diff --git a/config/services/homeassistant.nix b/config/services/homeassistant.nix index 387c36d..64fcc51 100644 --- a/config/services/homeassistant.nix +++ b/config/services/homeassistant.nix @@ -3,10 +3,15 @@ globals, nodes, lib, + pkgs, ... }: { environment.persistence."/persist".directories = [ + { + directory = "/var/lib/private/esphome"; + mode = "0700"; + } { directory = config.services.home-assistant.configDir; user = "hass"; @@ -14,9 +19,21 @@ mode = "0700"; } ]; + + services.esphome = { + enable = true; + address = "0.0.0.0"; + port = 3001; + #allowedDevices = lib.mkForce ["/dev/serial/by-id/usb-Silicon_Labs_CP2102_USB_to_UART_Bridge_Controller_0001-if00-port0"]; + # TODO instead deny the zigbee device + }; + wireguard.services = { client.via = "nucnix"; - firewallRuleForNode.nucnix-nginx.allowedTCPPorts = [ 3000 ]; + firewallRuleForNode.${globals.services.nginx.host}.allowedTCPPorts = [ + 3000 + 3001 + ]; }; services.home-assistant = { enable = true; @@ -33,6 +50,11 @@ #"zha" "mqtt" "ollama" + "solaredge" + ]; + customComponents = with pkgs.home-assistant-custom-components; [ + homematicip_local + pkgs.havartastorage ]; config = { http = { @@ -81,6 +103,11 @@ gtts fritzconnection adguardhome + aiosolaredge + zlib-ng + stringcase + hahomematic + pymodbus ]; }; networking.hosts = { @@ -92,7 +119,7 @@ ]; }; age.secrets."home-assistant-secrets.yaml" = { - rekeyFile = "${config.node.secretsDir}/secrets.yaml.age"; + rekeyFile = config.node.secretsDir + "/secrets.yaml.age"; owner = "hass"; }; systemd.services.home-assistant = { diff --git a/config/services/kanidm.nix b/config/services/kanidm.nix index 0330a88..647e0f0 100644 --- a/config/services/kanidm.nix +++ b/config/services/kanidm.nix @@ -148,6 +148,7 @@ groups."adguardhome.access" = { }; groups."octoprint.access" = { }; groups."invidious.access" = { }; + groups."esphome.access" = { }; systems.oauth2.oauth2-proxy = { displayName = "Oauth2-Proxy"; @@ -184,6 +185,11 @@ "email" "profile" ]; + scopeMaps."esphome.access" = [ + "openid" + "email" + "profile" + ]; preferShortUsername = true; claimMaps.groups = { joinType = "array"; @@ -193,6 +199,7 @@ valuesByGroup."ollama.access" = [ "ollama_access" ]; valuesByGroup."octoprint.access" = [ "octoprint_access" ]; valuesByGroup."invidious.access" = [ "invidious_access" ]; + valuesByGroup."esphome.access" = [ "esphome_access" ]; }; }; diff --git a/config/services/nginx.nix b/config/services/nginx.nix index 7a18d43..ee1c65b 100644 --- a/config/services/nginx.nix +++ b/config/services/nginx.nix @@ -159,6 +159,7 @@ in (blockOf "homebox" { }) (blockOf "homeassistant" { }) (proxyProtect "ollama" { }) + (proxyProtect "esphome" { port = 3001; }) (proxyProtect "firefly" { port = 80; }) (blockOf "apispotify" { port = 3000; diff --git a/globals.nix b/globals.nix index d3c467e..61ecdbf 100644 --- a/globals.nix +++ b/globals.nix @@ -33,6 +33,7 @@ in id = 30; cidrv4 = "10.99.${toString id}.0/24"; cidrv6 = "fd${toString id}::/64"; + dns = false; }; iot = rec { id = 40; @@ -151,6 +152,10 @@ in domain = "hs.${globals.domains.web}"; host = "elisabeth-homeassistant"; }; + esphome = { + domain = "esp.${globals.domains.web}"; + host = "elisabeth-homeassistant"; + }; }; }; } diff --git a/hosts/elisabeth/secrets/kanidm/secrets.nix.age b/hosts/elisabeth/secrets/kanidm/secrets.nix.age index 697b325..975ef59 100644 Binary files a/hosts/elisabeth/secrets/kanidm/secrets.nix.age and b/hosts/elisabeth/secrets/kanidm/secrets.nix.age differ diff --git a/hosts/nucnix/kea.nix b/hosts/nucnix/kea.nix index 64e08eb..c3daeb1 100644 --- a/hosts/nucnix/kea.nix +++ b/hosts/nucnix/kea.nix @@ -39,24 +39,23 @@ in id, cidrv4, internet, + dns, ... }: rec { inherit id; interface = "lan-${name}"; - subnet = "10.99.