Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add deconz

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-10 18:05:49 +01:00
parent b330d4610e
commit 82bda66d24
7 changed files with 61 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
hosts/fw.cloonar.com/modules/home-assistant/default.nix
View File

@@ -1,31 +1,20 @@
{ config, pkgs, ... }:
let
domain = "home-assistant.cloonar.com";
deconzDomain = "deconz.cloonar.com";
in
{
users.users.deconz = {
home = "/var/lib/deocnz";
createHome = true;
isSystemUser = true;
group = "deconz";
};
users.groups.deconz = {};
users.users.hass = {
home = "/var/lib/hass";
createHome = true;
group = "hass";
uid = config.ids.uids.hass;
extraGroups = [ "dialout" ];
};
users.groups.hass.gid = config.ids.gids.hass;
security.acme.certs."${domain}" = {
group = "nginx";
};
security.acme.certs."${deconzDomain}" = {
group = "nginx";
};
sops.secrets."home-assistant-secrets.yaml" = {
owner = "hass";
@@ -38,16 +27,25 @@ in
containers.hass = {
autoStart = true;
ephemeral = true; # because of ssh key
ephemeral = false;
macvlans = [ "vserver" ];
allowedDevices = [
{
modifier = "rwm";
node = "char-usb_device";
}
{
modifier = "rwm";
node = "char-ttyUSB";
}
];
bindMounts = {
"/var/lib/deconz" = {
hostPath = "/var/lib/deconz/";
"/dev/ttyUSB0" = {
hostPath = "/dev/ttyUSB0";
isReadOnly = false;
};
"/var/lib/acme/deconz/" = {
hostPath = "${config.security.acme.certs.${deconzDomain}.directory}";
isReadOnly = true;
"/etc/localtime" = {
hostPath = "/etc/localtime";
};
"/var/lib/hass" = {
hostPath = "/var/lib/hass/";
@@ -55,15 +53,12 @@ in
};
"/var/lib/acme/hass/" = {
hostPath = "${config.security.acme.certs.${domain}.directory}";
isReadOnly = true;
};
"/run/secrets/home-assistant-ldap" = {
hostPath = config.sops.secrets."home-assistant-ldap".path;
isReadOnly = true;
};
"/var/lib/hass/secrets.yaml" = {
hostPath = config.sops.secrets."home-assistant-secrets.yaml".path;
isReadOnly = true;
};
};
config = { lib, config, pkgs, ... }: {
@@ -98,40 +93,6 @@ in
};
};
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"deconz"
];
services.nginx.virtualHosts."${deconzDomain}" = {
sslCertificate = "/var/lib/acme/deconz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/deconz/key.pem";
sslTrustedCertificate = "/var/lib/acme/deconz/chain.pem";
forceSSL = true;
extraConfig = ''
proxy_buffering off;
'';
locations."/".extraConfig = ''
set $p 8080;
if ($http_upgrade = "websocket") {
set $p 8081;
}
proxy_pass http://127.0.0.1:$p;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
services.deconz = {
enable = true;
httpPort = 8080;
wsPort = 8081;
device = "/dev/ttyACM0";
};
services.nginx.enable = true;
services.nginx.virtualHosts."${domain}" = {
sslCertificate = "/var/lib/acme/hass/fullchain.pem";
@@ -162,6 +123,7 @@ in
"denonavr"
"androidtv"
"rainbird"
"zha"
];
services.home-assistant.config =
@@ -201,7 +163,7 @@ in
};
"map" = { };
enocean = {
device = "/dev/serial/by-id/usb-EnOcean_GmbH_EnOcean_USB_300_DC_FT5OI9YG-if00-port0";
device = "/dev/ttyUSB0";
};
# logbook.exclude.entities = "hiddenEntities";
logger = {