nix-config/hosts/home-assistant/default.nix

{ config, pkgs, ... }:

let
  c3d2MacAddress = "00:0b:ad:00:1d:ea";
in
{
  c3d2.deployment.server = "server10";
  microvm = {
    mem = 1 * 1024;
    vcpu = 2;
    # add a network interface in c3d2 for mDNS
    interfaces = [{
      type = "tap";
      id = builtins.substring 0 15 "c3d2-${config.networking.hostName}";
      mac = c3d2MacAddress;
    }];
  };

  networking.hostName = "home-assistant";
  systemd.network = {
    links."40-c3d2" = {
      matchConfig.MACAddress = c3d2MacAddress;
      # rename interface to net name
      linkConfig.Name = "c3d2";
    };
    networks."40-c3d2" = {
      dhcpV4Config.UseRoutes = "no";
      matchConfig.MACAddress = c3d2MacAddress;
      networkConfig = {
        DHCP = "no";
        IPv6AcceptRA = "no";
        LinkLocalAddressing = "yes";
      };
    };
  };

  nixpkgs.config.permittedInsecurePackages = [
    "openssl-1.1.1w"
  ];

  services = {
    avahi.enable = true;

    backup = {
      enable = true;
      paths = [ "/var/lib/hass/" ];
    };

    home-assistant = {
      enable = true;
      config = {
        binary_sensor = [
          {
            platform = "rest";
            name = "Turmlabor";
            unique_id = "status_turmlabor_dresden";
            resource = "https://turmlabor.de/spaces.api";
            method = "GET";
            scan_interval = 60;
            verify_ssl = true;
            value_template = "{{ value_json['state']['open'] }}";
            device_class = "door";
          }
          {
            platform = "rest";
            name = "c3d2";
            unique_id = "status_c3d2";
            resource = "http://schalter.hq.c3d2.de/schalter.json";
            method = "GET";
            scan_interval = 60;
            verify_ssl = true;
            value_template = "{{ value_json['status'] }}";
            device_class = "door";
          }
        ];
        homeassistant = {
          external_url = "https://home-assistant.hq.c3d2.de";
          latitude = "51.08105";
          longitude = "13.72867";
          name = "C3D2";
        };
        http = rec {
          # TODO: turn on when the public-access-proxy is using PROXY PROTOCOL
          # ip_ban_enabled = true;
          # login_attempts_threshold = 5;
          server_host = [
            "127.0.0.1"
            "::1"
          ];
          trusted_proxies = server_host;
          use_x_forwarded_for = true;
        };
      };
      extraComponents = [
        "esphome"
        "met" # Meteorologisk institutt aka the weather widget
        "mqtt"
        "radio_browser"
        "wled"
        "zha" # Zigbee
      ];
      ldap.enable = true;
      package = pkgs.home-assistant.override {
        # those tests take a long(er) time and can't be sped up with pytest-xdist
        packageOverrides = _: prev: let
          noTests.doCheck = false;
        in {
          aws-sam-translator = prev.aws-sam-translator.overridePythonAttrs (_: noTests);
          moto = prev.moto.overridePythonAttrs (_: noTests);
        };
      };
    };

    nginx = {
      enable = true;
      virtualHosts."home-assistant.hq.c3d2.de" = {
        forceSSL = true;
        enableACME = true;
        locations."/" = {
          proxyPass = "http://127.0.0.1:${toString config.services.home-assistant.config.http.server_port}";
          proxyWebsockets = true;
        };
      };
    };

    portunus.addToHosts = true;
  };

  sops.defaultSopsFile = ./secrets.yaml;

