feat: homeassistant more components

feat: homeassistant ollama

config/services/homeassistant.nix

@@ -3,10 +3,15 @@
   globals,
   nodes,
   lib,
+  pkgs,
   ...
 }:
 {
   environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/private/esphome";
+      mode = "0700";
+    }
     {
       directory = config.services.home-assistant.configDir;
       user = "hass";
@@ -14,9 +19,21 @@
       mode = "0700";
     }
   ];
+
+  services.esphome = {
+    enable = true;
+    address = "0.0.0.0";
+    port = 3001;
+    #allowedDevices = lib.mkForce ["/dev/serial/by-id/usb-Silicon_Labs_CP2102_USB_to_UART_Bridge_Controller_0001-if00-port0"];
+    # TODO instead deny the zigbee device
+  };
+
   wireguard.services = {
     client.via = "nucnix";
-    firewallRuleForNode.nucnix-nginx.allowedTCPPorts = [ 3000 ];
+    firewallRuleForNode.${globals.services.nginx.host}.allowedTCPPorts = [
+      3000
+      3001
+    ];
   };
   services.home-assistant = {
     enable = true;
@@ -32,6 +49,12 @@
       "esphome"
       #"zha"
       "mqtt"
+      "ollama"
+      "solaredge"
+    ];
+    customComponents = with pkgs.home-assistant-custom-components; [
+      homematicip_local
+      pkgs.havartastorage
     ];
     config = {
       http = {
@@ -80,15 +103,23 @@
         gtts
         fritzconnection
         adguardhome
+        aiosolaredge
+        zlib-ng
+        stringcase
+        hahomematic
+        pymodbus
       ];
   };
   networking.hosts = {
     "${nodes.${globals.services.adguardhome.host}.config.wireguard.services.ipv4}" = [
       "adguardhome.internal"
     ];
+    "${nodes.${globals.services.ollama.host}.config.wireguard.services.ipv4}" = [
+      "ollama.internal"
+    ];
   };
   age.secrets."home-assistant-secrets.yaml" = {
-    rekeyFile = "${config.node.secretsDir}/secrets.yaml.age";
+    rekeyFile = config.node.secretsDir + "/secrets.yaml.age";
     owner = "hass";
   };
   systemd.services.home-assistant = {

config/services/kanidm.nix

@@ -148,6 +148,7 @@
       groups."adguardhome.access" = { };
       groups."octoprint.access" = { };
       groups."invidious.access" = { };
+      groups."esphome.access" = { };
 
       systems.oauth2.oauth2-proxy = {
         displayName = "Oauth2-Proxy";
@@ -184,6 +185,11 @@
           "email"
           "profile"
         ];
+        scopeMaps."esphome.access" = [
+          "openid"
+          "email"
+          "profile"
+        ];
         preferShortUsername = true;
         claimMaps.groups = {
           joinType = "array";
@@ -193,6 +199,7 @@
           valuesByGroup."ollama.access" = [ "ollama_access" ];
           valuesByGroup."octoprint.access" = [ "octoprint_access" ];
           valuesByGroup."invidious.access" = [ "invidious_access" ];
+          valuesByGroup."esphome.access" = [ "esphome_access" ];
         };
       };
 

config/services/nginx.nix

@@ -117,7 +117,7 @@ in
         recommendedSetup = true;
         virtualHosts."${globals.services.netbird.domain}".useACMEHost = "web";
         upstreams.fritz = {
-          servers."${lib.net.cidr.host 1 "10.99.2.0/24"}" = { };
+          servers."${lib.net.cidr.host 1 "10.99.2.0/24"}:443" = { };
           extraConfig = ''
             zone fritz 64k ;
             keepalive 5 ;
@@ -159,6 +159,7 @@ in
       (blockOf "homebox" { })
       (blockOf "homeassistant" { })
       (proxyProtect "ollama" { })
+      (proxyProtect "esphome" { port = 3001; })
       (proxyProtect "firefly" { port = 80; })
       (blockOf "apispotify" {
         port = 3000;

config/services/ollama.nix

@@ -1,11 +1,16 @@
-{ config, ... }:
+{ config, globals, ... }:
 {
   wireguard.services = {
     client.via = "nucnix";
-    firewallRuleForNode.nucnix-nginx.allowedTCPPorts = [ config.services.open-webui.port ];
+    firewallRuleForNode.${globals.services.nginx.host}.allowedTCPPorts = [
+      config.services.open-webui.port
+    ];
+    firewallRuleForNode.${globals.services.homeassistant.host}.allowedTCPPorts = [
+      config.services.ollama.port
+    ];
   };
   services.ollama = {
-    host = "localhost";
+    host = "0.0.0.0";
     port = 3001;
     enable = true;
   };
@@ -34,6 +39,8 @@
       directory = "/var/lib/private/open-webui";
       mode = "0700";
     }
+  ];
+  environment.persistence."/renaultft".directories = [
     {
       directory = "/var/lib/private/ollama";
       mode = "0700";

globals.nix

@@ -33,6 +33,7 @@ in
         id = 30;
         cidrv4 = "10.99.${toString id}.0/24";
         cidrv6 = "fd${toString id}::/64";
+        dns = false;
       };
       iot = rec {
         id = 40;
@@ -151,6 +152,10 @@ in
         domain = "hs.${globals.domains.web}";
         host = "elisabeth-homeassistant";
       };
+      esphome = {
+        domain = "esp.${globals.domains.web}";
+        host = "elisabeth-homeassistant";
+      };
     };
   };
 }

