Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add deconz

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-10 18:05:49 +01:00
parent b330d4610e
commit 82bda66d24
7 changed files with 61 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/fw.cloonar.com/configuration.nix
View File

@@ -32,6 +32,7 @@
# home assistant # home assistant
./modules/home-assistant ./modules/home-assistant
./modules/deconz.nix
# ./modules/mopidy.nix # ./modules/mopidy.nix
# ./modules/mosquitto.nix # ./modules/mosquitto.nix
# ./modules/snapserver.nix # ./modules/snapserver.nix

33
hosts/fw.cloonar.com/modules/deconz.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, pkgs, ... }: {
users.users.deconz = {
isSystemUser = true;
group = "omada";
home = "/var/lib/deconz";
createHome = true;
};
users.groups.omada = { };
# TODO: check if we can run docker service as other user than root
virtualisation = {
oci-containers.containers = {
deconz = {
autoStart = false;
image = "marthoc/deconz";
volumes = [
"/etc/localtime:/etc/localtime:ro"
"/var/lib/deconz:/root/.local/share/dresden-elektronik/deCONZ"
];
environment = {
DECONZ_DEVICE = "/dev/ttyACM0";
TZ = "Europe/Vienna";
};
extraOptions = [
"--network=server"
"--mac-address=1a:c4:04:6e:29:02"
"--device=/dev/ttyACM0"
"--hostname=deconz"
];
};
};
};
}

5
hosts/fw.cloonar.com/modules/dhcp4.nix
View File

@@ -103,6 +103,11 @@
ip-address = "10.42.97.20"; ip-address = "10.42.97.20";
server-hostname = "home-assistant.cloonar.com"; server-hostname = "home-assistant.cloonar.com";
} }
{
hw-address = "1a:c4:04:6e:29:02";
ip-address = "10.42.97.25";
server-hostname = "deconz.cloonar.com";
}
]; ];
} }
{ {

74
hosts/fw.cloonar.com/modules/home-assistant/default.nix
View File

@@ -1,31 +1,20 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
domain = "home-assistant.cloonar.com"; domain = "home-assistant.cloonar.com";
deconzDomain = "deconz.cloonar.com";
in in
{ {
users.users.deconz = {
home = "/var/lib/deocnz";
createHome = true;
isSystemUser = true;
group = "deconz";
};
users.groups.deconz = {};
users.users.hass = { users.users.hass = {
home = "/var/lib/hass"; home = "/var/lib/hass";
createHome = true; createHome = true;
group = "hass"; group = "hass";
uid = config.ids.uids.hass; uid = config.ids.uids.hass;
extraGroups = [ "dialout" ];
}; };
users.groups.hass.gid = config.ids.gids.hass; users.groups.hass.gid = config.ids.gids.hass;
security.acme.certs."${domain}" = { security.acme.certs."${domain}" = {
group = "nginx"; group = "nginx";
}; };
security.acme.certs."${deconzDomain}" = {
group = "nginx";
};
sops.secrets."home-assistant-secrets.yaml" = { sops.secrets."home-assistant-secrets.yaml" = {
owner = "hass"; owner = "hass";
@@ -38,16 +27,25 @@ in
containers.hass = { containers.hass = {
autoStart = true; autoStart = true;
ephemeral = true; # because of ssh key ephemeral = false;
macvlans = [ "vserver" ]; macvlans = [ "vserver" ];
allowedDevices = [
{
modifier = "rwm";
node = "char-usb_device";
}
{
modifier = "rwm";
node = "char-ttyUSB";
}
];
bindMounts = { bindMounts = {
"/var/lib/deconz" = { "/dev/ttyUSB0" = {
hostPath = "/var/lib/deconz/"; hostPath = "/dev/ttyUSB0";
isReadOnly = false; isReadOnly = false;
}; };
"/var/lib/acme/deconz/" = { "/etc/localtime" = {
hostPath = "${config.security.acme.certs.${deconzDomain}.directory}"; hostPath = "/etc/localtime";
isReadOnly = true;
}; };
"/var/lib/hass" = { "/var/lib/hass" = {
hostPath = "/var/lib/hass/"; hostPath = "/var/lib/hass/";
@@ -55,15 +53,12 @@ in
}; };
"/var/lib/acme/hass/" = { "/var/lib/acme/hass/" = {
hostPath = "${config.security.acme.certs.${domain}.directory}"; hostPath = "${config.security.acme.certs.${domain}.directory}";
isReadOnly = true;
}; };
"/run/secrets/home-assistant-ldap" = { "/run/secrets/home-assistant-ldap" = {
hostPath = config.sops.secrets."home-assistant-ldap".path; hostPath = config.sops.secrets."home-assistant-ldap".path;
isReadOnly = true;
}; };
"/var/lib/hass/secrets.yaml" = { "/var/lib/hass/secrets.yaml" = {
hostPath = config.sops.secrets."home-assistant-secrets.yaml".path; hostPath = config.sops.secrets."home-assistant-secrets.yaml".path;
isReadOnly = true;
}; };
}; };
config = { lib, config, pkgs, ... }: { config = { lib, config, pkgs, ... }: {
@@ -98,40 +93,6 @@ in
}; };
}; };
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"deconz"
];
services.nginx.virtualHosts."${deconzDomain}" = {
sslCertificate = "/var/lib/acme/deconz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/deconz/key.pem";
sslTrustedCertificate = "/var/lib/acme/deconz/chain.pem";
forceSSL = true;
extraConfig = ''
proxy_buffering off;
'';
locations."/".extraConfig = ''
set $p 8080;
if ($http_upgrade = "websocket") {
set $p 8081;
}
proxy_pass http://127.0.0.1:$p;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
services.deconz = {
enable = true;
httpPort = 8080;
wsPort = 8081;
device = "/dev/ttyACM0";
};
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
sslCertificate = "/var/lib/acme/hass/fullchain.pem"; sslCertificate = "/var/lib/acme/hass/fullchain.pem";
@@ -162,6 +123,7 @@ in
"denonavr" "denonavr"
"androidtv" "androidtv"
"rainbird" "rainbird"
"zha"
]; ];
services.home-assistant.config = services.home-assistant.config =
@@ -201,7 +163,7 @@ in
}; };
"map" = { }; "map" = { };
enocean = { enocean = {
device = "/dev/serial/by-id/usb-EnOcean_GmbH_EnOcean_USB_300_DC_FT5OI9YG-if00-port0"; device = "/dev/ttyUSB0";
}; };
# logbook.exclude.entities = "hiddenEntities"; # logbook.exclude.entities = "hiddenEntities";
logger = { logger = {

