From 668fa94359080e2bada4e88a721cf893f0264d40 Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Mon, 12 Jun 2023 17:06:55 +0200 Subject: [PATCH] Add ha2, update home-assistant config --- hosts/chonk/home-assistant.nix | 17 ++- hosts/companion/home-assistant.nix | 136 ++++++++++++--------- hosts/giggles/configuration.nix | 25 ++-- hosts/giggles/home-assistant.nix | 94 ++++++++++++++ secrets/home-assistant_giggles_secrets.age | 13 ++ secrets/secrets.nix | 4 + 6 files changed, 210 insertions(+), 79 deletions(-) create mode 100644 hosts/giggles/home-assistant.nix create mode 100644 secrets/home-assistant_giggles_secrets.age diff --git a/hosts/chonk/home-assistant.nix b/hosts/chonk/home-assistant.nix index 56b2b655..4c6da724 100644 --- a/hosts/chonk/home-assistant.nix +++ b/hosts/chonk/home-assistant.nix @@ -5,17 +5,22 @@ ... }: { # HTTP - services.nginx = { - virtualHosts."ha.gssws.de" = { + services.nginx.virtualHosts = let + makeVirtualHost = target: { enableACME = true; forceSSL = true; locations."/" = { - proxyPass = "http://10.0.1.254:8123"; + proxyPass = target; proxyWebsockets = true; - extraConfig = - "proxy_ssl_server_name on;" - + "proxy_pass_header Authorization;"; + extraConfig = '' + proxy_ssl_server_name on; + proxy_pass_header Authorization; + ''; }; }; + in { + "ha.gssws.de" = makeVirtualHost "http://10.0.1.254:8123"; + "ha2.gssws.de" = makeVirtualHost "http://10.0.1.11:8123"; + "ha.karinsokolowski.de" = makeVirtualHost "http://10.0.1.13:8123"; }; } diff --git a/hosts/companion/home-assistant.nix b/hosts/companion/home-assistant.nix index 6ee6df3a..04b7fa5c 100644 --- a/hosts/companion/home-assistant.nix +++ b/hosts/companion/home-assistant.nix @@ -4,73 +4,87 @@ pkgs, ... }: { - config = { - services.mosquitto = { - enable = true; - listeners = [ - { - users = { - z2m.hashedPassword = "$7$101$iZE7WOCQIaLtuoVN$M7AAB/mMmhkuXQVmu2RPoJzm744bmwxGTJwE0eoqlPAjyQHbjmOWfEuKoo9jnQCoQu2T96gS8znsUNizGgPWiQ=="; - ha.hashedPassword = "$7$101$jLA9PReG5btNSvw8$O0c3UzCfcBcvqVH8kMZIwEims7p1L4o/DmOTHO9w9731ggC5SyUpJGQIDiUbv+IrTl/H0+Fz9QF/jvY0QCuxuA=="; - }; - } + pub-solar.home-assistant = { + enable = true; + + extraComponents = ["androidtv" "fritz" "fritzbox" "fritzbox_callmonitor" "met" "mqtt"]; + extraPackages = python3Packages: + with python3Packages; [ + # androidtv + adb-shell + aiofiles + androidtv + + # hacs + aiogithubapi + + # totop + pyotp ]; - }; - services.udev.extraRules = ''KERNEL=="ttyS0", OWNER="zigbee2mqtt", GROUP="zigbee2mqtt"''; - - services.zigbee2mqtt = { + mqtt = { enable = true; - settings = { - frontend = true; - permit_join = true; - homeassistant = true; - options = "-d -d"; - mqtt = { - user = "z2m"; - password = "!secrets.yaml mqtt_password"; - }; - serial = { - port = "/dev/ttyS0"; - adapter = "deconz"; - }; - #advanced.network_key = "'!secrets.yaml network_key'"; - }; - }; - - #users.users.hass.extraGroups = [ "tty" ]; - - services.home-assistant = { - enable = true; - extraComponents = ["fritz" "fritzbox" "fritzbox_callmonitor" "met" "mqtt"]; - config = { - homeassistant = {}; - http = { - ip_ban_enabled = false; - use_x_forwarded_for = true; - trusted_proxies = [ - "127.0.0.1" - "10.254.0.21" - "10.0.1.5" - "10.0.1.6" - "172.16.0.0/12" + users = { + ha = { + acl = [ + "readwrite #" ]; + hashedPassword = "$7$101$jLA9PReG5btNSvw8$O0c3UzCfcBcvqVH8kMZIwEims7p1L4o/DmOTHO9w9731ggC5SyUpJGQIDiUbv+IrTl/H0+Fz9QF/jvY0QCuxuA=="; + }; + nono = { + acl = [ + "readwrite #" + ]; + hashedPassword = "$7$101$votbflBI1KrRRzBy$hCC/qo7Ggaf2vaLv7lo5uPnyrTCb0i6hPQvXuL/OrrUpzP+KNl6efEU7yQ0cDH6/rJ16Fe2PWSTcW+pL8dlgmg=="; + }; + z2m = { + acl = [ + "readwrite #" + ]; + hashedPassword = "$7$101$iZE7WOCQIaLtuoVN$M7AAB/mMmhkuXQVmu2RPoJzm744bmwxGTJwE0eoqlPAjyQHbjmOWfEuKoo9jnQCoQu2T96gS8znsUNizGgPWiQ=="; }; - - energy = {}; - frontend = {}; - history = {}; - map = {}; - my = {}; - mobile_app = {}; - network = {}; - notify = {}; - person = {}; - ssdp = {}; - sun = {}; - system_health = {}; - zeroconf = {}; }; }; + + zigbee2mqtt = { + enable = true; + device = "/dev/ttyS0"; + adapter = "deconz"; + }; + + config = { + homeassistant = { + name = "Berrendorf"; + time_zone = "Europe/Berlin"; + temperature_unit = "C"; + unit_system = "metric"; + latitude = "50.9279036523298"; + longitude = "6.583225751885932"; + }; + http = { + ip_ban_enabled = false; + use_x_forwarded_for = true; + trusted_proxies = [ + "127.0.0.1" + "10.254.0.21" + "10.0.1.5" + "10.0.1.6" + ]; + }; + + energy = {}; + frontend = {}; + history = {}; + map = {}; + my = {}; + mobile_app = {}; + network = {}; + notify = {}; + person = {}; + ssdp = {}; + sun = {}; + system_health = {}; + zeroconf = {}; + }; }; } diff --git a/hosts/giggles/configuration.nix b/hosts/giggles/configuration.nix index 69aceb0e..68b7204e 100644 --- a/hosts/giggles/configuration.nix +++ b/hosts/giggles/configuration.nix @@ -1,17 +1,19 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). - -{ config, pkgs, lib, ... }: - { - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - ./home-controller.nix - ./tang-container.nix - ]; + config, + pkgs, + lib, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ./home-controller.nix + ./tang-container.nix + ./home-assistant.nix + ]; boot.loader.timeout = 0; @@ -50,7 +52,7 @@ ]; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 2380 6443 ]; + networking.firewall.allowedTCPPorts = [2380 6443]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; @@ -63,4 +65,3 @@ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? } - diff --git a/hosts/giggles/home-assistant.nix b/hosts/giggles/home-assistant.nix new file mode 100644 index 00000000..19b40be3 --- /dev/null +++ b/hosts/giggles/home-assistant.nix @@ -0,0 +1,94 @@ +{ + self, + config, + pkgs, + ... +}: { + age.secrets.home-assistant_giggles_secrets = { + file = "${self}/secrets/home-assistant_giggles_secrets.age"; + path = "${config.services.home-assistant.configDir}/secrets.yaml"; + owner = config.systemd.services.home-assistant.serviceConfig.User; + group = config.systemd.services.home-assistant.serviceConfig.Group; + mode = "0644"; + }; + + pub-solar.home-assistant = { + enable = true; + extraComponents = ["met"]; + extraPackages = python3Packages: + with python3Packages; [ + # hacs + aiogithubapi + + # totop + pyotp + ]; + + config = { + homeassistant = { + name = "Wohnung"; + time_zone = "Europe/Berlin"; + temperature_unit = "C"; + unit_system = "metric"; + latitude = "52.31501090166047"; + longitude = "8.910633035293603"; + }; + http = { + ip_ban_enabled = false; + use_x_forwarded_for = true; + trusted_proxies = [ + "127.0.0.1" + "10.254.0.21" + "10.0.1.5" + "10.0.1.6" + ]; + }; + + energy = {}; + frontend = {}; + history = {}; + map = {}; + my = {}; + mobile_app = {}; + network = {}; + notify = {}; + person = {}; + ssdp = {}; + sun = {}; + system_health = {}; + zeroconf = {}; + + device_tracker = [ + { + platform = "luci"; + host = "192.168.8.1"; + username = "!secret router_admin_username"; + password = "!secret router_admin_password"; + } + ]; + }; + + mqtt = { + enable = true; + users = { + ha = { + acl = [ + "readwrite #" + ]; + hashedPassword = "$7$101$lFt8hQl3O8aKF+bO$pcZuI18IT5t4/fpKZmLZQwQs+vcbxZdAQAYJOxRwXGYsxCRjb8jUSU+ZRlpqokOGqf/Cgvymfvml+yoGaC8eaw=="; + }; + z2m = { + acl = [ + "readwrite #" + ]; + hashedPassword = "$7$101$M0Q/s9ReWPaMy+pT$Y8t9DwmW3y74lyvYrCE+sqEcz9yGG9VaHw8vt4wVZgUVVV9muY00ymjkwsTNtaTIlnQyB7z7POPLT3PURtQfeg=="; + }; + }; + }; + + zigbee2mqtt = { + enable = true; + device = "/dev/serial/by-id/usb-Nabu_Casa_SkyConnect_v1.0_aaf7050fdb42ed11bb2843ab2a61ed69-if00-port0"; + }; + }; +} diff --git a/secrets/home-assistant_giggles_secrets.age b/secrets/home-assistant_giggles_secrets.age new file mode 100644 index 00000000..3bdf8694 --- /dev/null +++ b/secrets/home-assistant_giggles_secrets.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 hPyiJw oG/5rmZ9UgGK3e8qXKmZzhiryYmCVYeKS1nDpwSTfVs +MJKlWHLkFM5fha9l6BabAnj+bLHpwv6cjidybl+vOAc +-> ssh-ed25519 YFSOsg Ia9u8+B4u40MKJc2FcOic76b2cwz1u2rihwX/XPpySc +q82pu1G1QSYLycGElN094KRDTm8RBUeM6NiYpYer+UE +-> ssh-ed25519 iHV63A uf6L+90o2IeCY7V8434HN66Gt5L4UL6gIRfc6dYTeCs +UGYpeHJeP6h994sUFSK82Y8OgHwtP3LVbqFtJnwsND8 +-> ssh-ed25519 g09OFQ BYBvE0DQe8k1YEx8YddrGbWVLcf/ejXqispXsLWahw4 +a2fZ7U6C6oSvUQMUx8V6rBwNanyxzLTKEIxAqHJmKhU +-> Vd0/1*-grease +KHpMCkTFMg +--- zWpaOBCCbGyYYdtiMRR1qQBLltGh+voIBeGnncruCfk +&(8f+$'6Q7(ƵhEG!P9FHh5=BON6~8[v ̘,ynicڄ p_dE:32a,}c7&銧 e \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1d911d9d..452c04e1 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -25,7 +25,11 @@ let in { "email_gssws_password.age".publicKeys = users ++ systems_email_accounts; + "norman_hosting_de_momo.age".publicKeys = users ++ [system_norman]; + "home_controller_giggles_wireguard_key.age".publicKeys = users ++ [system_giggles]; + "home-assistant_giggles_secrets.age".publicKeys = users ++ [system_giggles]; + "home_controller_cox_wireguard_key.age".publicKeys = users ++ [system_cox]; "home_controller_companion_wireguard_key.age".publicKeys = users ++ [system_companion];