{ config, pkgs, ... }: let domain = "home-assistant.cloonar.com"; in { users.users.hass = { home = "/var/lib/hass"; createHome = true; group = "hass"; uid = config.ids.uids.hass; extraGroups = [ "dialout" ]; }; users.groups.hass.gid = config.ids.gids.hass; security.acme.certs."${domain}" = { group = "nginx"; }; sops.secrets."home-assistant-secrets.yaml" = { owner = "hass"; restartUnits = [ "container@hass.service" ]; }; sops.secrets."home-assistant-ldap" = { owner = "hass"; }; containers.hass = { autoStart = true; ephemeral = false; macvlans = [ "vserver" ]; allowedDevices = [ { modifier = "rwm"; node = "char-usb_device"; } { modifier = "rwm"; node = "char-ttyUSB"; } ]; bindMounts = { "/dev/ttyUSB0" = { hostPath = "/dev/ttyUSB0"; isReadOnly = false; }; "/etc/localtime" = { hostPath = "/etc/localtime"; }; "/var/lib/hass" = { hostPath = "/var/lib/hass/"; isReadOnly = false; }; "/var/lib/acme/hass/" = { hostPath = "${config.security.acme.certs.${domain}.directory}"; }; "/run/secrets/home-assistant-ldap" = { hostPath = config.sops.secrets."home-assistant-ldap".path; }; "/var/lib/hass/secrets.yaml" = { hostPath = config.sops.secrets."home-assistant-secrets.yaml".path; }; }; config = { lib, config, pkgs, ... }: { imports = [ ./ac.nix # ./aeg.nix ./battery.nix ./enocean.nix ./ldap.nix ./light.nix ./locks.nix ./multimedia.nix ./notify.nix ./pc.nix ./pushover.nix ./roborock.nix ./scene-switch.nix ./sleep.nix ./snapcast.nix ]; networking = { hostName = "home-assistant"; nameservers = [ "10.42.97.10" ]; interfaces.mv-vserver = { useDHCP = true; }; firewall = { enable = true; allowedTCPPorts = [ 80 443 ]; allowedUDPPorts = [ 5683 ]; }; }; services.nginx.enable = true; services.nginx.virtualHosts."${domain}" = { sslCertificate = "/var/lib/acme/hass/fullchain.pem"; sslCertificateKey = "/var/lib/acme/hass/key.pem"; sslTrustedCertificate = "/var/lib/acme/hass/chain.pem"; forceSSL = true; extraConfig = '' proxy_buffering off; ''; locations."/".extraConfig = '' proxy_pass http://127.0.0.1:8123; proxy_set_header Host $host; proxy_redirect http:// https://; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; ''; }; services.home-assistant = { enable = true; }; services.home-assistant.extraComponents = [ "mobile_app" "backup" "denonavr" "androidtv" "rainbird" "zha" ]; services.home-assistant.config = let hiddenEntities = [ "sensor.last_boot" "sensor.date" ]; in { homeassistant = { name = "Home"; latitude = "!secret home_latitude"; longitude = "!secret home_longitude"; elevation = "!secret home_elevation"; unit_system = "metric"; currency = "EUR"; country = "AT"; time_zone = "Europe/Vienna"; external_url = "https://${domain}"; }; automation = "!include automations.yaml"; frontend = { }; http = { use_x_forwarded_for = true; trusted_proxies = [ "127.0.0.1" "::1" ]; }; api = { }; history.exclude = { entities = hiddenEntities; domains = [ "automation" "updater" ]; }; "map" = { }; enocean = { device = "/dev/ttyUSB0"; }; # logbook.exclude.entities = "hiddenEntities"; logger = { default = "info"; }; #icloud = { # username = "!secret icloud_email"; # password = "!secret icloud_password"; # with_family = true; #}; network = { }; zeroconf = { }; system_health = { }; default_config = { }; system_log = { }; sensor = [ { platform = "template"; sensors.bedtime_alarm = { friendly_name = "Bedtime Alarm"; value_template = "09:00"; }; } ]; }; users.users.hass.extraGroups = [ "dialout" ]; system.stateVersion = "23.05"; }; }; }