Add ha2, update home-assistant config

hosts/chonk/home-assistant.nix

@@ -5,17 +5,22 @@
   ...
 }: {
   # HTTP
-  services.nginx = {
+  services.nginx.virtualHosts = let
-    virtualHosts."ha.gssws.de" = {
+    makeVirtualHost = target: {
       enableACME = true;
       forceSSL = true;
       locations."/" = {
-        proxyPass = "http://10.0.1.254:8123";
+        proxyPass = target;
         proxyWebsockets = true;
-        extraConfig =
+        extraConfig = ''
-          "proxy_ssl_server_name on;"
+          proxy_ssl_server_name on;
-          + "proxy_pass_header Authorization;";
+          proxy_pass_header Authorization;
+        '';
       };
     };
+  in {
+    "ha.gssws.de" = makeVirtualHost "http://10.0.1.254:8123";
+    "ha2.gssws.de" = makeVirtualHost "http://10.0.1.11:8123";
+    "ha.karinsokolowski.de" = makeVirtualHost "http://10.0.1.13:8123";
   };
 }

hosts/companion/home-assistant.nix

@@ -4,73 +4,87 @@
   pkgs,
   ...
 }: {
-  config = {
+  pub-solar.home-assistant = {
-    services.mosquitto = {
+    enable = true;
-      enable = true;
+
-      listeners = [
+    extraComponents = ["androidtv" "fritz" "fritzbox" "fritzbox_callmonitor" "met" "mqtt"];
-        {
+    extraPackages = python3Packages:
-          users = {
+      with python3Packages; [
-            z2m.hashedPassword = "$7$101$iZE7WOCQIaLtuoVN$M7AAB/mMmhkuXQVmu2RPoJzm744bmwxGTJwE0eoqlPAjyQHbjmOWfEuKoo9jnQCoQu2T96gS8znsUNizGgPWiQ==";
+        # androidtv
-            ha.hashedPassword = "$7$101$jLA9PReG5btNSvw8$O0c3UzCfcBcvqVH8kMZIwEims7p1L4o/DmOTHO9w9731ggC5SyUpJGQIDiUbv+IrTl/H0+Fz9QF/jvY0QCuxuA==";
+        adb-shell
-          };
+        aiofiles
-        }
+        androidtv
+
+        # hacs
+        aiogithubapi
+
+        # totop
+        pyotp
       ];
-    };
 