3
hosts/fw.cloonar.com/modules/home-assistant/ldap.nix
View File

@@ -46,9 +46,6 @@ let
in in
{ {
services.home-assistant.config.homeassistant.auth_providers = [ services.home-assistant.config.homeassistant.auth_providers = [
{
type = "homeassistant";
}
{ {
type = "command_line"; type = "command_line";
command = "${ldap-auth-sh}/bin/ldap-auth.sh"; command = "${ldap-auth-sh}/bin/ldap-auth.sh";

4
hosts/fw.cloonar.com/modules/home-assistant/light.nix
View File

@@ -55,8 +55,8 @@
trigger = { trigger = {
platform = "state"; platform = "state";
entity_id = [ entity_id = [
"light.bed_room" "light.bedroom_lights"
"light.kitchen" "light.kitchen_lights"
"light.livingroom_lights" "light.livingroom_lights"
"light.hallway_lights" "light.hallway_lights"
"light.bathroom_light" "light.bathroom_light"

3
hosts/fw.cloonar.com/modules/unbound.nix
View File

@@ -30,8 +30,8 @@ let
"\"fw A 10.42.97.1\"" "\"fw A 10.42.97.1\""
"\"switch.cloonar.com IN A 10.42.97.10\"" "\"switch.cloonar.com IN A 10.42.97.10\""
"\"deconz.cloonar.com IN A 10.42.97.20\""
"\"mopidy.cloonar.com IN A 10.42.97.20\"" "\"mopidy.cloonar.com IN A 10.42.97.20\""
"\"deconz.cloonar.com IN A 10.42.97.25\""
"\"snapcast.cloonar.com IN A 10.42.97.20\"" "\"snapcast.cloonar.com IN A 10.42.97.20\""
"\"stage.wsw.at IN A 10.254.235.22\"" "\"stage.wsw.at IN A 10.254.235.22\""
@@ -70,6 +70,7 @@ let
"\"127.0.0.1 localhost\"" "\"127.0.0.1 localhost\""
"\"::1 localhost\"" "\"::1 localhost\""
"\"10.42.97.1 fw.cloonar.com\"" "\"10.42.97.1 fw.cloonar.com\""
"\"10.42.97.25 deconz.cloonar.com\""
"\"10.254.235.22 stage.wsw.at\"" "\"10.254.235.22 stage.wsw.at\""
"\"10.254.217.23 prod.wsw.at\"" "\"10.254.217.23 prod.wsw.at\""