  system.stateVersion = "22.11";
}
Cleanup 2023-11-11 04:25:36 +01:00			`{ config, pkgs, ... }:`
Add home-assistant 2023-04-07 01:42:21 +02:00
home-assistant: add a stub network interface in c3d2 for mdns 2023-04-08 22:15:10 +02:00			`let`
			`c3d2MacAddress = "00:0b:ad:00:1d:ea";`
			`in`
Add home-assistant 2023-04-07 01:42:21 +02:00			`{`
			`c3d2.deployment.server = "server10";`
			`microvm = {`
			`mem = 1 * 1024;`
			`vcpu = 2;`
home-assistant: add a stub network interface in c3d2 for mdns 2023-04-08 22:15:10 +02:00			`# add a network interface in c3d2 for mDNS`
Format 2023-04-12 01:23:00 +02:00			`interfaces = [{`
home-assistant: add a stub network interface in c3d2 for mdns 2023-04-08 22:15:10 +02:00			`type = "tap";`
			`id = builtins.substring 0 15 "c3d2-${config.networking.hostName}";`
			`mac = c3d2MacAddress;`
Format 2023-04-12 01:23:00 +02:00			`}];`
Add home-assistant 2023-04-07 01:42:21 +02:00			`};`

			`networking.hostName = "home-assistant";`
home-assistant: add a stub network interface in c3d2 for mdns 2023-04-08 22:15:10 +02:00			`systemd.network = {`
			`links."40-c3d2" = {`
			`matchConfig.MACAddress = c3d2MacAddress;`
			`# rename interface to net name`
			`linkConfig.Name = "c3d2";`
			`};`
			`networks."40-c3d2" = {`
home-assistant: try to fix DHCP 2024-02-04 21:57:00 +01:00			`dhcpV4Config.UseRoutes = "no";`
home-assistant: add a stub network interface in c3d2 for mdns 2023-04-08 22:15:10 +02:00			`matchConfig.MACAddress = c3d2MacAddress;`
			`networkConfig = {`
home-assistant: disable chdp on c3d2 interface 2024-02-07 00:31:45 +01:00			`DHCP = "no";`
home-assistant: add a stub network interface in c3d2 for mdns 2023-04-08 22:15:10 +02:00			`IPv6AcceptRA = "no";`
home-assistant: try to fix DHCP 2024-02-04 21:57:00 +01:00			`LinkLocalAddressing = "yes";`
home-assistant: add a stub network interface in c3d2 for mdns 2023-04-08 22:15:10 +02:00			`};`
			`};`
			`};`
Add home-assistant 2023-04-07 01:42:21 +02:00
home-assistant: use nixos-unstable to get latest heater features 2024-01-31 23:42:17 +01:00			`nixpkgs.config.permittedInsecurePackages = [`
			`"openssl-1.1.1w"`
			`];`

Add home-assistant 2023-04-07 01:42:21 +02:00			`services = {`
home-assistant: enable avahi 2023-04-08 22:09:38 +02:00			`avahi.enable = true;`

Add more backups, going to fix secrets later 2023-11-11 05:01:55 +01:00			`backup = {`
			`enable = true;`
			`paths = [ "/var/lib/hass/" ];`
			`};`

