feat: more homeassistant
This commit is contained in:
parent
0a11ac5c48
commit
b2256f2459
|
@ -7,7 +7,12 @@
|
||||||
{
|
{
|
||||||
wireguard.services = {
|
wireguard.services = {
|
||||||
client.via = "nucnix";
|
client.via = "nucnix";
|
||||||
firewallRuleForNode.nucnix-nginx.allowedTCPPorts = [ config.services.adguardhome.port ];
|
firewallRuleForNode.${globals.services.nginx.host}.allowedTCPPorts = [
|
||||||
|
config.services.adguardhome.port
|
||||||
|
];
|
||||||
|
firewallRuleForNode.${globals.services.homeassistant.host}.allowedTCPPorts = [
|
||||||
|
config.services.adguardhome.port
|
||||||
|
];
|
||||||
};
|
};
|
||||||
services.adguardhome = {
|
services.adguardhome = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
config,
|
config,
|
||||||
|
globals,
|
||||||
nodes,
|
nodes,
|
||||||
lib,
|
lib,
|
||||||
...
|
...
|
||||||
|
@ -24,9 +25,11 @@
|
||||||
"met"
|
"met"
|
||||||
"esphome"
|
"esphome"
|
||||||
"fritzbox"
|
"fritzbox"
|
||||||
|
"homematic"
|
||||||
"soundtouch"
|
"soundtouch"
|
||||||
"spotify"
|
"spotify"
|
||||||
"matter"
|
"matter"
|
||||||
|
"esphome"
|
||||||
#"zha"
|
#"zha"
|
||||||
"mqtt"
|
"mqtt"
|
||||||
];
|
];
|
||||||
|
@ -75,6 +78,13 @@
|
||||||
python3Packages: with python3Packages; [
|
python3Packages: with python3Packages; [
|
||||||
psycopg2
|
psycopg2
|
||||||
gtts
|
gtts
|
||||||
|
fritzconnection
|
||||||
|
adguardhome
|
||||||
|
];
|
||||||
|
};
|
||||||
|
networking.hosts = {
|
||||||
|
"${nodes.${globals.services.adguardhome.host}.config.wireguard.services.ipv4}" = [
|
||||||
|
"adguardhome.internal"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
age.secrets."home-assistant-secrets.yaml" = {
|
age.secrets."home-assistant-secrets.yaml" = {
|
||||||
|
|
|
@ -116,6 +116,29 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedSetup = true;
|
recommendedSetup = true;
|
||||||
virtualHosts."${globals.services.netbird.domain}".useACMEHost = "web";
|
virtualHosts."${globals.services.netbird.domain}".useACMEHost = "web";
|
||||||
|
upstreams.fritz = {
|
||||||
|
servers."${lib.net.cidr.host 1 "10.99.2.0/24"}" = { };
|
||||||
|
extraConfig = ''
|
||||||
|
zone fritz 64k ;
|
||||||
|
keepalive 5 ;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
virtualHosts.${globals.services.fritz.domain} = {
|
||||||
|
forceSSL = true;
|
||||||
|
useACMEHost = "web";
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "https://fritz";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
X-Frame-Options = "SAMEORIGIN";
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
client_max_body_size 512M ;
|
||||||
|
proxy_ssl_verify off ;
|
||||||
|
allow ${globals.net.vlans.home.cidrv4} ;
|
||||||
|
allow ${globals.net.vlans.home.cidrv6} ;
|
||||||
|
deny all ;
|
||||||
|
'';
|
||||||
|
};
|
||||||
}
|
}
|
||||||
(blockOf "vaultwarden" { maxBodySize = "1G"; })
|
(blockOf "vaultwarden" { maxBodySize = "1G"; })
|
||||||
(blockOf "forgejo" { maxBodySize = "1G"; })
|
(blockOf "forgejo" { maxBodySize = "1G"; })
|
||||||
|
|
|
@ -8,6 +8,8 @@ let
|
||||||
shares = lib.removeAttrs config.services.samba.settings [ "global" ];
|
shares = lib.removeAttrs config.services.samba.settings [ "global" ];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
# allow direct access to shares
|
||||||
|
networking.nftables.firewall.zones.untrusted.interfaces = [ "mv-home" ];
|
||||||
services.samba-wsdd = {
|
services.samba-wsdd = {
|
||||||
enable = true; # make shares visible for windows 10 clients
|
enable = true; # make shares visible for windows 10 clients
