Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add deconz

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-10 18:05:49 +01:00
parent b330d4610e
commit 82bda66d24
7 changed files with 61 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
hosts/fw.cloonar.com/modules/deconz.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, pkgs, ... }: {
users.users.deconz = {
isSystemUser = true;
group = "omada";
home = "/var/lib/deconz";
createHome = true;
};
users.groups.omada = { };
# TODO: check if we can run docker service as other user than root
virtualisation = {
oci-containers.containers = {
deconz = {
autoStart = false;
image = "marthoc/deconz";
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/var/lib/deconz:/root/.local/share/dresden-elektronik/deCONZ"
];
environment = {
DECONZ_DEVICE = "/dev/ttyACM0";
TZ = "Europe/Vienna";
};
extraOptions = [
"--network=server"
"--mac-address=1a:c4:04:6e:29:02"
"--device=/dev/ttyACM0"
"--hostname=deconz"
];
};
};
};
}

5
hosts/fw.cloonar.com/modules/dhcp4.nix
View File

@@ -103,6 +103,11 @@
ip-address = "10.42.97.20";
server-hostname = "home-assistant.cloonar.com";
}
{
hw-address = "1a:c4:04:6e:29:02";
ip-address = "10.42.97.25";
server-hostname = "deconz.cloonar.com";
}
];
}
{

74
hosts/fw.cloonar.com/modules/home-assistant/default.nix
View File

@@ -1,31 +1,20 @@
{ config, pkgs, ... }:
let
domain = "home-assistant.cloonar.com";
deconzDomain = "deconz.cloonar.com";
in
{
users.users.deconz = {
home = "/var/lib/deocnz";
createHome = true;
isSystemUser = true;
group = "deconz";
};
users.groups.deconz = {};
users.users.hass = {
home = "/var/lib/hass";
createHome = true;
group = "hass";
uid = config.ids.uids.hass;
extraGroups = [ "dialout" ];
};
users.groups.hass.gid = config.ids.gids.hass;
security.acme.certs."${domain}" = {
group = "nginx";
};
security.acme.certs."${deconzDomain}" = {
group = "nginx";
};
sops.secrets."home-assistant-secrets.yaml" = {
owner = "hass";
@@ -38,16 +27,25 @@ in
containers.hass = {
autoStart = true;
ephemeral = true; # because of ssh key
ephemeral = false;
macvlans = [ "vserver" ];
allowedDevices = [
{
modifier = "rwm";
node = "char-usb_device";
}
{
modifier = "rwm";
node = "char-ttyUSB";
}
];
bindMounts = {
"/var/lib/deconz" = {
hostPath = "/var/lib/deconz/";
"/dev/ttyUSB0" = {
hostPath = "/dev/ttyUSB0";
isReadOnly = false;
};
"/var/lib/acme/deconz/" = {
hostPath = "${config.security.acme.certs.${deconzDomain}.directory}";
isReadOnly = true;
"/etc/localtime" = {
hostPath = "/etc/localtime";
};
"/var/lib/hass" = {
hostPath = "/var/lib/hass/";
@@ -55,15 +53,12 @@ in
};
"/var/lib/acme/hass/" = {
hostPath = "${config.security.acme.certs.${domain}.directory}";
isReadOnly = true;
};
"/run/secrets/home-assistant-ldap" = {
hostPath = config.sops.secrets."home-assistant-ldap".path;
isReadOnly = true;
};
"/var/lib/hass/secrets.yaml" = {
hostPath = config.sops.secrets."home-assistant-secrets.yaml".path;
isReadOnly = true;
};
};
config = { lib, config, pkgs, ... }: {
@@ -98,40 +93,6 @@ in
};
};
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"deconz"
];
services.nginx.virtualHosts."${deconzDomain}" = {
sslCertificate = "/var/lib/acme/deconz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/deconz/key.pem";
sslTrustedCertificate = "/var/lib/acme/deconz/chain.pem";
forceSSL = true;
extraConfig = ''
proxy_buffering off;
'';
locations."/".extraConfig = ''
set $p 8080;
if ($http_upgrade = "websocket") {
set $p 8081;
}
proxy_pass http://127.0.0.1:$p;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
services.deconz = {
enable = true;
httpPort = 8080;
wsPort = 8081;
device = "/dev/ttyACM0";
};
services.nginx.enable = true;
services.nginx.virtualHosts."${domain}" = {
sslCertificate = "/var/lib/acme/hass/fullchain.pem";
@@ -162,6 +123,7 @@ in
"denonavr"
"androidtv"
"rainbird"
"zha"
];
services.home-assistant.config =
@@ -201,7 +163,7 @@ in
};
"map" = { };
enocean = {
device = "/dev/serial/by-id/usb-EnOcean_GmbH_EnOcean_USB_300_DC_FT5OI9YG-if00-port0";
device = "/dev/ttyUSB0";
};
# logbook.exclude.entities = "hiddenEntities";
logger = {

3
hosts/fw.cloonar.com/modules/home-assistant/ldap.nix
View File

@@ -46,9 +46,6 @@ let
in
{
services.home-assistant.config.homeassistant.auth_providers = [
{
type = "homeassistant";
}
{
type = "command_line";
command = "${ldap-auth-sh}/bin/ldap-auth.sh";

4
hosts/fw.cloonar.com/modules/home-assistant/light.nix
View File

@@ -55,8 +55,8 @@
trigger = {
platform = "state";
entity_id = [
"light.bed_room"
"light.kitchen"
"light.bedroom_lights"
"light.kitchen_lights"
"light.livingroom_lights"
"light.hallway_lights"
"light.bathroom_light"

3
hosts/fw.cloonar.com/modules/unbound.nix
View File

@@ -30,8 +30,8 @@ let
"\"fw A 10.42.97.1\""
"\"switch.cloonar.com IN A 10.42.97.10\""
"\"deconz.cloonar.com IN A 10.42.97.20\""
"\"mopidy.cloonar.com IN A 10.42.97.20\""
"\"deconz.cloonar.com IN A 10.42.97.25\""
"\"snapcast.cloonar.com IN A 10.42.97.20\""
"\"stage.wsw.at IN A 10.254.235.22\""
@@ -70,6 +70,7 @@ let
"\"127.0.0.1 localhost\""
"\"::1 localhost\""
"\"10.42.97.1 fw.cloonar.com\""
"\"10.42.97.25 deconz.cloonar.com\""
"\"10.254.235.22 stage.wsw.at\""
"\"10.254.217.23 prod.wsw.at\""