{ pkgs, config, lib, inputs, ... }: let nixservice = "home-assistant"; service = "hass"; cfg = config.homelab.${service}; sec = config.sops.secrets; homelab = config.homelab; in { options.homelab.${service} = { enable = lib.mkEnableOption "enables ${service}"; # set port options port = lib.mkOption { type = lib.types.int; default = 7704; description = "set port for ${service} (default: ${toString cfg.port}"; }; url = lib.mkOption { type = lib.types.str; default = "${service}.${homelab.base_domain}"; description = "set domain for ${service}"; }; data_dir = lib.mkOption { type = lib.types.str; default = "/var/lib/${service}"; description = "set data directory for ${service}"; }; ids = lib.mkOption { type = lib.types.int; default = cfg.port; description = "set uid and pid of ${service} user (matches port by default)"; }; backup = lib.mkOption { type = lib.types.bool; default = true; description = "enable backups for ${service}"; }; motd = lib.mkOption { type = lib.types.nullOr lib.types.str; default = "podman-hass"; }; }; config = lib.mkIf cfg.enable { # declare ${service} group users.groups.${service} = { gid = lib.mkForce cfg.ids; }; # declare ${service} user users.users.${service} = { description = "${service} server user"; uid = lib.mkForce cfg.ids; isSystemUser = true; home = cfg.data_dir; createHome = true; group = service; extraGroups = []; }; # still suss as fuck bro man fuck virtualisation.oci-containers.containers = { hass = { image = "homeassistant/home-assistant:stable"; autoStart = true; extraOptions = [ "--pull=newer" "--network=host" ]; volumes = [ "${cfg.data_dir}:/config" ]; # ports = [ # "0.0.0.0:7704:8123" # "0.0.0.0:4141:4141" # ]; environment = { TZ = homelab.tz; PUID = toString config.users.users.${service}.uid; PGID = toString config.users.groups.${service}.gid; }; }; }; # override umask to make permissions work out systemd.services.${service}.serviceConfig = { UMask = lib.mkForce "0007"; }; # open firewall networking.firewall.allowedTCPPorts = [ cfg.port 8123 ]; # add to caddy for reverse proxy services.caddy.virtualHosts."${cfg.url}" = { serverAliases = [ "${service}.${homelab.public_domain}" ]; extraConfig = '' tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} reverse_proxy 127.0.0.1:${toString cfg.port} ''; }; # add to glance homelab.glance.links.services = [{ title = "home assistant"; url = "https://hass.${homelab.public_domain}"; error-url = "http://${homelab.host_ip}:${toString cfg.port}"; check-url = "http://${homelab.host_ip}:${toString cfg.port}"; icon = "di:${nixservice}"; }]; # add to backups homelab.backups.baks = { ${service} = { paths = [ cfg.data_dir ]; }; }; }; } # here lies my tough, and I mean fucking tough, swing at # getting this to work bare metal, ggs ill see you again # - didnt take long # -------------------------------------------------------------------------------- # # enable the ${service} service # services.${nixservice} = { # enable = true; # package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.home-assistant; # extraComponents = [ # # required for onboarding # "analytics" # "google_translate" # "met" # "radio_browser" # "shopping_list" # "isal" # "default_config" # "mqtt" # ]; # extraPackages = python3Packages: with python3Packages; [ # psycopg2 # universal-silabs-flasher # getmac # zha # ha-silabs-firmware-client # paho-mqtt # aiomqtt # aiounifi # ibeacon-ble # ]; # # imperative config # config = null; # lovelaceConfig = null; # configDir = cfg.data_dir; # # declartive poggers! ## config = { ## # Includes dependencies for a basic setup ## default_config = {}; ## }; # };