patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

WIP: homeassistant

Browse source
This commit is contained in:
Patrick 2025-01-05 22:27:49 +01:00
parent b94d523805
commit 6113c50a44
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
16 changed files with 2483 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
config/basic/net.nix
View file

@ -41,6 +41,7 @@
llmnr = "false"; llmnr = "false";
extraConfig = '' extraConfig = ''
Domains=~. Domains=~.
MulticastDNS=false
''; '';
}; };
} }

46
config/services/hass.nix → config/services/homeassistant.nix
View file

@ -1,7 +1,8 @@
{ {
config, config,
globals,
nodes, nodes,
lib,
pkgs,
... ...
}: }:
{ {
@ -59,17 +60,17 @@
#themes = "!include_dir_merge_named themes"; #themes = "!include_dir_merge_named themes";
}; };
influxdb = { # influxdb = {
api_version = 2; # api_version = 2;
host = globals.services.influxdb.domain; # host = globals.services.influxdb.domain;
port = "443"; # port = "443";
max_retries = 10; # max_retries = 10;
ssl = true; # ssl = true;
verify_ssl = true; # verify_ssl = true;
token = "!secret influxdb_token"; # token = "!secret influxdb_token";
organization = "home"; # organization = "home";
bucket = "home_assistant"; # bucket = "home_assistant";
}; # };
}; };
extraPackages = extraPackages =
python3Packages: with python3Packages; [ python3Packages: with python3Packages; [
@ -77,4 +78,25 @@
gtts gtts
]; ];
}; };
age.secrets."home-assistant-secrets.yaml" = {
rekeyFile = "${config.node.secretsDir}/secrets.yaml.age";
owner = "hass";
};
systemd.services.home-assistant = {
preStart = lib.mkBefore ''
if [[ -e ${config.services.home-assistant.configDir}/secrets.yaml ]]; then
rm ${config.services.home-assistant.configDir}/secrets.yaml
fi
# Update influxdb token
# We don't use -i because it would require chown with is a @privileged syscall
# INFLUXDB_TOKEN="$(cat ${config.age.secrets.hass-influxdb-token.path})" \
# ${lib.getExe pkgs.yq-go} '.influxdb_token = strenv(INFLUXDB_TOKEN)'
cat ${
config.age.secrets."home-assistant-secrets.yaml".path
} > ${config.services.home-assistant.configDir}/secrets.yaml
touch -a ${config.services.home-assistant.configDir}/{automations,scenes,scripts,manual}.yaml
'';
};
} }

1
config/services/nginx.nix
View file

@ -134,6 +134,7 @@ in
(blockOf "yourspotify" { port = 80; }) (blockOf "yourspotify" { port = 80; })
(blockOf "blog" { port = 80; }) (blockOf "blog" { port = 80; })
(blockOf "homebox" { }) (blockOf "homebox" { })
(blockOf "homeassistant" { })
(proxyProtect "ollama" { }) (proxyProtect "ollama" { })
(proxyProtect "firefly" { port = 80; }) (proxyProtect "firefly" { port = 80; })
(blockOf "apispotify" { (blockOf "apispotify" {

4
globals.nix
View file

@ -143,6 +143,10 @@ in
host = "elisabeth-murmur"; host = "elisabeth-murmur";
ip = 9; ip = 9;
}; };
homeassistant = {
domain = "hs.${globals.domains.web}";
host = "elisabeth-homeassistant";
};
}; };
}; };
} }

1
hosts/elisabeth/guests.nix
View file

@ -127,6 +127,7 @@
// mkContainer "netbird" { } // mkContainer "netbird" { }
// mkContainer "blog" { } // mkContainer "blog" { }
// mkContainer "kanidm" { } // mkContainer "kanidm" { }
// mkContainer "homeassistant" { }
// mkContainer "nextcloud" { enablePanzer = true; } // mkContainer "nextcloud" { enablePanzer = true; }
// mkContainer "paperless" { enableSharedPaperless = true; } // mkContainer "paperless" { enableSharedPaperless = true; }
// mkContainer "forgejo" { enablePanzer = true; } // mkContainer "forgejo" { enablePanzer = true; }