Add home-assistant 2023-04-07 01:42:21 +02:00			`home-assistant = {`
			`enable = true;`
			`config = {`
home-assistant: add spaceapi for us and turmlabor 2023-04-12 01:23:09 +02:00			`binary_sensor = [`
			`{`
			`platform = "rest";`
			`name = "Turmlabor";`
			`unique_id = "status_turmlabor_dresden";`
			`resource = "https://turmlabor.de/spaces.api";`
			`method = "GET";`
			`scan_interval = 60;`
			`verify_ssl = true;`
			`value_template = "{{ value_json['state']['open'] }}";`
			`device_class = "door";`
			`}`
			`{`
			`platform = "rest";`
			`name = "c3d2";`
			`unique_id = "status_c3d2";`
home-assistant: read hq state directly from schalter 2024-02-04 20:54:32 +01:00			`resource = "http://schalter.hq.c3d2.de/schalter.json";`
home-assistant: add spaceapi for us and turmlabor 2023-04-12 01:23:09 +02:00			`method = "GET";`
			`scan_interval = 60;`
			`verify_ssl = true;`
home-assistant: fix hq open condition 2024-02-07 00:31:34 +01:00			`value_template = "{{ value_json['status'] }}";`
home-assistant: add spaceapi for us and turmlabor 2023-04-12 01:23:09 +02:00			`device_class = "door";`
			`}`
			`];`
Add home-assistant 2023-04-07 01:42:21 +02:00			`homeassistant = {`
home-assistant: add external url 2023-10-21 18:35:03 +02:00			`external_url = "https://home-assistant.hq.c3d2.de";`
Add home-assistant 2023-04-07 01:42:21 +02:00			`latitude = "51.08105";`
			`longitude = "13.72867";`
			`name = "C3D2";`
			`};`
			`http = rec {`
			`# TODO: turn on when the public-access-proxy is using PROXY PROTOCOL`
			`# ip_ban_enabled = true;`
			`# login_attempts_threshold = 5;`
			`server_host = [`
			`"127.0.0.1"`
			`"::1"`
			`];`
			`trusted_proxies = server_host;`
			`use_x_forwarded_for = true;`
			`};`
			`};`
			`extraComponents = [`
home-assistant: add modules to load 2023-12-09 22:45:00 +01:00			`"esphome"`
home-assistant: add zigbee 2024-01-20 00:21:54 +01:00			`"met" # Meteorologisk institutt aka the weather widget`
home-assistant: add missing mqtt 2023-12-11 23:53:55 +01:00			`"mqtt"`
home-assistant: add modules to load 2023-12-09 22:45:00 +01:00			`"radio_browser"`
Add home-assistant 2023-04-07 01:42:21 +02:00			`"wled"`
home-assistant: add zigbee 2024-01-20 00:21:54 +01:00			`"zha" # Zigbee`
Add home-assistant 2023-04-07 01:42:21 +02:00			`];`
home-assistant: move things to nixos-modules 2023-10-18 23:35:20 +02:00			`ldap.enable = true;`
home-assistant: configure admin group, remove moved patches 2024-02-04 03:10:43 +01:00			`package = pkgs.home-assistant.override {`
home-assistant: disable aws-sam-translator tests 2023-04-08 21:08:25 +02:00			`# those tests take a long(er) time and can't be sped up with pytest-xdist`
home-assistant: move things to nixos-modules 2023-10-18 23:35:20 +02:00			`packageOverrides = _: prev: let`
			`noTests.doCheck = false;`
home-assistant: disable aws-sam-translator tests 2023-04-08 21:08:25 +02:00			`in {`
home-assistant: move things to nixos-modules 2023-10-18 23:35:20 +02:00			`aws-sam-translator = prev.aws-sam-translator.overridePythonAttrs (_: noTests);`
			`moto = prev.moto.overridePythonAttrs (_: noTests);`
Add home-assistant 2023-04-07 01:42:21 +02:00			`};`
home-assistant: configure admin group, remove moved patches 2024-02-04 03:10:43 +01:00			`};`
Add home-assistant 2023-04-07 01:42:21 +02:00			`};`

			`nginx = {`
			`enable = true;`
			`virtualHosts."home-assistant.hq.c3d2.de" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:${toString config.services.home-assistant.config.http.server_port}";`
			`proxyWebsockets = true;`
			`};`
			`};`
			`};`

home-assistant: move ldap seedSettings to global 2023-07-02 20:38:33 +02:00			`portunus.addToHosts = true;`
Add home-assistant 2023-04-07 01:42:21 +02:00			`};`

Add backups for activity-relay, home-assistant, mailtngbert 2023-11-14 02:30:12 +01:00			`sops.defaultSopsFile = ./secrets.yaml;`

Add home-assistant 2023-04-07 01:42:21 +02:00			`system.stateVersion = "22.11";`
			`}`