nix-config/config/services/homeassistant.nix

{
  config,
  globals,
  nodes,
  lib,
  ...
}:
{
  environment.persistence."/persist".directories = [
    {
      directory = config.services.home-assistant.configDir;
      user = "hass";
      group = "hass";
      mode = "0700";
    }
  ];
  wireguard.services = {
    client.via = "nucnix";
    firewallRuleForNode.nucnix-nginx.allowedTCPPorts = [ 3000 ];
  };
  services.home-assistant = {
    enable = true;
    extraComponents = [
      "radio_browser"
      "met"
      "esphome"
      "fritzbox"
      "homematic"
      "soundtouch"
      "spotify"
      "matter"
      "esphome"
      #"zha"
      "mqtt"
      "ollama"
    ];
    config = {
      http = {
        server_host = [ "0.0.0.0" ];
        server_port = 3000;
        use_x_forwarded_for = true;
        trusted_proxies = [ nodes.nucnix-nginx.config.wireguard.services.ipv4 ];
      };

      homeassistant = {
        name = "!secret ha_name";
        latitude = "!secret ha_latitude";
        longitude = "!secret ha_longitude";
        elevation = "!secret ha_elevation";
        currency = "EUR";
        time_zone = "Europe/Berlin";
        unit_system = "metric";
        #external_url = "https://";
        packages = {
          manual = "!include manual.yaml";
        };
      };

      default_config = { };
      ### Components not from default_config

      frontend = {
        #themes = "!include_dir_merge_named themes";
      };

      # influxdb = {
      #   api_version = 2;
      #   host = globals.services.influxdb.domain;
      #   port = "443";
      #   max_retries = 10;
      #   ssl = true;
      #   verify_ssl = true;
      #   token = "!secret influxdb_token";
      #   organization = "home";
      #   bucket = "home_assistant";
      # };
    };
    extraPackages =
      python3Packages: with python3Packages; [
        psycopg2
        gtts
        fritzconnection
        adguardhome
      ];
  };
  networking.hosts = {
    "${nodes.${globals.services.adguardhome.host}.config.wireguard.services.ipv4}" = [
      "adguardhome.internal"
    ];
    "${nodes.${globals.services.ollama.host}.config.wireguard.services.ipv4}" = [
      "ollama.internal"
    ];
  };
  age.secrets."home-assistant-secrets.yaml" = {
    rekeyFile = "${config.node.secretsDir}/secrets.yaml.age";
    owner = "hass";
  };
  systemd.services.home-assistant = {
    # Update influxdb token
    # We don't use -i because it would require chown with is a @privileged syscall
    # INFLUXDB_TOKEN="$(cat ${config.age.secrets.hass-influxdb-token.path})" \
    #   ${lib.getExe pkgs.yq-go} '.influxdb_token = strenv(INFLUXDB_TOKEN)'
    preStart = lib.mkBefore ''
      if [[ -e ${config.services.home-assistant.configDir}/secrets.yaml ]]; then
        rm ${config.services.home-assistant.configDir}/secrets.yaml
      fi

        cat ${
          config.age.secrets."home-assistant-secrets.yaml".path
        } > ${config.services.home-assistant.configDir}/secrets.yaml

      touch -a ${config.services.home-assistant.configDir}/{automations,scenes,scripts,manual}.yaml
    '';
  };
}
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`{`
			`config,`
feat: more homeassistant 2025-01-07 21:23:06 +01:00			`globals,`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`nodes,`
WIP: homeassistant 2025-01-05 22:27:49 +01:00			`lib,`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`...`
			`}:`
			`{`
			`environment.persistence."/persist".directories = [`
			`{`
			`directory = config.services.home-assistant.configDir;`
			`user = "hass";`
			`group = "hass";`
			`mode = "0700";`
			`}`
			`];`
			`wireguard.services = {`
			`client.via = "nucnix";`
			`firewallRuleForNode.nucnix-nginx.allowedTCPPorts = [ 3000 ];`
			`};`
			`services.home-assistant = {`
			`enable = true;`
			`extraComponents = [`
			`"radio_browser"`
			`"met"`
			`"esphome"`
			`"fritzbox"`
feat: more homeassistant 2025-01-07 21:23:06 +01:00			`"homematic"`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`"soundtouch"`
			`"spotify"`
			`"matter"`
feat: more homeassistant 2025-01-07 21:23:06 +01:00			`"esphome"`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`#"zha"`
			`"mqtt"`
fix: ollama models on renaultft feat: homeassistant ollama 2025-01-08 17:46:44 +01:00			`"ollama"`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`];`
			`config = {`
			`http = {`
			`server_host = [ "0.0.0.0" ];`
			`server_port = 3000;`
			`use_x_forwarded_for = true;`
			`trusted_proxies = [ nodes.nucnix-nginx.config.wireguard.services.ipv4 ];`
			`};`