-    services.udev.extraRules = ''KERNEL=="ttyS0", OWNER="zigbee2mqtt", GROUP="zigbee2mqtt"'';
+    mqtt = {
-
-    services.zigbee2mqtt = {
       enable = true;
-      settings = {
+      users = {
-        frontend = true;
+        ha = {
-        permit_join = true;
+          acl = [
-        homeassistant = true;
+            "readwrite #"
-        options = "-d -d";
-        mqtt = {
-          user = "z2m";
-          password = "!secrets.yaml mqtt_password";
-        };
-        serial = {
-          port = "/dev/ttyS0";
-          adapter = "deconz";
-        };
-        #advanced.network_key = "'!secrets.yaml network_key'";
-      };
-    };
-
-    #users.users.hass.extraGroups = [ "tty" ];
-
-    services.home-assistant = {
-      enable = true;
-      extraComponents = ["fritz" "fritzbox" "fritzbox_callmonitor" "met" "mqtt"];
-      config = {
-        homeassistant = {};
-        http = {
-          ip_ban_enabled = false;
-          use_x_forwarded_for = true;
-          trusted_proxies = [
-            "127.0.0.1"
-            "10.254.0.21"
-            "10.0.1.5"
-            "10.0.1.6"
-            "172.16.0.0/12"
           ];
+          hashedPassword = "$7$101$jLA9PReG5btNSvw8$O0c3UzCfcBcvqVH8kMZIwEims7p1L4o/DmOTHO9w9731ggC5SyUpJGQIDiUbv+IrTl/H0+Fz9QF/jvY0QCuxuA==";
+        };
+        nono = {
+          acl = [
+            "readwrite #"
+          ];
+          hashedPassword = "$7$101$votbflBI1KrRRzBy$hCC/qo7Ggaf2vaLv7lo5uPnyrTCb0i6hPQvXuL/OrrUpzP+KNl6efEU7yQ0cDH6/rJ16Fe2PWSTcW+pL8dlgmg==";
+        };
+        z2m = {
+          acl = [
+            "readwrite #"
+          ];
+          hashedPassword = "$7$101$iZE7WOCQIaLtuoVN$M7AAB/mMmhkuXQVmu2RPoJzm744bmwxGTJwE0eoqlPAjyQHbjmOWfEuKoo9jnQCoQu2T96gS8znsUNizGgPWiQ==";
         };
-
-        energy = {};
-        frontend = {};
-        history = {};
-        map = {};
-        my = {};
-        mobile_app = {};
-        network = {};
-        notify = {};
-        person = {};
-        ssdp = {};
-        sun = {};
-        system_health = {};
-        zeroconf = {};
       };
     };
+
+    zigbee2mqtt = {
+      enable = true;
+      device = "/dev/ttyS0";
+      adapter = "deconz";
+    };
+
+    config = {
+      homeassistant = {
+        name = "Berrendorf";
+        time_zone = "Europe/Berlin";
+        temperature_unit = "C";
+        unit_system = "metric";
+        latitude = "50.9279036523298";
+        longitude = "6.583225751885932";
+      };
+      http = {
+        ip_ban_enabled = false;
+        use_x_forwarded_for = true;
+        trusted_proxies = [
+          "127.0.0.1"
+          "10.254.0.21"
+          "10.0.1.5"
+          "10.0.1.6"
+        ];
+      };
+
+      energy = {};
+      frontend = {};
+      history = {};
+      map = {};
+      my = {};
+      mobile_app = {};
+      network = {};
+      notify = {};
+      person = {};
+      ssdp = {};
+      sun = {};
+      system_health = {};
+      zeroconf = {};
+    };
   };
 }

hosts/giggles/configuration.nix

@@ -1,17 +1,19 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
-
-{ config, pkgs, lib, ... }:
-
 {
-  imports =
+  config,
-    [
+  pkgs,
-      # Include the results of the hardware scan.
+  lib,
-      ./hardware-configuration.nix
+  ...
-      ./home-controller.nix
+}: {
-      ./tang-container.nix
+  imports = [
-    ];
+    # Include the results of the hardware scan.
+    ./hardware-configuration.nix
+    ./home-controller.nix
+    ./tang-container.nix
+    ./home-assistant.nix
+  ];
 
   boot.loader.timeout = 0;
 
@@ -50,7 +52,7 @@
   ];
 
   # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [ 2380 6443 ];
+  networking.firewall.allowedTCPPorts = [2380 6443];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;
@@ -63,4 +65,3 @@
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
   system.stateVersion = "22.11"; # Did you read the comment?
 }
-

