patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: tasmota with hme assistant

Browse source
This commit is contained in:
Patrick 2025-01-13 21:28:06 +01:00
parent 493f6d08d4
commit 1b983b62d1
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
4 changed files with 51 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
config/services/homeassistant.nix
View file

@ -36,8 +36,17 @@
]; ];
}; };
networking.nftables.firewall.zones.devices.interfaces = [ "mv-devices" ]; networking.nftables.firewall.zones.devices.interfaces = [ "mv-devices" ];
networking.nftables.firewall.zones.iot.interfaces = [ "mv-iot" ];
networking.nftables.firewall = { networking.nftables.firewall = {
rules = { rules = {
mqtt = {
from = [
"devices"
"iot"
];
to = [ "local" ];
allowedTCPPorts = [ 1883 ];
};
homematic = { homematic = {
from = [ from = [
"devices" "devices"
@ -45,8 +54,38 @@
to = [ "local" ]; to = [ "local" ];
allowedTCPPorts = [ 45053 ]; allowedTCPPorts = [ 45053 ];
}; };
mdns = {
from = [
"devices"
"iot"
];
to = [ "local" ];
allowedUDPPorts = [ 5353 ];
};
}; };
}; };
age.secrets.mosquitto-pw-home_assistant = {
mode = "440";
owner = "hass";
group = "mosquitto";
generator.script = "alnum";
};
services.mosquitto = {
enable = true;
persistence = true;
listeners = [
{
acl = [ "pattern readwrite #" ];
users = {
home_assistant = {
passwordFile = config.age.secrets.mosquitto-pw-home_assistant.path;
acl = [ "readwrite #" ];
};
};
settings.allow_anonymous = false;
}
];
};
services.home-assistant = { services.home-assistant = {
enable = true; enable = true;
@ -392,6 +431,7 @@
stringcase stringcase
hahomematic hahomematic
pymodbus pymodbus
hatasmota
]; ];
}; };
networking.hosts = { networking.hosts = {

BIN
hosts/elisabeth/secrets/homeassistant/generated/mosquitto-pw-home_assistant.age Normal file
View file

Binary file not shown.

37
hosts/nucnix/hostapd.nix
View file

@ -15,9 +15,6 @@
homeWlan = { homeWlan = {
generator.script = "alnum"; generator.script = "alnum";
}; };
guestWlan = {
generator.script = "alnum";
};
iotWlan = { iotWlan = {
generator.script = "alnum"; generator.script = "alnum";
}; };
@ -66,35 +63,23 @@
inherit (globals.hostapd) ssid; inherit (globals.hostapd) ssid;
apIsolate = true; apIsolate = true;
# not supporte by laptop :( # not supporte by laptop :(
# settings.ieee80211w = 0; #settings.ieee80211w = 0;
logLevel = 0; logLevel = 0;
settings = { settings = {
vlan_file = "${pkgs.writeText "hostaps.vlans" '' bridge = "br-iot";
10 wifi-home br-home
40 wifi-iot br-iot
50 wifi-guests br-guests
''}";
dynamic_vlan = 1;
}; };
authentication = { authentication = {
saePasswords = [ mode = "wpa2-sha1";
{ wpaPasswordFile = config.age.secrets.iotWlan.path;
passwordFile = config.age.secrets.homeWlan.path; # saePasswords = [
vlanid = 10; # {
} # passwordFile = config.age.secrets.iotWlan.path;
{ # }
passwordFile = config.age.secrets.iotWlan.path; # ];
vlanid = 40;
}
{
passwordFile = config.age.secrets.guestWlan.path;
vlanid = 50;
}
];
pairwiseCiphers = [ pairwiseCiphers = [
"CCMP" "CCMP"
"GCMP" # "GCMP"
"GCMP-256" # "GCMP-256"
]; ];
#enableRecommendedPairwiseCiphers = true; #enableRecommendedPairwiseCiphers = true;
}; };

15
hosts/nucnix/secrets/generated/guestWlan.age
View file

@ -1,15 +0,0 @@
age-encryption.org/v1
-> X25519 DnkfavonwcikVjuIH3aQTxh9+U+Vr6se2PPdjCL68iw
qcfI8Rz+8fLqePoqk4XEY0vQyH2+eZtE3c/lrei9OWo
-> piv-p256 ZFgiIw AzKnjNFccsLZSS6EipE+gqoMzjj5Q//OMpAxrPFVHzPW
VphyHLTFEc7nsPfETAi/4VLg+mXb6B2qgTikgn1SyJI
-> piv-p256 XTQkUA A6mFKlj6AYBxwe+p3Yn57Re5e4Ihk42qNCbwFXDVLsV2
YogIWza1sZGXOOeZVVD2fcShAG00QQosLlHntBK+UeI
-> piv-p256 ZFgiIw A2dlENHarOIr4e3ZikrRYeWZI1N4NKwzWuIB4+Vuq96a
55zk9XyUEGwwnxxGFyfia8YVF9Sjj7KFut03YrH6+Zc
-> piv-p256 5vmPtQ Aq81XRMh1/reZhBMQIGd7C+sOEG1pKSTJbdEAmkPoP17
WCzUWz3HDZIIrqMuypxkZMqzoggCmaSPrXNdmNMntHY
-> &1koE-grease
dqDfmnpD0sarnFxWDlpn5p3AMIWMPz58V0pJ5Lu2mXAIjEqPimCW/Q
--- UA2bf9I/vCa+Zn6zRM6V7OeHS69Drwes8V0UexK+SBU
‰5ÃPg÷µKD¸Š &éÁòö£ûïß@­ÖuZ<75>¢ú?J$fÄšºëšZC¤ÑÉ9ùL R£òã„Ìxb¹'ù…cMC:ÆJ²GÎ~!M(÷