feat: homeassistant more components

config/services/homeassistant.nix

@@ -3,10 +3,15 @@
   globals,
   nodes,
   lib,
+  pkgs,
   ...
 }:
 {
   environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/private/esphome";
+      mode = "0700";
+    }
     {
       directory = config.services.home-assistant.configDir;
       user = "hass";
@@ -14,9 +19,21 @@
       mode = "0700";
     }
   ];
+
+  services.esphome = {
+    enable = true;
+    address = "0.0.0.0";
+    port = 3001;
+    #allowedDevices = lib.mkForce ["/dev/serial/by-id/usb-Silicon_Labs_CP2102_USB_to_UART_Bridge_Controller_0001-if00-port0"];
+    # TODO instead deny the zigbee device
+  };
+
   wireguard.services = {
     client.via = "nucnix";
-    firewallRuleForNode.nucnix-nginx.allowedTCPPorts = [ 3000 ];
+    firewallRuleForNode.${globals.services.nginx.host}.allowedTCPPorts = [
+      3000
+      3001
+    ];
   };
   services.home-assistant = {
     enable = true;
@@ -33,6 +50,11 @@
       #"zha"
       "mqtt"
       "ollama"
+      "solaredge"
+    ];
+    customComponents = with pkgs.home-assistant-custom-components; [
+      homematicip_local
+      pkgs.havartastorage
     ];
     config = {
       http = {
@@ -81,6 +103,11 @@
         gtts
         fritzconnection
         adguardhome
+        aiosolaredge
+        zlib-ng
+        stringcase
+        hahomematic
+        pymodbus
       ];
   };
   networking.hosts = {
@@ -92,7 +119,7 @@
     ];
   };
   age.secrets."home-assistant-secrets.yaml" = {
-    rekeyFile = "${config.node.secretsDir}/secrets.yaml.age";
+    rekeyFile = config.node.secretsDir + "/secrets.yaml.age";
     owner = "hass";
   };
   systemd.services.home-assistant = {

config/services/kanidm.nix

@@ -148,6 +148,7 @@
       groups."adguardhome.access" = { };
       groups."octoprint.access" = { };
       groups."invidious.access" = { };
+      groups."esphome.access" = { };
 
       systems.oauth2.oauth2-proxy = {
         displayName = "Oauth2-Proxy";
@@ -184,6 +185,11 @@
           "email"
           "profile"
         ];
+        scopeMaps."esphome.access" = [
+          "openid"
+          "email"
+          "profile"
+        ];
         preferShortUsername = true;
         claimMaps.groups = {
           joinType = "array";
@@ -193,6 +199,7 @@
           valuesByGroup."ollama.access" = [ "ollama_access" ];
           valuesByGroup."octoprint.access" = [ "octoprint_access" ];
           valuesByGroup."invidious.access" = [ "invidious_access" ];
+          valuesByGroup."esphome.access" = [ "esphome_access" ];
         };
       };
 

config/services/nginx.nix

@@ -159,6 +159,7 @@ in
       (blockOf "homebox" { })
       (blockOf "homeassistant" { })
       (proxyProtect "ollama" { })
+      (proxyProtect "esphome" { port = 3001; })
       (proxyProtect "firefly" { port = 80; })
       (blockOf "apispotify" {
         port = 3000;

globals.nix

@@ -33,6 +33,7 @@ in
         id = 30;
         cidrv4 = "10.99.${toString id}.0/24";
         cidrv6 = "fd${toString id}::/64";
+        dns = false;
       };
       iot = rec {
         id = 40;
@@ -151,6 +152,10 @@ in
         domain = "hs.${globals.domains.web}";
         host = "elisabeth-homeassistant";
       };
+      esphome = {
+        domain = "esp.${globals.domains.web}";
+        host = "elisabeth-homeassistant";
+      };
     };
   };
 }

