Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

initial deconz implementation

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-10 10:03:51 +01:00
parent 027be96f9c
commit b330d4610e
2 changed files with 54 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
hosts/fw.cloonar.com/modules/home-assistant/default.nix
View File

@@ -1,8 +1,17 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
domain = "home-assistant.cloonar.com"; domain = "home-assistant.cloonar.com";
deconzDomain = "deconz.cloonar.com";
in in
{ {
users.users.deconz = {
home = "/var/lib/deocnz";
createHome = true;
isSystemUser = true;
group = "deconz";
};
users.groups.deconz = {};
users.users.hass = { users.users.hass = {
home = "/var/lib/hass"; home = "/var/lib/hass";
createHome = true; createHome = true;
@@ -14,6 +23,9 @@ in
security.acme.certs."${domain}" = { security.acme.certs."${domain}" = {
group = "nginx"; group = "nginx";
}; };
security.acme.certs."${deconzDomain}" = {
group = "nginx";
};
sops.secrets."home-assistant-secrets.yaml" = { sops.secrets."home-assistant-secrets.yaml" = {
owner = "hass"; owner = "hass";
@@ -29,6 +41,14 @@ in
ephemeral = true; # because of ssh key ephemeral = true; # because of ssh key
macvlans = [ "vserver" ]; macvlans = [ "vserver" ];
bindMounts = { bindMounts = {
"/var/lib/deconz" = {
hostPath = "/var/lib/deconz/";
isReadOnly = false;
};
"/var/lib/acme/deconz/" = {
hostPath = "${config.security.acme.certs.${deconzDomain}.directory}";
isReadOnly = true;
};
"/var/lib/hass" = { "/var/lib/hass" = {
hostPath = "/var/lib/hass/"; hostPath = "/var/lib/hass/";
isReadOnly = false; isReadOnly = false;
@@ -78,6 +98,40 @@ in
}; };
}; };
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"deconz"
];
services.nginx.virtualHosts."${deconzDomain}" = {
sslCertificate = "/var/lib/acme/deconz/fullchain.pem";
sslCertificateKey = "/var/lib/acme/deconz/key.pem";
sslTrustedCertificate = "/var/lib/acme/deconz/chain.pem";
forceSSL = true;
extraConfig = ''
proxy_buffering off;
'';
locations."/".extraConfig = ''
set $p 8080;
if ($http_upgrade = "websocket") {
set $p 8081;
}
proxy_pass http://127.0.0.1:$p;
proxy_set_header Host $host;
proxy_redirect http:// https://;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
'';
};
services.deconz = {
enable = true;
httpPort = 8080;
wsPort = 8081;
device = "/dev/ttyACM0";
};
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
sslCertificate = "/var/lib/acme/hass/fullchain.pem"; sslCertificate = "/var/lib/acme/hass/fullchain.pem";

4
hosts/fw.cloonar.com/modules/unbound.nix
View File

@@ -30,13 +30,9 @@ let
"\"fw A 10.42.97.1\"" "\"fw A 10.42.97.1\""
"\"switch.cloonar.com IN A 10.42.97.10\"" "\"switch.cloonar.com IN A 10.42.97.10\""
"\"drone.cloonar.com IN A 10.42.97.118\""
"\"hv-02.cloonar.com IN A 10.42.97.3\""
"\"deconz.cloonar.com IN A 10.42.97.20\"" "\"deconz.cloonar.com IN A 10.42.97.20\""
"\"mopidy.cloonar.com IN A 10.42.97.20\"" "\"mopidy.cloonar.com IN A 10.42.97.20\""
"\"snapcast.cloonar.com IN A 10.42.97.20\"" "\"snapcast.cloonar.com IN A 10.42.97.20\""
"\"cl-storage-01.cloonar.com IN A 10.42.97.9\""
"\"git.cloonar.old IN A 10.44.97.118\""
"\"stage.wsw.at IN A 10.254.235.22\"" "\"stage.wsw.at IN A 10.254.235.22\""
"\"prod.wsw.at IN A 10.254.217.23\"" "\"prod.wsw.at IN A 10.254.217.23\""