fw.cloonar.com/configuration.nix | 1 + hosts/fw.cloonar.com/modules/deconz.nix | 33 +++++++++ hosts/fw.cloonar.com/modules/dhcp4.nix | 5 ++ .../modules/home-assistant/default.nix | 74 +++++-------------- .../modules/home-assistant/ldap.nix | 3 - .../modules/home-assistant/light.nix | 4 +- hosts/fw.cloonar.com/modules/unbound.nix | 3 +- 7 files changed, 61 insertions(+), 62 deletions(-) create mode 100644 hosts/fw.cloonar.com/modules/deconz.nix diff --git a/hosts/fw.cloonar.com/configuration.nix b/hosts/fw.cloonar.com/configuration.nix index 339fedf..eab53b7 100644 --- a/hosts/fw.cloonar.com/configuration.nix +++ b/hosts/fw.cloonar.com/configuration.nix @@ -32,6 +32,7 @@ # home assistant ./modules/home-assistant + ./modules/deconz.nix # ./modules/mopidy.nix # ./modules/mosquitto.nix # ./modules/snapserver.nix diff --git a/hosts/fw.cloonar.com/modules/deconz.nix b/hosts/fw.cloonar.com/modules/deconz.nix new file mode 100644 index 0000000..5a8d07d --- /dev/null +++ b/hosts/fw.cloonar.com/modules/deconz.nix @@ -0,0 +1,33 @@ +{ config, pkgs, ... }: { + users.users.deconz = { + isSystemUser = true; + group = "omada"; + home = "/var/lib/deconz"; + createHome = true; + }; + users.groups.omada = { }; + + # TODO: check if we can run docker service as other user than root + virtualisation = { + oci-containers.containers = { + deconz = { + autoStart = false; + image = "marthoc/deconz"; + volumes = [ + "/etc/localtime:/etc/localtime:ro" + "/var/lib/deconz:/root/.local/share/dresden-elektronik/deCONZ" + ]; + environment = { + DECONZ_DEVICE = "/dev/ttyACM0"; + TZ = "Europe/Vienna"; + }; + extraOptions = [ + "--network=server" + "--mac-address=1a:c4:04:6e:29:02" + "--device=/dev/ttyACM0" + "--hostname=deconz" + ]; + }; + }; + }; +} diff --git a/hosts/fw.cloonar.com/modules/dhcp4.nix b/hosts/fw.cloonar.com/modules/dhcp4.nix index a3947bf..5584383 100644 --- a/hosts/fw.cloonar.com/modules/dhcp4.nix +++ b/hosts/fw.cloonar.com/modules/dhcp4.nix @@ -103,6 +103,11 @@ ip-address = "10.42.97.20"; server-hostname = "home-assistant.cloonar.com"; } + { + hw-address = "1a:c4:04:6e:29:02"; + ip-address = "10.42.97.25"; + server-hostname = "deconz.cloonar.com"; + } ]; } { diff --git a/hosts/fw.cloonar.com/modules/home-assistant/default.nix b/hosts/fw.cloonar.com/modules/home-assistant/default.nix index d878fbe..2dcdf9c 100644 --- a/hosts/fw.cloonar.com/modules/home-assistant/default.nix +++ b/hosts/fw.cloonar.com/modules/home-assistant/default.nix @@ -1,31 +1,20 @@ { config, pkgs, ... }: let domain = "home-assistant.cloonar.com"; - deconzDomain = "deconz.cloonar.com"; in { - users.users.deconz = { - home = "/var/lib/deocnz"; - createHome = true; - isSystemUser = true; - group = "deconz"; - }; - users.groups.deconz = {}; - users.users.hass = { home = "/var/lib/hass"; createHome = true; group = "hass"; uid = config.ids.uids.hass; + extraGroups = [ "dialout" ]; }; users.groups.hass.gid = config.ids.gids.hass; security.acme.certs."${domain}" = { group = "nginx"; }; - security.acme.certs."${deconzDomain}" = { - group = "nginx"; - }; sops.secrets."home-assistant-secrets.yaml" = { owner = "hass"; @@ -38,16 +27,25 @@ in containers.hass = { autoStart = true; - ephemeral = true; # because of ssh key + ephemeral = false; macvlans = [ "vserver" ]; + allowedDevices = [ + { + modifier = "rwm"; + node = "char-usb_device"; + } + { + modifier = "rwm"; + node = "char-ttyUSB"; + } + ]; bindMounts = { - "/var/lib/deconz" = { - hostPath = "/var/lib/deconz/"; + "/dev/ttyUSB0" = { + hostPath = "/dev/ttyUSB0"; isReadOnly = false; }; - "/var/lib/acme/deconz/" = { - hostPath = "${config.security.acme.certs.