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
|
|
|
@ -38,6 +38,7 @@ in
|
||||||
id = 40;
|
id = 40;
|
||||||
cidrv4 = "10.99.${toString id}.0/24";
|
cidrv4 = "10.99.${toString id}.0/24";
|
||||||
cidrv6 = "fd${toString id}::/64";
|
cidrv6 = "fd${toString id}::/64";
|
||||||
|
internet = false;
|
||||||
};
|
};
|
||||||
guests = rec {
|
guests = rec {
|
||||||
id = 50;
|
id = 50;
|
||||||
|
@ -72,6 +73,9 @@ in
|
||||||
domain = "ppl.${globals.domains.web}";
|
domain = "ppl.${globals.domains.web}";
|
||||||
host = "elisabeth-paperless";
|
host = "elisabeth-paperless";
|
||||||
};
|
};
|
||||||
|
fritz = {
|
||||||
|
domain = "fritz.${globals.domains.web}";
|
||||||
|
};
|
||||||
ttrss = {
|
ttrss = {
|
||||||
domain = "rss.${globals.domains.web}";
|
domain = "rss.${globals.domains.web}";
|
||||||
host = "elisabeth-ttrss";
|
host = "elisabeth-ttrss";
|
||||||
|
|
|
@ -53,9 +53,7 @@
|
||||||
../../config/services/${guestName}.nix
|
../../config/services/${guestName}.nix
|
||||||
{
|
{
|
||||||
node.secretsDir = config.node.secretsDir + "/${guestName}";
|
node.secretsDir = config.node.secretsDir + "/${guestName}";
|
||||||
networking.nftables.firewall.zones.untrusted.interfaces = lib.mkIf (
|
networking.nftables.firewall.zones.untrusted.interfaces = [ "mv-services" ];
|
||||||
lib.length config.guests.${guestName}.networking.links == 1
|
|
||||||
) config.guests.${guestName}.networking.links;
|
|
||||||
systemd.network.networks = lib.mkIf (globals.services.${guestName}.ip != null) (
|
systemd.network.networks = lib.mkIf (globals.services.${guestName}.ip != null) (
|
||||||
lib.listToAttrs (
|
lib.listToAttrs (
|
||||||
lib.flip map vlans (
|
lib.flip map vlans (
|
||||||
|
@ -67,7 +65,7 @@
|
||||||
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
|
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
|
||||||
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
|
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
|
||||||
];
|
];
|
||||||
gateway = [
|
gateway = lib.optionals globals.net.vlans.${name}.internet [
|
||||||
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv4)
|
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv4)
|
||||||
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv6)
|
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv6)
|
||||||
];
|
];
|
||||||
|
@ -127,7 +125,13 @@
|
||||||
// mkContainer "netbird" { }
|
// mkContainer "netbird" { }
|
||||||
// mkContainer "blog" { }
|
// mkContainer "blog" { }
|
||||||
// mkContainer "kanidm" { }
|
// mkContainer "kanidm" { }
|
||||||
// mkContainer "homeassistant" { }
|
// mkContainer "homeassistant" {
|
||||||
|
vlans = [
|
||||||
|
"services"
|
||||||
|
"devices"
|
||||||
|
"iot"
|
||||||
|
];
|
||||||
|
}
|
||||||
// mkContainer "nextcloud" { enablePanzer = true; }
|
// mkContainer "nextcloud" { enablePanzer = true; }
|
||||||
// mkContainer "paperless" { enableSharedPaperless = true; }
|
// mkContainer "paperless" { enableSharedPaperless = true; }
|
||||||
// mkContainer "forgejo" { enablePanzer = true; }
|
// mkContainer "forgejo" { enablePanzer = true; }
|
||||||
|
@ -137,6 +141,8 @@
|
||||||
enableRenaultFT = true;
|
enableRenaultFT = true;
|
||||||
enableBunker = true;
|
enableBunker = true;
|
||||||
enableSharedPaperless = true;
|
enableSharedPaperless = true;
|
||||||
vlans = [ "home" ];
|
vlans = [
|
||||||
|
"home"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -38,9 +38,7 @@ in
|
||||||
../../config/services/${guestName}.nix
|
../../config/services/${guestName}.nix
|
||||||
{
|
{
|
||||||