15
hosts/elisabeth/secrets/homeassistant/secrets.yaml.age Normal file
View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> X25519 NliweT9EQ6nsDdQTzH+navFs1SdqXwqa8k4yV24QYRQ
jko+UoInyn1NgRRorYlchIIhLocze0+o/YJBlZ6xrY4
-> piv-p256 ZFgiIw AhszEpkyHZ102kA19ogh3v4v88P2yx3gdWJ5UdgFecpB
UFQCJCo6xHAHlkBLe3+khl+hXV35/d6VTSQx+CfrZt4
-> piv-p256 XTQkUA A/z6RjbWqwVTsyD+5/A//nPAjlhYQSg/eWeO32oZ5ZeY
eV5ZO6XkCEdyHngYmd6t9A7VxqRvffWqqn+frW4OMco
-> piv-p256 ZFgiIw A9NcNdRvBzyh2b7BxUKhPB2anbK3sl8LZKTgANula29D
RfSFUp3fDOJW5WHZS//kLN6MJUgZd7O2KKhPkfdI9ME
-> piv-p256 5vmPtQ AiMkRE/phq3bmzBBB4s/IHX3uV5WKRKrZTWDEH3/RFSf
pEYqKIDxHwSBl+X9Ftvq5a/n8v7QnmJNkKWpX3JXHuc
-> nbG`Q28-grease }&} zD n"q?
MJKwGIHtnXlOAp2OMdNaxGVSrw
--- 8vcYpdAfrcYGRaJocxJHk1LUFOreD4FMt8x2MuDeWO4
—Ą^9±řAĐĺŘĆŃ)<29>Ż<EFBFBD>·śČČéŞ% ÍJ˙Óž•[˛íŔň6ß$ˇšUZTŠ˙ȵŇâť:)óŰrßwĚLŻ íöJ6ţWşĺÎj7„)™T¶Ďĺ’ń˝ÉęÔ˙)řę[#⨓7>,źU-ýš#c.çąÓiC^I„Đ=Î

13
hosts/nucnix/hostapd.nix
View file

@ -1,5 +1,6 @@
{ {
globals, globals,
config,
pkgs, pkgs,
... ...
}: }:
@ -9,6 +10,14 @@
intel2200BGFirmware intel2200BGFirmware
]; ];
#boot.kernel.sysctl."net.ipv4.ip_forward" = 1; #boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
age.secrets = {
homeWlan = {
generator.script = "alnum";
};
guestWlan = {
generator.script = "alnum";
};
};
networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ]; networking.nftables.firewall.zones.wlan.interfaces = [ "wlan1" ];
networking.nftables.firewall.zones.home.interfaces = [ "br-home" ]; networking.nftables.firewall.zones.home.interfaces = [ "br-home" ];
@ -56,11 +65,11 @@
authentication = { authentication = {
saePasswords = [ saePasswords = [
{ {
password = "ctiectie"; passwordFile = config.age.secrets.homeWlan.path;
vlanid = 10; vlanid = 10;
} }
{ {
password = "nrsgnrsg"; passwordFile = config.age.secrets.guestWlan.path;
vlanid = 50; vlanid = 50;
} }
]; ];

