nixos/home/sfh: Introduce hass container

2025-03-09 20:02:47 +00:00
parent 8f4b61fc2b
commit a3870a4293
5 changed files with 147 additions and 70 deletions
--- a/nixos/boxes/home/palace/vms/default.nix
+++ b/nixos/boxes/home/palace/vms/default.nix
@@ -188,6 +188,11 @@
                hostBDF = "44:00.4";
              };
            };
+            qemuFlags = [
+              "device qemu-xhci,id=xhci"
+              # Front-right port?
+              "device usb-host,hostbus=1,hostport=4"
+            ];
          };
        };
      };
--- a/nixos/boxes/home/palace/vms/sfh/containers/default.nix
+++ b/nixos/boxes/home/palace/vms/sfh/containers/default.nix
@@ -1,5 +1,6 @@
 {
  imports = [
    ./unifi.nix
+    ./hass.nix
  ];
 }
--- a/nixos/boxes/home/palace/vms/sfh/containers/hass.nix
+++ b/nixos/boxes/home/palace/vms/sfh/containers/hass.nix
@@ -0,0 +1,58 @@
+{ lib, ... }:
+let
+  inherit (lib.my) net;
+  inherit (lib.my.c.home) domain prefixes vips hiMTU;
+in
+{
+  nixos.systems.hass = { config, ... }: {
+    system = "x86_64-linux";
+    nixpkgs = "mine";
+    rendered = config.configuration.config.my.asContainer;
+
+    assignments = {
+      hi = {
+        name = "hass-ctr";
+        inherit domain;
+        mtu = hiMTU;
+        ipv4 = {
+          address = net.cidr.host 103 prefixes.hi.v4;
+          mask = 22;
+          gateway = vips.hi.v4;
+        };
+        ipv6 = {
+          iid = "::5:3";
+          address = net.cidr.host (65536*5+3) prefixes.hi.v6;
+        };
+      };
+    };
+
+    configuration = { lib, config, pkgs, assignments, ... }:
+    let
+      inherit (lib) mkMerge mkIf mkForce;
+      inherit (lib.my) networkdAssignment;
+    in
+    {
+      config = {
+        my = {
+          deploy.enable = false;
+          server.enable = true;
+
+          secrets = {
+            key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGpYX2WbYwUqHp8bFFf0eHFrqrR8xp8IheguA054F8V4";
+            files = { };
+          };
+
+          firewall = {
+            tcp.allowed = [ ];
+          };
+        };
+
+        systemd = {
+          network.networks."80-container-host0" = networkdAssignment "host0" assignments.hi;
+        };
+
+        services = { };
+      };
+    };
+  };
+}
--- a/nixos/boxes/home/palace/vms/sfh/default.nix
+++ b/nixos/boxes/home/palace/vms/sfh/default.nix
@@ -83,6 +83,12 @@ in
          };
        };

+        environment = {
+          systemPackages = with pkgs; [
+            usbutils
+          ];
+        };
+
        systemd.network = {
          links = {
            "10-lan-hi" = {
@@ -142,6 +148,11 @@ in
          let
            instances = {
              # unifi = {};
+              hass = {
+                bindMounts = {
+                  "/dev/bus/usb/001/002".readOnly = false;
+                };
+              };
            };
          in
          mkMerge [