node.secretsDir = config.node.secretsDir + "/${guestName}";
|
node.secretsDir = config.node.secretsDir + "/${guestName}";
|
||||||
networking.nftables.firewall.zones.untrusted.interfaces = lib.mkIf (
|
networking.nftables.firewall.zones.untrusted.interfaces = [ "mv-services" ];
|
||||||
lib.length config.guests.${guestName}.networking.links == 1
|
|
||||||
) config.guests.${guestName}.networking.links;
|
|
||||||
systemd.network.networks = lib.mkIf (globals.services.${guestName}.ip != null) (
|
systemd.network.networks = lib.mkIf (globals.services.${guestName}.ip != null) (
|
||||||
lib.listToAttrs (
|
lib.listToAttrs (
|
||||||
lib.flip map vlans (
|
lib.flip map vlans (
|
||||||
|
@ -52,7 +50,7 @@ in
|
||||||
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
|
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
|
||||||
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
|
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
|
||||||
];
|
];
|
||||||
gateway = [
|
gateway = lib.optionals globals.net.vlans.${name}.internet [
|
||||||
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv4)
|
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv4)
|
||||||
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv6)
|
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv6)
|
||||||
];
|
];
|
||||||
|
|
|
@ -35,7 +35,12 @@ in
|
||||||
};
|
};
|
||||||
subnet4 = flip mapAttrsToList globals.net.vlans (
|
subnet4 = flip mapAttrsToList globals.net.vlans (
|
||||||
name:
|
name:
|
||||||
{ id, cidrv4, ... }:
|
{
|
||||||
|
id,
|
||||||
|
cidrv4,
|
||||||
|
internet,
|
||||||
|
...
|
||||||
|
}:
|
||||||
rec {
|
rec {
|
||||||
inherit id;
|
inherit id;
|
||||||
interface = "lan-${name}";
|
interface = "lan-${name}";
|
||||||
|
@ -45,16 +50,17 @@ in
|
||||||
pool = "${net.cidr.host 50 subnet} - ${net.cidr.host (-6) subnet}";
|
pool = "${net.cidr.host 50 subnet} - ${net.cidr.host (-6) subnet}";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
option-data = [
|
option-data =
|
||||||
{
|
[
|
||||||
name = "routers";
|
|
||||||
data = "${net.cidr.host 1 subnet}";
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
name = "domain-name-servers";
|
name = "domain-name-servers";
|
||||||
data = "${net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4}";
|
data = "${net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4}";
|
||||||
}
|
}
|
||||||
];
|
]
|
||||||
|
++ lib.optional internet {
|
||||||
|
name = "routers";
|
||||||
|
data = "${net.cidr.host 1 subnet}";
|
||||||
|
};
|
||||||
reservations = [
|
reservations = [
|
||||||
{
|
{
|
||||||
# homematic
|
# homematic
|
||||||
|
|
|
@ -109,6 +109,11 @@ in
|
||||||
default = null;
|
default = null;
|
||||||
description = "The CIDRv6 of this vlan";
|
description = "The CIDRv6 of this vlan";
|
||||||
};
|
};
|
||||||
|
internet = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = true;
|
||||||
|
description = "Whether this vlan is connected to the internet";
|
||||||
|
};
|
||||||
|
|
||||||
name = mkOption {
|
name = mkOption {
|
||||||
description = "The name of this VLAN";
|
description = "The name of this VLAN";
|
||||||
|
@ -130,7 +135,8 @@ in
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
host = mkOption {
|
host = mkOption {
|
||||||
type = types.str;
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
description = "The node-name on which this service runs";
|
description = "The node-name on which this service runs";
|
||||||
};
|
};
|
||||||
ip = mkOption {
|
ip = mkOption {
|
||||||
|
|
Loading…
Reference in a new issue