15
hosts/nucnix/secrets/generated/guestWlan.age Normal file
View file

@ -0,0 +1,15 @@
age-encryption.org/v1
-> X25519 DnkfavonwcikVjuIH3aQTxh9+U+Vr6se2PPdjCL68iw
qcfI8Rz+8fLqePoqk4XEY0vQyH2+eZtE3c/lrei9OWo
-> piv-p256 ZFgiIw AzKnjNFccsLZSS6EipE+gqoMzjj5Q//OMpAxrPFVHzPW
VphyHLTFEc7nsPfETAi/4VLg+mXb6B2qgTikgn1SyJI
-> piv-p256 XTQkUA A6mFKlj6AYBxwe+p3Yn57Re5e4Ihk42qNCbwFXDVLsV2
YogIWza1sZGXOOeZVVD2fcShAG00QQosLlHntBK+UeI
-> piv-p256 ZFgiIw A2dlENHarOIr4e3ZikrRYeWZI1N4NKwzWuIB4+Vuq96a
55zk9XyUEGwwnxxGFyfia8YVF9Sjj7KFut03YrH6+Zc
-> piv-p256 5vmPtQ Aq81XRMh1/reZhBMQIGd7C+sOEG1pKSTJbdEAmkPoP17
WCzUWz3HDZIIrqMuypxkZMqzoggCmaSPrXNdmNMntHY
-> &1koE-grease
dqDfmnpD0sarnFxWDlpn5p3AMIWMPz58V0pJ5Lu2mXAIjEqPimCW/Q
--- UA2bf9I/vCa+Zn6zRM6V7OeHS69Drwes8V0UexK+SBU
‰5ÃPg÷µKD¸Š &éÁòö£ûïß@­ÖuZ<75>¢ú?J$fÄšºëšZC¤ÑÉ9ùL R£òã„Ìxb¹'ù…cMC:ÆJ²GÎ~!M(÷

17
hosts/nucnix/secrets/generated/homeWlan.age Normal file
View file

@ -0,0 +1,17 @@
age-encryption.org/v1
-> X25519 Io4w4AN1fKAsgZhvXsbVdT5tyEa1gyRHrhLfyXzxqBA
5cSqWN9G6sggJ4k1dAZCvu/oOLm6ZaWADF+DProHAsA
-> piv-p256 ZFgiIw AlmnDZAzIM6GDb664n2W93DDLUFT+z5rhJfPNyDxcmBk
b9f/neXP5AZhkFjVDqZ0jHe0FBWm3+Z1tQt7qocr3vE
-> piv-p256 XTQkUA A4L+oki+mDOX6WecLSEcKzIRqYuCkldYkrjfszaLabFE
mWvfhhaArRvZ6xzNPb2SrAWrVHuqSwvIUc9plLjPRz0
-> piv-p256 ZFgiIw A0TS+eA3oAyX6zNgtIQfPw43lbbOVnRxvCXDS7+TWFR9
Bt9KhW9Hm8fXrFQdAKkGlxoTYDjSxo23inufxn0xOYI
-> piv-p256 5vmPtQ Azl4XTePC2ZZieO7HpQjvHm0faUL3DJWRCNCol6Unr7I
0a2aSindDkEOxKwsA46E0W7I4NLU6faO+Qu5/1pLTxo
-> Fo0Mz*I-grease ? b2!|/ KVp$+a7 x1}p
kS2j+WLNigyT4x/5cy6iLIEsjGGkhmFuKvq5UBAPcWLl4P2EdA71MJBLMgJbSHXn
Km9g17KSjBLoiW+DnWin0PXnA2xBsTbBSj7jsRIEQ8GW2z2++hAsk/+aIClwy1U7
eaSP
--- N8wn5/cIfxnpYjHiJNJ5fTuB0J844jQ3Sbr0bBJwe9U
}^YÝŸ£^·íÖÔþªcŽ|ÖéNóÃûýKVK¼J"|ÁíÃá1cæÅ*&VÚ û¨9çI Œ¿BmID!Ïië¢é÷ÿ$yc

3
hosts/patricknix/net.nix
View file

@ -52,7 +52,6 @@
networkConfig = { networkConfig = {
IPv6PrivacyExtensions = "yes"; IPv6PrivacyExtensions = "yes";
}; };
dns = [ "1.1.1.1" ];
dhcpV4Config.RouteMetric = 10; dhcpV4Config.RouteMetric = 10;
dhcpV6Config.RouteMetric = 10; dhcpV6Config.RouteMetric = 10;
}; };
@ -62,7 +61,6 @@
networkConfig = { networkConfig = {
IPv6PrivacyExtensions = "yes"; IPv6PrivacyExtensions = "yes";
}; };
dns = [ "1.1.1.1" ];
dhcpV4Config.RouteMetric = 10; dhcpV4Config.RouteMetric = 10;
dhcpV6Config.RouteMetric = 10; dhcpV6Config.RouteMetric = 10;
}; };
@ -72,7 +70,6 @@
networkConfig = { networkConfig = {
IPv6PrivacyExtensions = "yes"; IPv6PrivacyExtensions = "yes";
}; };
dns = [ "1.1.1.1" ];
dhcpV4Config.RouteMetric = 40; dhcpV4Config.RouteMetric = 40;
dhcpV6Config.RouteMetric = 40; dhcpV6Config.RouteMetric = 40;
}; };

