Add ha2, update home-assistant config

This commit is contained in:
Hendrik Sokolowski 2023-06-12 17:06:55 +02:00
parent e10e91571c
commit 668fa94359
6 changed files with 210 additions and 79 deletions

View file

@ -5,17 +5,22 @@
...
}: {
# HTTP
services.nginx = {
virtualHosts."ha.gssws.de" = {
services.nginx.virtualHosts = let
makeVirtualHost = target: {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.1.254:8123";
proxyPass = target;
proxyWebsockets = true;
extraConfig =
"proxy_ssl_server_name on;"
+ "proxy_pass_header Authorization;";
extraConfig = ''
proxy_ssl_server_name on;
proxy_pass_header Authorization;
'';
};
};
in {
"ha.gssws.de" = makeVirtualHost "http://10.0.1.254:8123";
"ha2.gssws.de" = makeVirtualHost "http://10.0.1.11:8123";
"ha.karinsokolowski.de" = makeVirtualHost "http://10.0.1.13:8123";
};
}

View file

@ -4,47 +4,63 @@
pkgs,
...
}: {
config = {
services.mosquitto = {
pub-solar.home-assistant = {
enable = true;
listeners = [
{
users = {
z2m.hashedPassword = "$7$101$iZE7WOCQIaLtuoVN$M7AAB/mMmhkuXQVmu2RPoJzm744bmwxGTJwE0eoqlPAjyQHbjmOWfEuKoo9jnQCoQu2T96gS8znsUNizGgPWiQ==";
ha.hashedPassword = "$7$101$jLA9PReG5btNSvw8$O0c3UzCfcBcvqVH8kMZIwEims7p1L4o/DmOTHO9w9731ggC5SyUpJGQIDiUbv+IrTl/H0+Fz9QF/jvY0QCuxuA==";
};
}
extraComponents = ["androidtv" "fritz" "fritzbox" "fritzbox_callmonitor" "met" "mqtt"];
extraPackages = python3Packages:
with python3Packages; [
# androidtv
adb-shell
aiofiles
androidtv
# hacs
aiogithubapi
# totop
pyotp
];
};
services.udev.extraRules = ''KERNEL=="ttyS0", OWNER="zigbee2mqtt", GROUP="zigbee2mqtt"'';
services.zigbee2mqtt = {
enable = true;
settings = {
frontend = true;
permit_join = true;
homeassistant = true;
options = "-d -d";
mqtt = {
user = "z2m";
password = "!secrets.yaml mqtt_password";
enable = true;
users = {
ha = {
acl = [
"readwrite #"
];
hashedPassword = "$7$101$jLA9PReG5btNSvw8$O0c3UzCfcBcvqVH8kMZIwEims7p1L4o/DmOTHO9w9731ggC5SyUpJGQIDiUbv+IrTl/H0+Fz9QF/jvY0QCuxuA==";
};
serial = {
port = "/dev/ttyS0";
nono = {
acl = [
"readwrite #"
];
hashedPassword = "$7$101$votbflBI1KrRRzBy$hCC/qo7Ggaf2vaLv7lo5uPnyrTCb0i6hPQvXuL/OrrUpzP+KNl6efEU7yQ0cDH6/rJ16Fe2PWSTcW+pL8dlgmg==";
};
z2m = {
acl = [
"readwrite #"
];
hashedPassword = "$7$101$iZE7WOCQIaLtuoVN$M7AAB/mMmhkuXQVmu2RPoJzm744bmwxGTJwE0eoqlPAjyQHbjmOWfEuKoo9jnQCoQu2T96gS8znsUNizGgPWiQ==";
};
};
};
zigbee2mqtt = {
enable = true;
device = "/dev/ttyS0";
adapter = "deconz";
};
#advanced.network_key = "'!secrets.yaml network_key'";
};
};
#users.users.hass.extraGroups = [ "tty" ];
services.home-assistant = {
enable = true;
extraComponents = ["fritz" "fritzbox" "fritzbox_callmonitor" "met" "mqtt"];
config = {
homeassistant = {};
homeassistant = {
name = "Berrendorf";
time_zone = "Europe/Berlin";
temperature_unit = "C";
unit_system = "metric";
latitude = "50.9279036523298";
longitude = "6.583225751885932";
};
http = {
ip_ban_enabled = false;
use_x_forwarded_for = true;
@ -53,7 +69,6 @@
"10.254.0.21"
"10.0.1.5"
"10.0.1.6"
"172.16.0.0/12"
];
};
@ -72,5 +87,4 @@
zeroconf = {};
};
};
};
}

View file

@ -1,16 +1,18 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
imports =
[
config,
pkgs,
lib,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home-controller.nix
./tang-container.nix
./home-assistant.nix
];
boot.loader.timeout = 0;
@ -50,7 +52,7 @@
];
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 2380 6443 ];
networking.firewall.allowedTCPPorts = [2380 6443];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
@ -63,4 +65,3 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

