feat: more homeassistant
This commit is contained in:
parent
0a11ac5c48
commit
b2256f2459
|
@ -7,7 +7,12 @@
|
|||
{
|
||||
wireguard.services = {
|
||||
client.via = "nucnix";
|
||||
firewallRuleForNode.nucnix-nginx.allowedTCPPorts = [ config.services.adguardhome.port ];
|
||||
firewallRuleForNode.${globals.services.nginx.host}.allowedTCPPorts = [
|
||||
config.services.adguardhome.port
|
||||
];
|
||||
firewallRuleForNode.${globals.services.homeassistant.host}.allowedTCPPorts = [
|
||||
config.services.adguardhome.port
|
||||
];
|
||||
};
|
||||
services.adguardhome = {
|
||||
enable = true;
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
{
|
||||
config,
|
||||
globals,
|
||||
nodes,
|
||||
lib,
|
||||
...
|
||||
|
@ -24,9 +25,11 @@
|
|||
"met"
|
||||
"esphome"
|
||||
"fritzbox"
|
||||
"homematic"
|
||||
"soundtouch"
|
||||
"spotify"
|
||||
"matter"
|
||||
"esphome"
|
||||
#"zha"
|
||||
"mqtt"
|
||||
];
|
||||
|
@ -75,8 +78,15 @@
|
|||
python3Packages: with python3Packages; [
|
||||
psycopg2
|
||||
gtts
|
||||
fritzconnection
|
||||
adguardhome
|
||||
];
|
||||
};
|
||||
networking.hosts = {
|
||||
"${nodes.${globals.services.adguardhome.host}.config.wireguard.services.ipv4}" = [
|
||||
"adguardhome.internal"
|
||||
];
|
||||
};
|
||||
age.secrets."home-assistant-secrets.yaml" = {
|
||||
rekeyFile = "${config.node.secretsDir}/secrets.yaml.age";
|
||||
owner = "hass";
|
||||
|
|
|
@ -116,6 +116,29 @@ in
|
|||
enable = true;
|
||||
recommendedSetup = true;
|
||||
virtualHosts."${globals.services.netbird.domain}".useACMEHost = "web";
|
||||
upstreams.fritz = {
|
||||
servers."${lib.net.cidr.host 1 "10.99.2.0/24"}" = { };
|
||||
extraConfig = ''
|
||||
zone fritz 64k ;
|
||||
keepalive 5 ;
|
||||
'';
|
||||
};
|
||||
virtualHosts.${globals.services.fritz.domain} = {
|
||||
forceSSL = true;
|
||||
useACMEHost = "web";
|
||||
locations."/" = {
|
||||
proxyPass = "https://fritz";
|
||||
proxyWebsockets = true;
|
||||
X-Frame-Options = "SAMEORIGIN";
|
||||
};
|
||||
extraConfig = ''
|
||||
client_max_body_size 512M ;
|
||||
proxy_ssl_verify off ;
|
||||
allow ${globals.net.vlans.home.cidrv4} ;
|
||||
allow ${globals.net.vlans.home.cidrv6} ;
|
||||
deny all ;
|
||||
'';
|
||||
};
|
||||
}
|
||||
(blockOf "vaultwarden" { maxBodySize = "1G"; })
|
||||
(blockOf "forgejo" { maxBodySize = "1G"; })
|
||||
|
|
|
@ -8,6 +8,8 @@ let
|
|||
shares = lib.removeAttrs config.services.samba.settings [ "global" ];
|
||||
in
|
||||
{
|
||||
# allow direct access to shares
|
||||
networking.nftables.firewall.zones.untrusted.interfaces = [ "mv-home" ];
|
||||
services.samba-wsdd = {
|
||||
enable = true; # make shares visible for windows 10 clients
|
||||
openFirewall = true;
|
||||
|
|
|
@ -38,6 +38,7 @@ in
|
|||
id = 40;
|
||||
cidrv4 = "10.99.${toString id}.0/24";
|
||||
cidrv6 = "fd${toString id}::/64";
|
||||
internet = false;
|
||||
};
|
||||
guests = rec {
|
||||
id = 50;
|
||||
|
@ -72,6 +73,9 @@ in
|
|||
domain = "ppl.${globals.domains.web}";
|
||||
host = "elisabeth-paperless";
|
||||
};
|
||||
fritz = {
|
||||
domain = "fritz.${globals.domains.web}";
|
||||
};
|
||||
ttrss = {
|
||||
domain = "rss.${globals.domains.web}";
|
||||
host = "elisabeth-ttrss";
|
||||
|
|
|
@ -53,9 +53,7 @@
|
|||
../../config/services/${guestName}.nix
|
||||
{
|
||||
node.secretsDir = config.node.secretsDir + "/${guestName}";
|
||||
networking.nftables.firewall.zones.untrusted.interfaces = lib.mkIf (
|
||||
lib.length config.guests.${guestName}.networking.links == 1
|
||||
) config.guests.${guestName}.networking.links;
|
||||
networking.nftables.firewall.zones.untrusted.interfaces = [ "mv-services" ];
|
||||
systemd.network.networks = lib.mkIf (globals.services.${guestName}.ip != null) (