hosts/nucnix/kea.nix

@@ -39,24 +39,23 @@ in
           id,
           cidrv4,
           internet,
+          dns,
           ...
         }:
         rec {
           inherit id;
           interface = "lan-${name}";
-          subnet = "10.99.${toString id}.0/24";
+          subnet = cidrv4;
           pools = [
             {
               pool = "${net.cidr.host 50 subnet} - ${net.cidr.host (-6) subnet}";
             }
           ];
           option-data =
-            [
+            lib.optional dns {
-              {
+              name = "domain-name-servers";
-                name = "domain-name-servers";
+              data = "${net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4}";
-                data = "${net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4}";
+            }
-              }
-            ]
             ++ lib.optional internet {
               name = "routers";
               data = "${net.cidr.host 1 subnet}";
@@ -77,6 +76,11 @@ in
               hw-address = "48:9e:bd:5c:31:ac";
               ip-address = net.cidr.host 32 subnet;
             }
+            {
+              # varta
+              hw-address = "00:0c:c6:06:7a:70";
+              ip-address = net.cidr.host 20 subnet;
+            }
           ];
         }
       );

modules/globals.nix

@@ -114,6 +114,11 @@ in
                     default = true;
                     description = "Whether this vlan is connected to the internet";
                   };
+                  dns = mkOption {
+                    type = types.bool;
+                    default = vlanNetSubmod.config.internet;
+                    description = "Whether this vlan should utilize the internal dns server";
+                  };
 
                   name = mkOption {
                     description = "The name of this VLAN";

pkgs/default.nix

@@ -9,6 +9,7 @@ _inputs: [
     mongodb-bin = prev.callPackage ./mongodb-bin.nix { };
     disneyplus = prev.callPackage ./disney.nix { };
     awakened-poe-trade = prev.callPackage ./awakened-poe-trade.nix { };
+    havartastorage = prev.callPackage ./havartastorage.nix { };
     neovim-clean = prev.neovim-unwrapped.overrideAttrs (
       _neovimFinal: neovimPrev: {
         nativeBuildInputs = (neovimPrev.nativeBuildInputs or [ ]) ++ [ prev.makeWrapper ];
@@ -19,6 +20,11 @@ _inputs: [
           '';
       }
     );
+    pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
+      (_pythonFinal: _pythonPrev: {
+        vartastorage = prev.callPackage ./pyvartastorage.nix { };
+      })
+    ];
 
     path-of-building = prev.path-of-building.overrideAttrs (old: {
       postFixup =

pkgs/havartastorage.nix

@@ -0,0 +1,30 @@
+{
+  lib,
+  fetchFromGitHub,
+  buildHomeAssistantComponent,
+  python3Packages,
+}:
+
+buildHomeAssistantComponent rec {
+  owner = "Vip0r";
+  domain = "varta_storage";
+  version = "2025-1-9-unstable";
+
+  src = fetchFromGitHub {
+    inherit owner;
+    repo = "varta_storage";
+    rev = "592cfd8692b24b131cadaa8c6280660fdc262886";
+    hash = "sha256-u5VneR7s3V+NjoTnDYPAO2aJeqpDQwPu5Eko5CZQXTw=";
+  };
+
+  dependencies = [
+    python3Packages.vartastorage
+  ];
+
+  meta = with lib; {
+    description = "Send notifications with ntfy.sh and selfhosted ntfy-servers";
+    homepage = "https://github.com/hbrennhaeuser/homeassistant_integration_ntfy";
+    maintainers = with maintainers; [ koral ];
+    license = licenses.gpl3;
+  };
+}

pkgs/pyvartastorage.nix

@@ -0,0 +1,40 @@
+{
+  lib,
+  python3Packages,
+  fetchFromGitHub,
+}:
+
+python3Packages.buildPythonPackage rec {
+  pname = "vartastorage";
+  version = "2025.1.9";
+
+  disabled = python3Packages.pythonOlder "3.12";
+
+  src = fetchFromGitHub {
+    owner = "Vip0r";
+    repo = "vartastorage";
+    rev = "5e24b25dbafeabceefd513001f3b8b6a598463a1";
+    hash = "sha256-8eZOTQUbv7ing05aIYYJcP3zfLc91plC7QNqM7a3ZZQ=";
+  };
+
+  __darwinAllowLocalNetworking = true;
+
+  build-system = [ ];
+
+  dependencies = [
+  ];
+
+  nativeCheckInputs = [
+  ];
+
+  meta = with lib; {
+    description = "Python module to interact with HomeMatic devices";
+    homepage = "https://github.com/SukramJ/hahomematic";
+    changelog = "https://github.com/SukramJ/hahomematic/blob/${src.tag}/changelog.md";
+    license = licenses.mit;
+    maintainers = with maintainers; [
+      dotlambda
+      fab
+    ];
+  };
+}