View file

@ -0,0 +1,94 @@
{
self,
config,
pkgs,
...
}: {
age.secrets.home-assistant_giggles_secrets = {
file = "${self}/secrets/home-assistant_giggles_secrets.age";
path = "${config.services.home-assistant.configDir}/secrets.yaml";
owner = config.systemd.services.home-assistant.serviceConfig.User;
group = config.systemd.services.home-assistant.serviceConfig.Group;
mode = "0644";
};
pub-solar.home-assistant = {
enable = true;
extraComponents = ["met"];
extraPackages = python3Packages:
with python3Packages; [
# hacs
aiogithubapi
# totop
pyotp
];
config = {
homeassistant = {
name = "Wohnung";
time_zone = "Europe/Berlin";
temperature_unit = "C";
unit_system = "metric";
latitude = "52.31501090166047";
longitude = "8.910633035293603";
};
http = {
ip_ban_enabled = false;
use_x_forwarded_for = true;
trusted_proxies = [
"127.0.0.1"
"10.254.0.21"
"10.0.1.5"
"10.0.1.6"
];
};
energy = {};
frontend = {};
history = {};
map = {};
my = {};
mobile_app = {};
network = {};
notify = {};
person = {};
ssdp = {};
sun = {};
system_health = {};
zeroconf = {};
device_tracker = [
{
platform = "luci";
host = "192.168.8.1";
username = "!secret router_admin_username";
password = "!secret router_admin_password";
}
];
};
mqtt = {
enable = true;
users = {
ha = {
acl = [
"readwrite #"
];
hashedPassword = "$7$101$lFt8hQl3O8aKF+bO$pcZuI18IT5t4/fpKZmLZQwQs+vcbxZdAQAYJOxRwXGYsxCRjb8jUSU+ZRlpqokOGqf/Cgvymfvml+yoGaC8eaw==";
};
z2m = {
acl = [
"readwrite #"
];
hashedPassword = "$7$101$M0Q/s9ReWPaMy+pT$Y8t9DwmW3y74lyvYrCE+sqEcz9yGG9VaHw8vt4wVZgUVVV9muY00ymjkwsTNtaTIlnQyB7z7POPLT3PURtQfeg==";
};
};
};
zigbee2mqtt = {
enable = true;
device = "/dev/serial/by-id/usb-Nabu_Casa_SkyConnect_v1.0_aaf7050fdb42ed11bb2843ab2a61ed69-if00-port0";
};
};
}

View file

@ -0,0 +1,13 @@
age-encryption.org/v1
-> ssh-ed25519 hPyiJw oG/5rmZ9UgGK3e8qXKmZzhiryYmCVYeKS1nDpwSTfVs
MJKlWHLkFM5fha9l6BabAnj+bLHpwv6cjidybl+vOAc
-> ssh-ed25519 YFSOsg Ia9u8+B4u40MKJc2FcOic76b2cwz1u2rihwX/XPpySc
q82pu1G1QSYLycGElN094KRDTm8RBUeM6NiYpYer+UE
-> ssh-ed25519 iHV63A uf6L+90o2IeCY7V8434HN66Gt5L4UL6gIRfc6dYTeCs
UGYpeHJeP6h994sUFSK82Y8OgHwtP3LVbqFtJnwsND8
-> ssh-ed25519 g09OFQ BYBvE0DQe8k1YEx8YddrGbWVLcf/ejXqispXsLWahw4
a2fZ7U6C6oSvUQMUx8V6rBwNanyxzLTKEIxAqHJmKhU
-> Vd0/1*-grease
KHpMCkTFMg
--- zWpaOBCCbGyYYdtiMRR1qQBLltGh+voIBeGnncruCfk
ó&(8f+ä…$à'ˆ6Q7(ƵhEŸGÍ!P9FãÅHh5í…Ôÿ=BOýN°6~°Ã8è[vçÅù óùãË̘,ô­y»<>¼êni§cÚ„…¹ p¡ì_dâêE¨³Ç:32a,„È}­c<C2AD>ãÈ7&銧 ‡e

View file

@ -25,7 +25,11 @@ let
in {
"email_gssws_password.age".publicKeys = users ++ systems_email_accounts;
"norman_hosting_de_momo.age".publicKeys = users ++ [system_norman];
"home_controller_giggles_wireguard_key.age".publicKeys = users ++ [system_giggles];
"home-assistant_giggles_secrets.age".publicKeys = users ++ [system_giggles];
"home_controller_cox_wireguard_key.age".publicKeys = users ++ [system_cox];
"home_controller_companion_wireguard_key.age".publicKeys = users ++ [system_companion];