2364
patches/PR/365727.diff Normal file
View file

File diff suppressed because it is too large Load diff

16
secrets/wireguard/services/keys/elisabeth-homeassistant.age Normal file
View file

@ -0,0 +1,16 @@
age-encryption.org/v1
-> X25519 3vw8tGmO8ONpLYsnf6qeAlTUTegbP3pEghuMOHEYlEg
tkUxpGW6IZXZkL+gmbuhkpBSQUXkfLctt0bpyuLiWYE
-> piv-p256 ZFgiIw A1S8HVUawvCicsmCjUhwksiX6o7s9BMsuLJb/HbLk8WM
MM75XNcA3bTvnC2APm1d4957nXXOc5j9wqYByjfhvJU
-> piv-p256 XTQkUA A3M65y89A/tylZE9el7j8K9JAzucdJ5rmatLSeMPHgDI
sST3YL2E7fz0fwUrdFx+QYtovWnrNGo0o7DRR5B6TlI
-> piv-p256 ZFgiIw AsKck72kGeXyBtiXNSJnmlZx+WBRGqgXbRoSDvl3OlQQ
MWdneDz8DgoWgm3CdL6JOM4gHNPqcrh1rJvwPKLBOU8
-> piv-p256 5vmPtQ A9X+YOqSin+XhAQK1sYv75Hs5aXaEX3vHZhNW8CkYlC7
vni4g1ofCj4oitQf2TwN50VBN4RjrGItIKpJqzKKmpc
-> z;LNR-grease qO
1jnbiHbCwou8LM2gQA3KahqeFPotQVWIUuTCXgjGl9JuCXz8HynGSEpdTFDAQ4L6
s8fgOzHJ814ypW8P/un1T16yQqj7HJVFRfBypMCr1u/cFEqjnVbGNrLNq5g
--- IpjD30oIyLYKgigdi/jEsdW78UcaCXNmazi/lC8VFSs
;qržW¡.×a$HߨMÂÒûÎÁ¨˜r$´¸2 w€vöìY•¹ !}°AVbò¥êý4<C3BD>>HÃå<C383>DØÖkÕ]Ò-A+c

1
secrets/wireguard/services/keys/elisabeth-homeassistant.pub Normal file
View file

@ -0,0 +1 @@
/gvfYTHyMSgqNMrw6piPS0JXaciqRhPwgI5/LNTuaUA=

BIN
secrets/wireguard/services/psks/elisabeth-homeassistant+nucnix.age Normal file
View file

Binary file not shown.

4
users/patrick/programs/nvim/plugins/cmp.nix
View file

@ -5,7 +5,7 @@
enable = true; enable = true;
settings = { settings = {
keymap = { keymap = {
preset = "enter"; preset = "none";
"<A-Tab>" = [ "<A-Tab>" = [
"snippet_forward" "snippet_forward"
"fallback" "fallback"
@ -44,7 +44,7 @@
}; };
signature.enabled = true; signature.enabled = true;
completion = { completion = {
list.selection = "manual"; list.selection = "auto_insert";
# menu = { # menu = {
# border = "none"; # border = "none";
# draw = { # draw = {

2
users/patrick/wayland/hyprland.nix
View file

@ -254,7 +254,7 @@ in
"5, monitor:DP-3" "5, monitor:DP-3"
"6, monitor:DVI-D-1, default:true" "6, monitor:DVI-D-1, default:true"
"7, monitor:DVI-D-1" "7, monitor:DVI-D-1"
"8, monitor:HDMI-A-1, default: true" "8, monitor:HDMI-A-1, default:true"
"9, monitor:HDMI-A-1" "9, monitor:HDMI-A-1"
]; ];
env = [ "HYPRLAND_FLOAT_LOCATION,3800 680" ]; env = [ "HYPRLAND_FLOAT_LOCATION,3800 680" ];