From 2fccc668055192da5f0206548d8b9cb222bdf82f Mon Sep 17 00:00:00 2001 From: blake Date: Sat, 11 Oct 2025 01:39:34 -0500 Subject: [PATCH] 257 current 2025-10-11 01:15:03 25.05.20251006.20c4598 6.12.50 * --- flake.nix | 2 +- .../smarthome/homeassistant/default.nix | 144 +++++++++++------- 2 files changed, 89 insertions(+), 57 deletions(-) diff --git a/flake.nix b/flake.nix index 5cb71a9..1ccc922 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,6 @@ # flake for blakes nixos config # define new devices in outputs -# generation: 256 current 2025-10-11 00:38:56 25.05.20251006.20c4598 6.12.50 * +# generation: 257 current 2025-10-11 01:15:03 25.05.20251006.20c4598 6.12.50 * { description = "blakes nix config"; inputs = { diff --git a/modules/homelab/services/smarthome/homeassistant/default.nix b/modules/homelab/services/smarthome/homeassistant/default.nix index 793c4af..8042569 100644 --- a/modules/homelab/services/smarthome/homeassistant/default.nix +++ b/modules/homelab/services/smarthome/homeassistant/default.nix @@ -1,7 +1,8 @@ { pkgs, config, lib, inputs, ... }: let - service = "home-assistant"; + nixservice = "home-assistant"; + service = "hass"; cfg = config.modules.services.${service}; sec = config.sops.secrets; homelab = config.modules.homelab; @@ -18,12 +19,12 @@ in }; url = lib.mkOption { type = lib.types.str; - default = "hass.${homelab.base_domain}"; + default = "${service}.${homelab.base_domain}"; description = "set domain for ${service}"; }; data_dir = lib.mkOption { type = lib.types.str; - default = "/var/lib/hass"; + default = "/var/lib/${service}"; description = "set data directory for ${service}"; }; ids = lib.mkOption { @@ -41,65 +42,96 @@ in config = lib.mkIf cfg.enable { # declare ${service} group -# users.groups.hass = { gid = lib.mkForce cfg.ids; }; +# users.groups.${service} = { gid = lib.mkForce cfg.ids; }; # declare ${service} user - # users.users.hass = { - # description = "${service} server user"; - # uid = lib.mkForce cfg.ids; - # isSystemUser = true; - # #home = cfg.data_dir; - # #createHome = true; - # group = "hass"; - # extraGroups = [ "bluetooth" ]; - # }; - - # enable the ${service} service - services.${service} = { - enable = true; - package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.home-assistant; - extraComponents = [ - # required for onboarding - "analytics" - "google_translate" - "met" - "radio_browser" - "shopping_list" - "isal" - "default_config" - "mqtt" - ]; - extraPackages = python3Packages: with python3Packages; [ - psycopg2 - universal-silabs-flasher - getmac - zha - ha-silabs-firmware-client - paho-mqtt - aiomqtt - aiounifi - - ]; - # imperative config - config = null; - lovelaceConfig = null; - configDir = cfg.data_dir; - # declartive poggers! -# config = { -# # Includes dependencies for a basic setup -# default_config = {}; -# }; + users.users.${service} = { + description = "${service} server user"; + uid = lib.mkForce cfg.ids; + isSystemUser = true; + home = cfg.data_dir; + createHome = true; + group = ${service}; + extraGroups = []; }; + + virtualisation = { + podman.enable = true; + oci-containers = { + containers = { + homeassistant = { + image = "homeassistant/home-assistant:stable"; + autoStart = true; + extraOptions = [ + "--pull=newer" + ]; + volumes = [ + "${cfg.data_dir}:/config" + ]; + ports = [ + "127.0.0.1:7704:8123" + "127.0.0.1:8124:80" + ]; + environment = { + TZ = homelab.tz; + PUID = toString users.users.${service}.uid; + PGID = toString users.groups.${service}.gid; + }; + }; + }; + }; + }; - # override umask to make permissions work out -# systemd.services.${service}.serviceConfig = { -# UMask = lib.mkForce "0007"; -# User = lib.mkForce "hass"; -# Group = lib.mkForce "hass"; +# here lies my tough, and I mean fucking tough, swing at +# getting this to work bare metal, ggs ill see you again +# -------------------------------------------------------------------------------- +# # enable the ${service} service +# services.${service} = { +# enable = true; +# package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.home-assistant; +# extraComponents = [ +# # required for onboarding +# "analytics" +# "google_translate" +# "met" +# "radio_browser" +# "shopping_list" +# "isal" +# "default_config" +# "mqtt" +# ]; +# extraPackages = python3Packages: with python3Packages; [ +# psycopg2 +# universal-silabs-flasher +# getmac +# zha +# ha-silabs-firmware-client +# paho-mqtt +# aiomqtt +# aiounifi +# ]; +# # imperative config +# config = null; +# lovelaceConfig = null; +# configDir = cfg.data_dir; +# # declartive poggers! +## config = { +## # Includes dependencies for a basic setup +## default_config = {}; +## }; # }; +# +# +# # override umask to make permissions work out +## systemd.services.${service}.serviceConfig = { +## UMask = lib.mkForce "0007"; +## User = lib.mkForce ${service}; +## Group = lib.mkForce ${service}; +## }; +# -------------------------------------------------------------------------------- -# # open firewall + # open firewall networking.firewall.allowedTCPPorts = [ cfg.port 8123 ]; # internal reverse proxy entry @@ -119,7 +151,7 @@ in }; }; # external reverse proxy entry - services.nginx.virtualHosts."hass.blakedheld.xyz" = { + services.nginx.virtualHosts."${service}.blakedheld.xyz" = { forceSSL = true; sslCertificate = sec."ssl_blakedheld_crt".path; sslCertificateKey = sec."ssl_blakedheld_key".path;