nixos/home/hass: Initial Home Assistant setup

nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix

@@ -429,6 +429,14 @@ in
         }
         (ssoServer "generic")
       ];
+      "hass.${pubDomain}" = {
+        locations."/" = {
+          proxyPass = "http://hass-ctr.${home.domain}:8123";
+          proxyWebsockets = true;
+          extraConfig = proxyHeaders;
+        };
+        useACMEHost = pubDomain;
+      };
     };
 
     minio =

nixos/boxes/home/palace/vms/sfh/containers/hass.nix

@@ -1,6 +1,7 @@
 { lib, ... }:
 let
   inherit (lib.my) net;
+  inherit (lib.my.c) pubDomain;
   inherit (lib.my.c.home) domain prefixes vips hiMTU;
 in
 {
@@ -24,9 +25,23 @@ in
           address = net.cidr.host (65536*5+3) prefixes.hi.v6;
         };
       };
+      lo = {
+        name = "hass-ctr-lo";
+        inherit domain;
+        mtu = 1500;
+        ipv4 = {
+          address = net.cidr.host 103 prefixes.lo.v4;
+          mask = 21;
+          gateway = null;
+        };
+        ipv6 = {
+          iid = "::5:3";
+          address = net.cidr.host (65536*5+3) prefixes.lo.v6;
+        };
+      };
     };
 
-    configuration = { lib, config, pkgs, assignments, ... }:
+    configuration = { lib, config, pkgs, assignments, allAssignments, ... }:
     let
       inherit (lib) mkMerge mkIf mkForce;
       inherit (lib.my) networkdAssignment;
@@ -47,11 +62,61 @@ in
           };
         };
 
-        systemd = {
+        environment = {
-          network.networks."80-container-host0" = networkdAssignment "host0" assignments.hi;
+          systemPackages = with pkgs; [
+            usbutils
+          ];
         };
 
-        services = { };
+        systemd = {
+          network.networks = {
+            "80-container-host0" = networkdAssignment "host0" assignments.hi;
+            "80-container-lan-lo" = networkdAssignment "lan-lo" assignments.lo;
+          };
+        };
+
+        services = {
+          home-assistant = {
+            enable = true;
+            config = {
+              default_config = {};
+              homeassistant = {
+                name = "Home";
+                unit_system = "metric";
+                currency = "EUR";
+                country = "IE";
+                time_zone = "Europe/Dublin";
+                external_url = "https://hass.${pubDomain}";
+                internal_url = "http://hass-ctr.${domain}:${toString config.services.home-assistant.config.http.server_port}";
+              };
+              http = {
+                use_x_forwarded_for = true;
+                trusted_proxies = with allAssignments.middleman.internal; [
+                  ipv4.address
+                  ipv6.address
+                ];
+              };
+            };
+            extraComponents = [
+              "default_config"
+              "esphome"
+              "google_translate"
+
+              "met"
+              "zha"
+              "denonavr"
+              "webostv"
+            ];
+            extraPackages = python3Packages: with python3Packages; [
+              zlib-ng
+              isal
+
+              gtts
+            ];
+            configWritable = false;
+            openFirewall = true;
+          };
+        };
       };
     };
   };

nixos/boxes/home/palace/vms/sfh/default.nix

@@ -29,7 +29,7 @@ in
 
     configuration = { lib, modulesPath, pkgs, config, assignments, allAssignments, ... }:
     let
-      inherit (lib) mapAttrs mkMerge;
+      inherit (lib) mapAttrs mkMerge mkForce;
       inherit (lib.my) networkdAssignment;
       inherit (lib.my.c) networkd;
       inherit (lib.my.c.home) domain;
@@ -111,6 +111,13 @@ in
                 MTUBytes = toString lib.my.c.home.hiMTU;
               };
             };
+            "10-lan-lo-ctrs" = {
+              matchConfig = {
+                Driver = "virtio_net";
+                PermanentMACAddress = "52:54:00:a5:7e:93";
+              };
+              linkConfig.Name = "lan-lo-ctrs";
+            };
           };
 
           networks = {
@@ -124,8 +131,27 @@ in
               linkConfig.RequiredForOnline = "no";
               networkConfig = networkd.noL3;
             };
+            "30-lan-lo-ctrs" = {
+              matchConfig.Name = "lan-lo-ctrs";
+              linkConfig.RequiredForOnline = "no";
+              networkConfig = networkd.noL3;
             };
           };
+        };
+
+        systemd.nspawn = {
+          hass = {
+            networkConfig = {
+              MACVLAN = mkForce "lan-hi-ctrs:host0 lan-lo-ctrs:lan-lo";
+            };
+          };
+        };
+
+        systemd.services = {
+          "systemd-nspawn@hass".serviceConfig.DeviceAllow = [
+            "char-ttyUSB rw"
+          ];
+        };
 
         my = {
           secrets = {
@@ -151,6 +177,10 @@ in
               hass = {
                 bindMounts = {
                   "/dev/bus/usb/001/002".readOnly = false;
+                  "/dev/serial/by-id/usb-Nabu_Casa_Home_Assistant_Connect_ZBT-1_ce549704fe38ef11a2c2e5d154516304-if00-port0" = {
+                    readOnly = false;
+                    mountPoint = "/dev/ttyUSB0";
+                  };
                 };
               };
             };

nixos/modules/tmproot.nix

@@ -561,6 +561,16 @@ in
           }
         ];
       })
+      (mkIf config.services.home-assistant.enable {
+        my.tmproot.persistence.config.directories = [
+          {
+            directory = config.services.home-assistant.configDir;
+            mode = "0750";
+            user = "hass";
+            group = "hass";
+          }
+        ];
+      })
     ]))
   ]);