nixos/home/hass: Initial Home Assistant setup

2025-03-09 22:59:59 +00:00 · 2025-03-09 22:59:59 +00:00 · adfcf2f848
commit adfcf2f848
parent a3870a4293
4 changed files with 118 additions and 5 deletions
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@ -429,6 +429,14 @@ in
        }
        (ssoServer "generic")
      ];
+      "hass.${pubDomain}" = {
+        locations."/" = {
+          proxyPass = "http://hass-ctr.${home.domain}:8123";
+          proxyWebsockets = true;
+          extraConfig = proxyHeaders;
+        };
+        useACMEHost = pubDomain;
+      };
    };

    minio =
--- a/nixos/boxes/home/palace/vms/sfh/containers/hass.nix
+++ b/nixos/boxes/home/palace/vms/sfh/containers/hass.nix
@ -1,6 +1,7 @@
 { lib, ... }:
 let
  inherit (lib.my) net;
+  inherit (lib.my.c) pubDomain;
  inherit (lib.my.c.home) domain prefixes vips hiMTU;
 in
 {
@ -24,9 +25,23 @@ in
          address = net.cidr.host (65536*5+3) prefixes.hi.v6;
        };
      };
+      lo = {
+        name = "hass-ctr-lo";
+        inherit domain;
+        mtu = 1500;
+        ipv4 = {
+          address = net.cidr.host 103 prefixes.lo.v4;
+          mask = 21;
+          gateway = null;
+        };
+        ipv6 = {
+          iid = "::5:3";
+          address = net.cidr.host (65536*5+3) prefixes.lo.v6;
+        };
+      };
    };

-    configuration = { lib, config, pkgs, assignments, ... }:
+    configuration = { lib, config, pkgs, assignments, allAssignments, ... }:
    let
      inherit (lib) mkMerge mkIf mkForce;
      inherit (lib.my) networkdAssignment;
@ -47,11 +62,61 @@ in
          };
        };

-        systemd = {
-          network.networks."80-container-host0" = networkdAssignment "host0" assignments.hi;
+        environment = {
+          systemPackages = with pkgs; [
+            usbutils
+          ];
        };

-        services = { };
+        systemd = {
+          network.networks = {
+            "80-container-host0" = networkdAssignment "host0" assignments.hi;
+            "80-container-lan-lo" = networkdAssignment "lan-lo" assignments.lo;
+          };
+        };
+
+        services = {
+          home-assistant = {
+            enable = true;
+            config = {
+              default_config = {};
+              homeassistant = {
+                name = "Home";
+                unit_system = "metric";
+                currency = "EUR";
+                country = "IE";
+                time_zone = "Europe/Dublin";
+                external_url = "https://hass.${pubDomain}";
+                internal_url = "http://hass-ctr.${domain}:${toString config.services.home-assistant.config.http.server_port}";
+              };
+              http = {
+                use_x_forwarded_for = true;
+                trusted_proxies = with allAssignments.middleman.internal; [
+                  ipv4.address
+                  ipv6.address
+                ];
+              };
+            };
+            extraComponents = [
+              "default_config"
+              "esphome"
+              "google_translate"
+
+              "met"
+              "zha"
+              "denonavr"
+              "webostv"
+            ];
+            extraPackages = python3Packages: with python3Packages; [
+              zlib-ng
+              isal
+
+              gtts
+            ];
+            configWritable = false;
+            openFirewall = true;
+          };
+        };
      };
    };
  };
--- a/nixos/boxes/home/palace/vms/sfh/default.nix
+++ b/nixos/boxes/home/palace/vms/sfh/default.nix
@ -29,7 +29,7 @@ in

    configuration = { lib, modulesPath, pkgs, config, assignments, allAssignments, ... }:
    let
-      inherit (lib) mapAttrs mkMerge;
+      inherit (lib) mapAttrs mkMerge mkForce;
      inherit (lib.my) networkdAssignment;
      inherit (lib.my.c) networkd;
      inherit (lib.my.c.home) domain;
@ -111,6 +111,13 @@ in
                MTUBytes = toString lib.my.c.home.hiMTU;
              };
            };
+            "10-lan-lo-ctrs" = {
+              matchConfig = {
+                Driver = "virtio_net";
+                PermanentMACAddress = "52:54:00:a5:7e:93";
+              };
+              linkConfig.Name = "lan-lo-ctrs";
+            };
          };

          networks = {
@ -124,9 +131,28 @@ in
              linkConfig.RequiredForOnline = "no";
              networkConfig = networkd.noL3;
            };
+            "30-lan-lo-ctrs" = {
+              matchConfig.Name = "lan-lo-ctrs";
+              linkConfig.RequiredForOnline = "no";
+              networkConfig = networkd.noL3;
+            };
          };
        };

+        systemd.nspawn = {
+          hass = {
+            networkConfig = {
+              MACVLAN = mkForce "lan-hi-ctrs:host0 lan-lo-ctrs:lan-lo";
+            };
+          };
+        };
+
+        systemd.services = {
+          "systemd-nspawn@hass".serviceConfig.DeviceAllow = [
+            "char-ttyUSB rw"
+          ];
+        };
+
        my = {
          secrets = {
            key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAAaav5Se1E/AbqEXmADryVszYfNDscyP6jrWioN57R7";
@ -151,6 +177,10 @@ in
              hass = {
                bindMounts = {
                  "/dev/bus/usb/001/002".readOnly = false;
+                  "/dev/serial/by-id/usb-Nabu_Casa_Home_Assistant_Connect_ZBT-1_ce549704fe38ef11a2c2e5d154516304-if00-port0" = {
+                    readOnly = false;
+                    mountPoint = "/dev/ttyUSB0";
+                  };
                };
              };
            };
--- a/nixos/modules/tmproot.nix
+++ b/nixos/modules/tmproot.nix
@ -561,6 +561,16 @@ in
          }
        ];
      })
+      (mkIf config.services.home-assistant.enable {
+        my.tmproot.persistence.config.directories = [
+          {
+            directory = config.services.home-assistant.configDir;
+            mode = "0750";
+            user = "hass";
+            group = "hass";
+          }
+        ];
+      })
    ]))
  ]);