${deconzDomain}.directory}"; - isReadOnly = true; + "/etc/localtime" = { + hostPath = "/etc/localtime"; }; "/var/lib/hass" = { hostPath = "/var/lib/hass/"; @@ -55,15 +53,12 @@ in }; "/var/lib/acme/hass/" = { hostPath = "${config.security.acme.certs.${domain}.directory}"; - isReadOnly = true; }; "/run/secrets/home-assistant-ldap" = { hostPath = config.sops.secrets."home-assistant-ldap".path; - isReadOnly = true; }; "/var/lib/hass/secrets.yaml" = { hostPath = config.sops.secrets."home-assistant-secrets.yaml".path; - isReadOnly = true; }; }; config = { lib, config, pkgs, ... }: { @@ -98,40 +93,6 @@ in }; }; - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ - "deconz" - ]; - - services.nginx.virtualHosts."${deconzDomain}" = { - sslCertificate = "/var/lib/acme/deconz/fullchain.pem"; - sslCertificateKey = "/var/lib/acme/deconz/key.pem"; - sslTrustedCertificate = "/var/lib/acme/deconz/chain.pem"; - forceSSL = true; - extraConfig = '' - proxy_buffering off; - ''; - locations."/".extraConfig = '' - set $p 8080; - if ($http_upgrade = "websocket") { - set $p 8081; - } - proxy_pass http://127.0.0.1:$p; - proxy_set_header Host $host; - proxy_redirect http:// https://; - proxy_http_version 1.1; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - ''; - }; - - services.deconz = { - enable = true; - httpPort = 8080; - wsPort = 8081; - device = "/dev/ttyACM0"; - }; - services.nginx.enable = true; services.nginx.virtualHosts."${domain}" = { sslCertificate = "/var/lib/acme/hass/fullchain.pem"; @@ -162,6 +123,7 @@ in "denonavr" "androidtv" "rainbird" + "zha" ]; services.home-assistant.config = @@ -201,7 +163,7 @@ in }; "map" = { }; enocean = { - device = "/dev/serial/by-id/usb-EnOcean_GmbH_EnOcean_USB_300_DC_FT5OI9YG-if00-port0"; + device = "/dev/ttyUSB0"; }; # logbook.exclude.entities = "hiddenEntities"; logger = { diff --git a/hosts/fw.cloonar.com/modules/home-assistant/ldap.nix b/hosts/fw.cloonar.com/modules/home-assistant/ldap.nix index 3d0a4c0..f3c9cc0 100644 --- a/hosts/fw.cloonar.com/modules/home-assistant/ldap.nix +++ b/hosts/fw.cloonar.com/modules/home-assistant/ldap.nix @@ -46,9 +46,6 @@ let in { services.home-assistant.config.homeassistant.auth_providers = [ - { - type = "homeassistant"; - } { type = "command_line"; command = "${ldap-auth-sh}/bin/ldap-auth.sh"; diff --git a/hosts/fw.cloonar.com/modules/home-assistant/light.nix b/hosts/fw.cloonar.com/modules/home-assistant/light.nix index 871106c..269a41b 100644 --- a/hosts/fw.cloonar.com/modules/home-assistant/light.nix +++ b/hosts/fw.cloonar.com/modules/home-assistant/light.nix @@ -55,8 +55,8 @@ trigger = { platform = "state"; entity_id = [ - "light.bed_room" - "light.kitchen" + "light.bedroom_lights" + "light.kitchen_lights" "light.livingroom_lights" "light.hallway_lights" "light.bathroom_light" diff --git a/hosts/fw.cloonar.com/modules/unbound.nix b/hosts/fw.cloonar.com/modules/unbound.nix index 96da4f4..a07860c 100644 --- a/hosts/fw.cloonar.com/modules/unbound.nix +++ b/hosts/fw.cloonar.com/modules/unbound.nix @@ -30,8 +30,8 @@ let "\"fw A 10.42.97.1\"" "\"switch.cloonar.com IN A 10.42.97.10\"" - "\"deconz.cloonar.com IN A 10.42.97.20\"" "\"mopidy.cloonar.com IN A 10.42.97.20\"" + "\"deconz.cloonar.com IN A 10.42.97.25\"" "\"snapcast.cloonar.com IN A 10.42.97.20\"" "\"stage.wsw.at IN A 10.254.235.22\"" @@ -70,6 +70,7 @@ let "\"127.0.0.1 localhost\"" "\"::1 localhost\"" "\"10.42.97.1 fw.cloonar.com\"" + "\"10.42.97.25 deconz.cloonar.com\"" "\"10.254.235.22 stage.wsw.at\"" "\"10.254.217.23 prod.wsw.at\""