feat: more homeassistant modules

feat: include all modbus varta readings

config/services/homeassistant.nix

@@ -35,6 +35,19 @@
       3001
     ];
   };
+  networking.nftables.firewall.zones.devices.interfaces = [ "mv-devices" ];
+  networking.nftables.firewall = {
+    rules = {
+      homematic = {
+        from = [
+          "devices"
+        ];
+        to = [ "local" ];
+        allowedTCPPorts = [ 45053 ];
+      };
+    };
+  };
+
   services.home-assistant = {
     enable = true;
     extraComponents = [
@@ -55,6 +68,16 @@
     customComponents = with pkgs.home-assistant-custom-components; [
       homematicip_local
     ];
+
+    customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
+      bubble-card
+      weather-card
+      mini-graph-card
+      card-mod
+      mushroom
+      multiple-entity-row
+      button-card
+    ];
     config = {
       http = {
         server_host = [ "0.0.0.0" ];
@@ -62,6 +85,7 @@
         use_x_forwarded_for = true;
         trusted_proxies = [ nodes.nucnix-nginx.config.wireguard.services.ipv4 ];
       };
+      lovelace.mode = "yaml";
 
       homeassistant = {
         name = "!secret ha_name";
@@ -81,8 +105,9 @@
       ### Components not from default_config
 
       frontend = {
-        #themes = "!include_dir_merge_named themes";
+        themes = "!include_dir_merge_named themes";
       };
+      "automation ui" = "!include automations.yaml";
 
       # influxdb = {
       #   api_version = 2;
@@ -95,6 +120,7 @@
       #   organization = "home";
       #   bucket = "home_assistant";
       # };
+
       # Modbus Varta element backup
       modbus = {
 
@@ -253,6 +279,46 @@
               device_class = "power";
               unit_of_measurement = "W";
             }
+            ### Active Power Exponent;
+            {
+              name = "mb_varta_active_power_exponent";
+              slave = 1;
+              address = 2066;
+              data_type = "int16";
+              device_class = "power";
+            }
+            ### Apparent Power Exponent;
+            {
+              name = "mb_varta_apparent_power_exponent";
+              slave = 1;
+              address = 2067;
+              data_type = "int16";
+              device_class = "power";
+            }
+            ### Enegrey Counter Exponent;
+            {
+              name = "mb_varta_energy_counter_exponent";
+              slave = 1;
+              address = 2069;
+              data_type = "int16";
+              device_class = "power";
+            }
+            ### Capacity Counter Exponent;
+            {
+              name = "mb_varta_capacity_exponent";
+              slave = 1;
+              address = 2071;
+              data_type = "int16";
+              device_class = "power";
+            }
+            ### Grid Power Exponent;
+            {
+              name = "mb_varta_grid_power_exponent";
+              slave = 1;
+              address = 2078;
+              data_type = "int16";
+              device_class = "power";
+            }
           ];
       };
 
@@ -338,21 +404,52 @@
     rekeyFile = config.node.secretsDir + "/secrets.yaml.age";
     owner = "hass";
   };
-  systemd.services.home-assistant = {
+  systemd.services.home-assistant.preStart =
-    # Update influxdb token
+    let
-    # We don't use -i because it would require chown with is a @privileged syscall
+      modules = [
-    # INFLUXDB_TOKEN="$(cat ${config.age.secrets.hass-influxdb-token.path})" \
+        (pkgs.fetchFromGitHub {
-    #   ${lib.getExe pkgs.yq-go} '.influxdb_token = strenv(INFLUXDB_TOKEN)'
+          owner = "catppuccin";
-    preStart = lib.mkBefore ''
+          repo = "home-assistant";
-      if [[ -e ${config.services.home-assistant.configDir}/secrets.yaml ]]; then
+          rev = "e877188ca467e7bbe8991440f6b5f6b3d30347fc";
-        rm ${config.services.home-assistant.configDir}/secrets.yaml
+          hash = "sha256-eUqYlaXNLPfaKn3xcRm5AQwTOKf70JF8cepibBb9KXc=";
-      fi
+        })
+        (pkgs.fetchFromGitHub {
+          owner = "flejz";
+          repo = "hass-cyberpunk-2077-theme";
+          rev = "78077ad6298a5bbbc8de4c72858b43cedebaae12";
+          hash = "sha256-gSlykxPBKji7hAX9E2L7dDtK3zNcRvRjCq2+apgMjFg=";
+        })
+        (pkgs.fetchFromGitHub {
+          owner = "Madelena";
+          repo = "Metrology-for-Hass";
+          rev = "3e858768d5afba3f83de0d3fe836336cb20f11ea";
+          hash = "sha256-IBKIB5KandpjWyVQYXuUvTL3gHHjTLr7saskkqq3A0w=";
+        })
+      ];
+    in
+    lib.mkBefore (
+      ''
+        if [[ -e ${config.services.home-assistant.configDir}/secrets.yaml ]]; then
+          rm ${config.services.home-assistant.configDir}/secrets.yaml
+        fi
 
-        cat ${
+          cat ${
-          config.age.secrets."home-assistant-secrets.yaml".path
+            config.age.secrets."home-assistant-secrets.yaml".path
-        } > ${config.services.home-assistant.configDir}/secrets.yaml
+          } > ${config.services.home-assistant.configDir}/secrets.yaml
+
+        touch -a ${config.services.home-assistant.configDir}/{automations,scenes,scripts,manual}.yaml
+        mkdir -p ${config.services.home-assistant.configDir}/themes
+      ''
+      + lib.concatStringsSep "\n" (
+        lib.flip map modules (x: ''
+          for i in ${x}/themes/*; do
+            ln -fFns "$i" ${config.services.home-assistant.configDir}/themes/"$(basename "$i")"
+          done
+          for i in ${x}/www/*; do
+            ln -fFns "$i" ${config.services.home-assistant.configDir}/www/"$(basename "$i")"
+          done
+        '')
+      )
+    );
 
-      touch -a ${config.services.home-assistant.configDir}/{automations,scenes,scripts,manual}.yaml
-    '';
-  };
 }

hosts/nucnix/default.nix

@@ -29,9 +29,4 @@
   nixpkgs.hostPlatform = "x86_64-linux";
 
   topology.self.interfaces.lan.network = "home";
-  boot = {
-    kernelParams = [
-      "intel_iommu=on,igx_off,sm_on"
-    ];
-  };
 }

hosts/nucnix/hostapd.nix

@@ -22,6 +22,9 @@
       generator.script = "alnum";
     };
   };
+  # Hostapd tries to delete any bridges it uses when restarting
+  # If any other service dares also using the bridges, thats too bad
+  # Have fun resetting your server because they're not coming back
   systemd.services.hostapd.stopIfChanged = false;
   systemd.services.hostapd.restartIfChanged = false;
   systemd.services.hostapd.reloadTriggers = lib.mkForce [ ];
@@ -64,11 +67,15 @@
         apIsolate = true;
         # not supporte by laptop :(
         # settings.ieee80211w = 0;
-        settings.vlan_file = "${pkgs.writeText "hostaps.vlans" ''
+        logLevel = 0;
-          10 wifi-home br-home
+        settings = {
-          40 wifi-iot br-iot
+          vlan_file = "${pkgs.writeText "hostaps.vlans" ''
-          50 wifi-guests br-guests
+            10 wifi-home br-home
-        ''}";
+            40 wifi-iot br-iot
+            50 wifi-guests br-guests
+          ''}";
+          dynamic_vlan = 1;
+        };
         authentication = {
           saePasswords = [
             {