			`homeassistant = {`
			`name = "!secret ha_name";`
			`latitude = "!secret ha_latitude";`
			`longitude = "!secret ha_longitude";`
			`elevation = "!secret ha_elevation";`
			`currency = "EUR";`
			`time_zone = "Europe/Berlin";`
			`unit_system = "metric";`
			`#external_url = "https://";`
			`packages = {`
			`manual = "!include manual.yaml";`
			`};`
			`};`

			`default_config = { };`
			`### Components not from default_config`

			`frontend = {`
			`#themes = "!include_dir_merge_named themes";`
			`};`

WIP: homeassistant 2025-01-05 22:27:49 +01:00			`# influxdb = {`
			`# api_version = 2;`
			`# host = globals.services.influxdb.domain;`
			`# port = "443";`
			`# max_retries = 10;`
			`# ssl = true;`
			`# verify_ssl = true;`
			`# token = "!secret influxdb_token";`
			`# organization = "home";`
			`# bucket = "home_assistant";`
			`# };`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`};`
			`extraPackages =`
			`python3Packages: with python3Packages; [`
			`psycopg2`
			`gtts`
feat: more homeassistant 2025-01-07 21:23:06 +01:00			`fritzconnection`
			`adguardhome`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`];`
			`};`
feat: more homeassistant 2025-01-07 21:23:06 +01:00			`networking.hosts = {`
			`"${nodes.${globals.services.adguardhome.host}.config.wireguard.services.ipv4}" = [`
			`"adguardhome.internal"`
			`];`
fix: ollama models on renaultft feat: homeassistant ollama 2025-01-08 17:46:44 +01:00			`"${nodes.${globals.services.ollama.host}.config.wireguard.services.ipv4}" = [`
			`"ollama.internal"`
			`];`
feat: more homeassistant 2025-01-07 21:23:06 +01:00			`};`
WIP: homeassistant 2025-01-05 22:27:49 +01:00			`age.secrets."home-assistant-secrets.yaml" = {`
			`rekeyFile = "${config.node.secretsDir}/secrets.yaml.age";`
			`owner = "hass";`
			`};`
			`systemd.services.home-assistant = {`
feat: avahi zeroconfig fix: printer smb 2025-01-06 19:57:05 +01:00			`# Update influxdb token`
			`# We don't use -i because it would require chown with is a @privileged syscall`
			`# INFLUXDB_TOKEN="$(cat ${config.age.secrets.hass-influxdb-token.path})" \`
			`# ${lib.getExe pkgs.yq-go} '.influxdb_token = strenv(INFLUXDB_TOKEN)'`
WIP: homeassistant 2025-01-05 22:27:49 +01:00			`preStart = lib.mkBefore ''`
			`if [[ -e ${config.services.home-assistant.configDir}/secrets.yaml ]]; then`
			`rm ${config.services.home-assistant.configDir}/secrets.yaml`
			`fi`

			`cat ${`
			`config.age.secrets."home-assistant-secrets.yaml".path`
			`} > ${config.services.home-assistant.configDir}/secrets.yaml`

			`touch -a ${config.services.home-assistant.configDir}/{automations,scenes,scripts,manual}.yaml`
			`'';`
			`};`
feat: hostapd back on bare 2025-01-04 23:25:48 +01:00			`}`