hosts/giggles/home-assistant.nix

@@ -0,0 +1,94 @@
+{
+  self,
+  config,
+  pkgs,
+  ...
+}: {
+  age.secrets.home-assistant_giggles_secrets = {
+    file = "${self}/secrets/home-assistant_giggles_secrets.age";
+    path = "${config.services.home-assistant.configDir}/secrets.yaml";
+    owner = config.systemd.services.home-assistant.serviceConfig.User;
+    group = config.systemd.services.home-assistant.serviceConfig.Group;
+    mode = "0644";
+  };
+
+  pub-solar.home-assistant = {
+    enable = true;
+    extraComponents = ["met"];
+    extraPackages = python3Packages:
+      with python3Packages; [
+        # hacs
+        aiogithubapi
+
+        # totop
+        pyotp
+      ];
+
+    config = {
+      homeassistant = {
+        name = "Wohnung";
+        time_zone = "Europe/Berlin";
+        temperature_unit = "C";
+        unit_system = "metric";
+        latitude = "52.31501090166047";
+        longitude = "8.910633035293603";
+      };
+      http = {
+        ip_ban_enabled = false;
+        use_x_forwarded_for = true;
+        trusted_proxies = [
+          "127.0.0.1"
+          "10.254.0.21"
+          "10.0.1.5"
+          "10.0.1.6"
+        ];
+      };
+
+      energy = {};
+      frontend = {};
+      history = {};
+      map = {};
+      my = {};
+      mobile_app = {};
+      network = {};
+      notify = {};
+      person = {};
+      ssdp = {};
+      sun = {};
+      system_health = {};
+      zeroconf = {};
+
+      device_tracker = [
+        {
+          platform = "luci";
+          host = "192.168.8.1";
+          username = "!secret router_admin_username";
+          password = "!secret router_admin_password";
+        }
+      ];
+    };
+
+    mqtt = {
+      enable = true;
+      users = {
+        ha = {
+          acl = [
+            "readwrite #"
+          ];
+          hashedPassword = "$7$101$lFt8hQl3O8aKF+bO$pcZuI18IT5t4/fpKZmLZQwQs+vcbxZdAQAYJOxRwXGYsxCRjb8jUSU+ZRlpqokOGqf/Cgvymfvml+yoGaC8eaw==";
+        };
+        z2m = {
+          acl = [
+            "readwrite #"
+          ];
+          hashedPassword = "$7$101$M0Q/s9ReWPaMy+pT$Y8t9DwmW3y74lyvYrCE+sqEcz9yGG9VaHw8vt4wVZgUVVV9muY00ymjkwsTNtaTIlnQyB7z7POPLT3PURtQfeg==";
+        };
+      };
+    };
+
+    zigbee2mqtt = {
+      enable = true;
+      device = "/dev/serial/by-id/usb-Nabu_Casa_SkyConnect_v1.0_aaf7050fdb42ed11bb2843ab2a61ed69-if00-port0";
+    };
+  };
+}

secrets/home-assistant_giggles_secrets.age

@@ -0,0 +1,13 @@
+age-encryption.org/v1
+-> ssh-ed25519 hPyiJw oG/5rmZ9UgGK3e8qXKmZzhiryYmCVYeKS1nDpwSTfVs
+MJKlWHLkFM5fha9l6BabAnj+bLHpwv6cjidybl+vOAc
+-> ssh-ed25519 YFSOsg Ia9u8+B4u40MKJc2FcOic76b2cwz1u2rihwX/XPpySc
+q82pu1G1QSYLycGElN094KRDTm8RBUeM6NiYpYer+UE
+-> ssh-ed25519 iHV63A uf6L+90o2IeCY7V8434HN66Gt5L4UL6gIRfc6dYTeCs
+UGYpeHJeP6h994sUFSK82Y8OgHwtP3LVbqFtJnwsND8
+-> ssh-ed25519 g09OFQ BYBvE0DQe8k1YEx8YddrGbWVLcf/ejXqispXsLWahw4
+a2fZ7U6C6oSvUQMUx8V6rBwNanyxzLTKEIxAqHJmKhU
+-> Vd0/1*-grease
+KHpMCkTFMg
+--- zWpaOBCCbGyYYdtiMRR1qQBLltGh+voIBeGnncruCfk
+ó&(8f+ä…$à'ˆ6Q7(–ƵhEŸGÍ!P9Fã–ÅHh5í…Ôÿ=BOýN°6~°Ã8è[vçÅù óùãË̘,ô­y»<>¼ê‹n
i§cÚ„…¹
p¡ì_dâêE’¨³Ç:32a,„
È}­c<C2AD>ãÈ7&銧‡e

secrets/secrets.nix

@@ -25,7 +25,11 @@ let
 in {
   "email_gssws_password.age".publicKeys = users ++ systems_email_accounts;
 
+  "norman_hosting_de_momo.age".publicKeys = users ++ [system_norman];
+
   "home_controller_giggles_wireguard_key.age".publicKeys = users ++ [system_giggles];
+  "home-assistant_giggles_secrets.age".publicKeys = users ++ [system_giggles];
+
   "home_controller_cox_wireguard_key.age".publicKeys = users ++ [system_cox];
   "home_controller_companion_wireguard_key.age".publicKeys = users ++ [system_companion];