hosts/elisabeth/guests.nix

@@ -115,7 +115,9 @@
     // mkContainer "oauth2-proxy" { }
     // mkContainer "vaultwarden" { }
     // mkContainer "ddclient" { }
-    // mkContainer "ollama" { }
+    // mkContainer "ollama" {
+      enableRenaultFT = true;
+    }
     // mkContainer "murmur" { }
     // mkContainer "homebox" { }
     // mkContainer "invidious" { }

hosts/nucnix/kea.nix

@@ -39,24 +39,23 @@ in
           id,
           cidrv4,
           internet,
+          dns,
           ...
         }:
         rec {
           inherit id;
           interface = "lan-${name}";
-          subnet = "10.99.${toString id}.0/24";
+          subnet = cidrv4;
           pools = [
             {
               pool = "${net.cidr.host 50 subnet} - ${net.cidr.host (-6) subnet}";
             }
           ];
           option-data =
-            [
+            lib.optional dns {
-              {
               name = "domain-name-servers";
               data = "${net.cidr.host globals.services.adguardhome.ip globals.net.vlans.services.cidrv4}";
             }
-            ]
             ++ lib.optional internet {
               name = "routers";
               data = "${net.cidr.host 1 subnet}";
@@ -77,6 +76,11 @@ in
               hw-address = "48:9e:bd:5c:31:ac";
               ip-address = net.cidr.host 32 subnet;
             }
+            {
+              # varta
+              hw-address = "00:0c:c6:06:7a:70";
+              ip-address = net.cidr.host 20 subnet;
+            }
           ];
         }
       );

modules/globals.nix

@@ -114,6 +114,11 @@ in
                     default = true;
                     description = "Whether this vlan is connected to the internet";
                   };
+                  dns = mkOption {
+                    type = types.bool;
+                    default = vlanNetSubmod.config.internet;
+                    description = "Whether this vlan should utilize the internal dns server";
+                  };
 
                   name = mkOption {
                     description = "The name of this VLAN";

pkgs/default.nix

@@ -9,6 +9,7 @@ _inputs: [
     mongodb-bin = prev.callPackage ./mongodb-bin.nix { };
     disneyplus = prev.callPackage ./disney.nix { };
     awakened-poe-trade = prev.callPackage ./awakened-poe-trade.nix { };
+    havartastorage = prev.callPackage ./havartastorage.nix { };
     neovim-clean = prev.neovim-unwrapped.overrideAttrs (
       _neovimFinal: neovimPrev: {
         nativeBuildInputs = (neovimPrev.nativeBuildInputs or [ ]) ++ [ prev.makeWrapper ];
@@ -19,6 +20,11 @@ _inputs: [
           '';
       }
     );
+    pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
+      (_pythonFinal: _pythonPrev: {
+        vartastorage = prev.callPackage ./pyvartastorage.nix { };
+      })
+    ];
 
     path-of-building = prev.path-of-building.overrideAttrs (old: {
       postFixup =

pkgs/havartastorage.nix

@@ -0,0 +1,30 @@
+{
+  lib,
+  fetchFromGitHub,
+  buildHomeAssistantComponent,
+  python3Packages,
+}:
+
+buildHomeAssistantComponent rec {
+  owner = "Vip0r";
+  domain = "varta_storage";
+  version = "2025-1-9-unstable";
+
+  src = fetchFromGitHub {
+    inherit owner;
+    repo = "varta_storage";
+    rev = "592cfd8692b24b131cadaa8c6280660fdc262886";
+    hash = "sha256-u5VneR7s3V+NjoTnDYPAO2aJeqpDQwPu5Eko5CZQXTw=";
+  };
+
+  dependencies = [
+    python3Packages.vartastorage
+  ];
+
+  meta = with lib; {
+    description = "Send notifications with ntfy.sh and selfhosted ntfy-servers";
+    homepage = "https://github.com/hbrennhaeuser/homeassistant_integration_ntfy";
+    maintainers = with maintainers; [ koral ];
+    license = licenses.gpl3;
+  };
+}

pkgs/pyvartastorage.nix

@@ -0,0 +1,40 @@
+{
+  lib,
+  python3Packages,
+  fetchFromGitHub,
+}:
+
+python3Packages.buildPythonPackage rec {
+  pname = "vartastorage";
+  version = "2025.1.9";
+
+  disabled = python3Packages.pythonOlder "3.12";
+
+  src = fetchFromGitHub {
+    owner = "Vip0r";
+    repo = "vartastorage";
+    rev = "5e24b25dbafeabceefd513001f3b8b6a598463a1";
+    hash = "sha256-8eZOTQUbv7ing05aIYYJcP3zfLc91plC7QNqM7a3ZZQ=";
+  };
+
+  __darwinAllowLocalNetworking = true;
+
+  build-system = [ ];
+
+  dependencies = [
+  ];
+
+  nativeCheckInputs = [
+  ];
+
+  meta = with lib; {
+    description = "Python module to interact with HomeMatic devices";
+    homepage = "https://github.com/SukramJ/hahomematic";
+    changelog = "https://github.com/SukramJ/hahomematic/blob/${src.tag}/changelog.md";
+    license = licenses.mit;
+    maintainers = with maintainers; [
+      dotlambda
+      fab
+    ];
+  };
+}