forked from c3d2/nix-config
home-assistant: move things to nixos-modules
This commit is contained in:
parent
51add2764d
commit
b5961a0c79
|
@ -169,6 +169,8 @@
|
|||
|
||||
hedgedoc.ldap.userGroup = "hedgedoc-users";
|
||||
|
||||
home-assistant.ldap.userGroup = "home-assistant-users";
|
||||
|
||||
hydra.ldap = {
|
||||
roleMappings = [
|
||||
{ hydra-admins = "admin"; }
|
||||
|
@ -222,11 +224,6 @@
|
|||
name = "grafana-admins";
|
||||
permissions = {};
|
||||
}
|
||||
{
|
||||
long_name = "Home-Assistant Users";
|
||||
name = "home-assistant-users";
|
||||
permissions = {};
|
||||
}
|
||||
{
|
||||
long_name = "Mobilizon Users";
|
||||
name = "mobilizon-users";
|
||||
|
|
|
@ -398,11 +398,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1697469241,
|
||||
"narHash": "sha256-I0nzGkE87Fx4O3VqVTaKsJVGzi2d2OajXmq/9rRN7Hs=",
|
||||
"lastModified": 1697666911,
|
||||
"narHash": "sha256-jirxknG+EUOETDsvOhT7b3Qv0VEndzv+PMv61k+Hfc0=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixos-modules",
|
||||
"rev": "f687a641d105f5c2f691cb3f81d766714adb63d6",
|
||||
"rev": "1b3d695641a55b48a63b988bce0a46f07ed8950d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -62,63 +62,10 @@ in
|
|||
device_class = "door";
|
||||
}
|
||||
];
|
||||
default_config = { }; # yes, this is required...
|
||||
automation = "!include automations.yaml";
|
||||
homeassistant = {
|
||||
auth_providers = [
|
||||
{
|
||||
type = "command_line";
|
||||
command =
|
||||
# the script is not inheriting PATH from home-assistant
|
||||
pkgs.resholve.writeScript "ldap-auth-sh" {
|
||||
fake.external = [ "on_auth_failure" "on_auth_success" ];
|
||||
inputs = with pkgs; [ coreutils curl gnugrep gnused openldap ];
|
||||
interpreter = "${pkgs.bash}/bin/bash";
|
||||
keep."source:$CONFIG_FILE" = true;
|
||||
} (builtins.readFile "${pkgs.fetchFromGitHub {
|
||||
owner = "bob1de";
|
||||
repo = "ldap-auth-sh";
|
||||
rev = "819f9233116e68b5af5a5f45167bcbb4ed412ed4";
|
||||
sha256 = "sha256-+QjRP5SKUojaCv3lZX2Kv3wkaNvpWFd97phwsRlhroY=";
|
||||
}}/ldap-auth.sh");
|
||||
args =
|
||||
let
|
||||
inherit (config.security) ldap;
|
||||
sed = "${pkgs.gnused}/bin/sed";
|
||||
in
|
||||
[
|
||||
# https://github.com/bob1de/ldap-auth-sh/blob/master/examples/home-assistant.cfg
|
||||
(pkgs.writeText "config.cfg" /* shell */ ''
|
||||
ATTRS="${ldap.userField}"
|
||||
CLIENT="ldapsearch"
|
||||
DEBUG=0
|
||||
FILTER="${ldap.groupFilter "home-assistant-users"}"
|
||||
NAME_ATTR="${ldap.userField}"
|
||||
SCOPE="base"
|
||||
SERVER="ldaps://${ldap.domainName}"
|
||||
USERDN="uid=$(ldap_dn_escape "$username"),${ldap.userBaseDN}"
|
||||
BASEDN="$USERDN"
|
||||
|
||||
on_auth_success() {
|
||||
# print the meta entries for use in HA
|
||||
if [ ! -z "$NAME_ATTR" ]; then
|
||||
name=$(echo "$output" | ${sed} -nr "s/^\s*$NAME_ATTR:\s*(.+)\s*\$/\1/Ip")
|
||||
[ -z "$name" ] || echo "name=$name"
|
||||
fi
|
||||
}
|
||||
'')
|
||||
];
|
||||
meta = true;
|
||||
}
|
||||
# default authentication is required for the first step of onboarding
|
||||
# { type = "homeassistant"; }
|
||||
];
|
||||
latitude = "51.08105";
|
||||
longitude = "13.72867";
|
||||
name = "C3D2";
|
||||
temperature_unit = "C";
|
||||
time_zone = config.time.timeZone;
|
||||
unit_system = "metric";
|
||||
};
|
||||
http = rec {
|
||||
# TODO: turn on when the public-access-proxy is using PROXY PROTOCOL
|
||||
|
@ -133,29 +80,20 @@ in
|
|||
};
|
||||
};
|
||||
extraComponents = [
|
||||
# defaults plus required for onboarding
|
||||
"backup"
|
||||
"default_config"
|
||||
"esphome"
|
||||
"met"
|
||||
"radio_browser"
|
||||
# extra things we use
|
||||
"wled"
|
||||
];
|
||||
ldap.enable = true;
|
||||
package = (pkgs.home-assistant.override {
|
||||
# those tests take a long(er) time and can't be sped up with pytest-xdist
|
||||
packageOverrides = final: prev: let
|
||||
noTests = {
|
||||
doCheck = false;
|
||||
doInstallCheck = false;
|
||||
};
|
||||
packageOverrides = _: prev: let
|
||||
noTests.doCheck = false;
|
||||
in {
|
||||
aws-sam-translator = prev.aws-sam-translator.overrideAttrs (_: noTests);
|
||||
moto = prev.moto.overrideAttrs (_: noTests);
|
||||
aws-sam-translator = prev.aws-sam-translator.overridePythonAttrs (_: noTests);
|
||||
moto = prev.moto.overridePythonAttrs (_: noTests);
|
||||
};
|
||||
}).overrideAttrs (_: {
|
||||
}).overridePythonAttrs (_: {
|
||||
doCheck = false;
|
||||
doInstallCheck = false;
|
||||
});
|
||||
};
|
||||
|
||||
|
@ -174,7 +112,5 @@ in
|
|||
portunus.addToHosts = true;
|
||||
};
|
||||
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user