${toString id}.0/24"; + subnet = cidrv4; pools = [ { pool = "${net.cidr.host 50 subnet} - ${net.cidr.host (-6) subnet}"; } ]; option-data = - [ - { - name = "domain-name-servers"; - data = "${net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4}"; - } - ] + lib.optional dns { + name = "domain-name-servers"; + data = "${net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4}"; + } ++ lib.optional internet { name = "routers"; data = "${net.cidr.host 1 subnet}"; @@ -77,6 +76,11 @@ in hw-address = "48:9e:bd:5c:31:ac"; ip-address = net.cidr.host 32 subnet; } + { + # varta + hw-address = "00:0c:c6:06:7a:70"; + ip-address = net.cidr.host 20 subnet; + } ]; } ); diff --git a/modules/globals.nix b/modules/globals.nix index 00b32cc..983113d 100644 --- a/modules/globals.nix +++ b/modules/globals.nix @@ -114,6 +114,11 @@ in default = true; description = "Whether this vlan is connected to the internet"; }; + dns = mkOption { + type = types.bool; + default = vlanNetSubmod.config.internet; + description = "Whether this vlan should utilize the internal dns server"; + }; name = mkOption { description = "The name of this VLAN"; diff --git a/pkgs/default.nix b/pkgs/default.nix index b3cbf27..53b7987 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -9,6 +9,7 @@ _inputs: [ mongodb-bin = prev.callPackage ./mongodb-bin.nix { }; disneyplus = prev.callPackage ./disney.nix { }; awakened-poe-trade = prev.callPackage ./awakened-poe-trade.nix { }; + havartastorage = prev.callPackage ./havartastorage.nix { }; neovim-clean = prev.neovim-unwrapped.overrideAttrs ( _neovimFinal: neovimPrev: { nativeBuildInputs = (neovimPrev.nativeBuildInputs or [ ]) ++ [ prev.makeWrapper ]; @@ -19,6 +20,11 @@ _inputs: [ ''; } ); + pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ + (_pythonFinal: _pythonPrev: { + vartastorage = prev.callPackage ./pyvartastorage.nix { }; + }) + ]; path-of-building = prev.path-of-building.overrideAttrs (old: { postFixup = diff --git a/pkgs/havartastorage.nix b/pkgs/havartastorage.nix new file mode 100644 index 0000000..5900117 --- /dev/null +++ b/pkgs/havartastorage.nix @@ -0,0 +1,30 @@ +{ + lib, + fetchFromGitHub, + buildHomeAssistantComponent, + python3Packages, +}: + +buildHomeAssistantComponent rec { + owner = "Vip0r"; + domain = "varta_storage"; + version = "2025-1-9-unstable"; + + src = fetchFromGitHub { + inherit owner; + repo = "varta_storage"; + rev = "592cfd8692b24b131cadaa8c6280660fdc262886"; + hash = "sha256-u5VneR7s3V+NjoTnDYPAO2aJeqpDQwPu5Eko5CZQXTw="; + }; + + dependencies = [ + python3Packages.vartastorage + ]; + + meta = with lib; { + description = "Send notifications with ntfy.sh and selfhosted ntfy-servers"; + homepage = "https://github.com/hbrennhaeuser/homeassistant_integration_ntfy"; + maintainers = with maintainers; [ koral ]; + license = licenses.gpl3; + }; +} diff --git a/pkgs/pyvartastorage.nix b/pkgs/pyvartastorage.nix new file mode 100644 index 0000000..ec5aff2 --- /dev/null +++ b/pkgs/pyvartastorage.nix @@ -0,0 +1,40 @@ +{ + lib, + python3Packages, + fetchFromGitHub, +}: + +python3Packages.buildPythonPackage rec { + pname = "vartastorage"; + version = "2025.1.9"; + + disabled = python3Packages.pythonOlder "3.12"; + + src = fetchFromGitHub { + owner = "Vip0r"; + repo = "vartastorage"; + rev = "5e24b25dbafeabceefd513001f3b8b6a598463a1"; + hash = "sha256-8eZOTQUbv7ing05aIYYJcP3zfLc91plC7QNqM7a3ZZQ="; + }; + + __darwinAllowLocalNetworking = true; + + build-system = [ ]; + + dependencies = [ + ]; + + nativeCheckInputs = [ + ]; + + meta = with lib; { + description = "Python module to interact with HomeMatic devices"; + homepage = "https://github.com/SukramJ/hahomematic"; + changelog = "https://github.com/SukramJ/hahomematic/blob/${src.tag}/changelog.md"; + license = licenses.mit; + maintainers = with maintainers; [ + dotlambda + fab + ]; + }; +}