{ config, pkgs, ... }: let domain = "home-assistant.cloonar.com"; pkgs-with-home-assistant = import (builtins.fetchGit { name = "new-home-assistant"; url = "https://github.com/nixos/nixpkgs/"; rev = "18dd725c29603f582cf1900e0d25f9f1063dbf11"; }) {}; networkPrefix = config.networkPrefix; in { users.users.hass = { home = "/var/lib/hass"; createHome = true; group = "hass"; uid = config.ids.uids.hass; extraGroups = [ "dialout" ]; }; users.groups.hass.gid = config.ids.gids.hass; security.acme.certs."${domain}" = { group = "nginx"; }; sops.secrets."home-assistant-secrets.yaml" = { owner = "hass"; restartUnits = [ "container@hass.service" ]; }; sops.secrets."home-assistant-ldap" = { owner = "hass"; }; containers.hass = { autoStart = true; ephemeral = false; privateNetwork = true; hostBridge = "server"; hostAddress = "${networkPrefix}.97.1"; localAddress = "${networkPrefix}.97.20/24"; extraFlags = [ "--capability=CAP_NET_ADMIN" "--capability=CAP_MKNOD" ]; allowedDevices = [ { modifier = "rwm"; node = "char-usb_device"; } { modifier = "rwm"; node = "char-ttyUSB"; } ]; bindMounts = { "/dev/ttyUSB0" = { hostPath = "/dev/ttyUSB0"; isReadOnly = false; }; "/etc/localtime" = { hostPath = "/etc/localtime"; }; "/var/lib/hass" = { hostPath = "/var/lib/hass/"; isReadOnly = false; }; "/var/lib/acme/hass/" = { hostPath = "${config.security.acme.certs.${domain}.directory}"; }; "/run/secrets/home-assistant-ldap" = { hostPath = config.sops.secrets."home-assistant-ldap".path; }; "/var/lib/hass/secrets.yaml" = { hostPath = config.sops.secrets."home-assistant-secrets.yaml".path; }; }; config = { lib, config, pkgs, ... }: { networkPrefix = networkPrefix; imports = [ ../network-prefix.nix ./3dprinter.nix ./ac.nix # ./aeg.nix ./battery.nix ./electricity.nix ./enocean.nix ./ldap.nix ./light.nix ./locks.nix ./multimedia.nix ./music.nix ./notify.nix ./pc.nix ./power-saving.nix ./pushover.nix ./presense.nix ./remote.nix ./roborock.nix ./scenes ./scene-switch.nix ./shelly.nix ./sleep.nix ./snapcast.nix ]; networking = { hostName = "home-assistant"; useHostResolvConf = false; defaultGateway = { address = "${networkPrefix}.96.1"; interface = "eth0"; }; firewall.enable = false; nameservers = [ "${networkPrefix}.97.1" ]; }; environment.systemPackages = [ pkgs.wol pkgs.mariadb ]; services.nginx.enable = true; services.nginx.virtualHosts."${domain}" = { sslCertificate = "/var/lib/acme/hass/fullchain.pem"; sslCertificateKey = "/var/lib/acme/hass/key.pem"; sslTrustedCertificate = "/var/lib/acme/hass/chain.pem"; forceSSL = true; extraConfig = '' proxy_buffering off; ''; locations."/".extraConfig = '' proxy_pass http://127.0.0.1:8123; proxy_set_header Host $host; proxy_redirect http:// https://; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; ''; }; services.home-assistant = { package = pkgs-with-home-assistant.home-assistant; enable = true; }; services.home-assistant.extraComponents = [ "mobile_app" "backup" "denonavr" "androidtv" "rainbird" "zha" "tplink_omada" ]; systemd.services.install-hacs = { description = "Install HACS"; wantedBy = [ "multi-user.target" ]; serviceConfig = { Type = "oneshot"; }; script = '' set -e HACS_VERSION="2.0.5" # Replace with the latest version HACS_DIR="/var/lib/hass/custom_components/hacs" mkdir -p "$HACS_DIR" ${pkgs.curl}/bin/curl -L "https://github.com/hacs/integration/releases/download/$HACS_VERSION/hacs.zip" -o /tmp/hacs.zip ${pkgs.unzip}/bin/unzip -o /tmp/hacs.zip -d "$HACS_DIR" rm /tmp/hacs.zip chown -R hass:hass "$HACS_DIR" ''; }; services.home-assistant.extraPackages = ps: with ps; [ mysqlclient ]; services.mysql = { enable = true; package = pkgs.mariadb; ensureDatabases = [ "hass" ]; ensureUsers = [ { name = "hass"; ensurePermissions = { "hass.*" = "ALL PRIVILEGES"; }; } ]; }; services.mysqlBackup = { enable = true; databases = [ "hass" ]; }; services.home-assistant.config = let hiddenEntities = [ "sensor.last_boot" "sensor.date" ]; in { recorder = { db_url = "mysql://hass@localhost/hass?unix_socket=/var/run/mysqld/mysqld.sock"; }; homeassistant = { name = "Home"; latitude = "!secret home_latitude"; longitude = "!secret home_longitude"; elevation = "!secret home_elevation"; unit_system = "metric"; currency = "EUR"; country = "AT"; time_zone = "Europe/Vienna"; external_url = "https://${domain}"; }; zone = { name = "Home"; latitude = "!secret home_latitude"; longitude = "!secret home_longitude"; radius = 35; icon = "mdi:account-multiple"; }; automation = "!include automations.yaml"; frontend = { }; http = { use_x_forwarded_for = true; trusted_proxies = [ "127.0.0.1" "::1" ]; }; api = { }; history.exclude = { entities = hiddenEntities; domains = [ "automation" "updater" ]; }; "map" = { }; enocean = { device = "/dev/ttyUSB0"; }; # logbook.exclude.entities = "hiddenEntities"; logger = { default = "info"; }; #icloud = { # username = "!secret icloud_email"; # password = "!secret icloud_password"; # with_family = true; #}; network = { }; zeroconf = { }; system_health = { }; default_config = { }; system_log = { }; sensor = [ { platform = "template"; sensors.bedtime_alarm = { friendly_name = "Bedtime Alarm"; value_template = "09:00"; }; } ]; }; services.mosquitto = { enable = true; listeners = [ { acl = [ "pattern readwrite #" ]; omitPasswordAuth = true; settings.allow_anonymous = true; } ]; }; users.users.hass.extraGroups = [ "dialout" ]; system.stateVersion = "23.05"; }; }; }