|
||||
lib.listToAttrs (
|
||||
lib.flip map vlans (
|
||||
|
@ -67,7 +65,7 @@
|
|||
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
|
||||
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
|
||||
];
|
||||
gateway = [
|
||||
gateway = lib.optionals globals.net.vlans.${name}.internet [
|
||||
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv4)
|
||||
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv6)
|
||||
];
|
||||
|
@ -127,7 +125,13 @@
|
|||
// mkContainer "netbird" { }
|
||||
// mkContainer "blog" { }
|
||||
// mkContainer "kanidm" { }
|
||||
// mkContainer "homeassistant" { }
|
||||
// mkContainer "homeassistant" {
|
||||
vlans = [
|
||||
"services"
|
||||
"devices"
|
||||
"iot"
|
||||
];
|
||||
}
|
||||
// mkContainer "nextcloud" { enablePanzer = true; }
|
||||
// mkContainer "paperless" { enableSharedPaperless = true; }
|
||||
// mkContainer "forgejo" { enablePanzer = true; }
|
||||
|
@ -137,6 +141,8 @@
|
|||
enableRenaultFT = true;
|
||||
enableBunker = true;
|
||||
enableSharedPaperless = true;
|
||||
vlans = [ "home" ];
|
||||
vlans = [
|
||||
"home"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -38,9 +38,7 @@ in
|
|||
../../config/services/${guestName}.nix
|
||||
{
|
||||
node.secretsDir = config.node.secretsDir + "/${guestName}";
|
||||
networking.nftables.firewall.zones.untrusted.interfaces = lib.mkIf (
|
||||
lib.length config.guests.${guestName}.networking.links == 1
|
||||
) config.guests.${guestName}.networking.links;
|
||||
networking.nftables.firewall.zones.untrusted.interfaces = [ "mv-services" ];
|
||||
systemd.network.networks = lib.mkIf (globals.services.${guestName}.ip != null) (
|
||||
lib.listToAttrs (
|
||||
lib.flip map vlans (
|
||||
|
@ -52,7 +50,7 @@ in
|
|||
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv4)
|
||||
(lib.net.cidr.hostCidr globals.services.${guestName}.ip globals.net.vlans.${name}.cidrv6)
|
||||
];
|
||||
gateway = [
|
||||
gateway = lib.optionals globals.net.vlans.${name}.internet [
|
||||
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv4)
|
||||
(lib.net.cidr.host 1 globals.net.vlans.${name}.cidrv6)
|
||||
];
|
||||
|
|
|
@ -35,7 +35,12 @@ in
|
|||
};
|
||||
subnet4 = flip mapAttrsToList globals.net.vlans (
|
||||
name:
|
||||
{ id, cidrv4, ... }:
|
||||
{
|
||||
id,
|
||||
cidrv4,
|
||||
internet,
|
||||
...
|
||||
}:
|
||||
rec {
|
||||
inherit id;
|
||||
interface = "lan-${name}";
|
||||
|
@ -45,16 +50,17 @@ in
|
|||
pool = "${net.cidr.host 50 subnet} - ${net.cidr.host (-6) subnet}";
|
||||
}
|
||||
];
|
||||
option-data = [
|
||||
{
|
||||
option-data =
|
||||
[
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "${net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4}";
|
||||
}
|
||||
]
|
||||
++ lib.optional internet {
|
||||
name = "routers";
|
||||
data = "${net.cidr.host 1 subnet}";
|
||||
}
|
||||
{
|
||||
name = "domain-name-servers";
|
||||
data = "${net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4}";
|
||||
}
|
||||
];
|
||||
};
|
||||
reservations = [
|
||||
{
|
||||
# homematic
|
||||
|
|
|
@ -109,6 +109,11 @@ in
|
|||
default = null;
|
||||
description = "The CIDRv6 of this vlan";
|
||||
};
|
||||
internet = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether this vlan is connected to the internet";
|
||||
};
|
||||
|
||||
name = mkOption {
|
||||
description = "The name of this VLAN";
|
||||
|
@ -130,7 +135,8 @@ in
|
|||
default = null;
|
||||
};
|
||||
host = mkOption {
|
||||
type = types.str;
|
||||
type = types.nullOr types.str;
|
||||
default = null;
|
||||
description = "The node-name on which this service runs";
|
||||
};
|
||||
ip = mkOption {
|
||||
|
|
Loading…
Reference in a new issue