xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

raspite: fix hass

Browse source
This commit is contained in:
xinyangli 2024-10-20 15:14:01 +08:00
parent 517b25a109
commit ac6ebac159
Signed by: xin
SSH key fingerprint: SHA256:UU5pRTl7NiLFJbWJZa+snLylZSXIz5rgHmwjzv8v4oE
3 changed files with 38 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -208,7 +208,7 @@
{ ... }: { ... }:
{ {
deployment = { deployment = {
targetHost = "raspite.local"; targetHost = "raspite.coho-tet.ts.net";
buildOnTarget = false; buildOnTarget = false;
}; };
nixpkgs.system = "aarch64-linux"; nixpkgs.system = "aarch64-linux";

29
machines/raspite/configuration.nix
View file

@ -8,7 +8,10 @@
{ {
imports = [ ./hass.nix ]; imports = [ ./hass.nix ];
commonSettings.nix.enableMirrors = true; commonSettings = {
nix.enableMirrors = true;
auth.enable = true;
};
nixpkgs.overlays = [ nixpkgs.overlays = [
# Workaround https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243 # Workaround https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243
@ -33,25 +36,15 @@
# boot.kernelPackages = pkgs.linuxPackages_stable; # boot.kernelPackages = pkgs.linuxPackages_stable;
custom.kanidm-client = {
enable = true;
uri = "https://auth.xinyang.life";
asSSHAuth = {
enable = true;
allowedGroups = [ "linux_users" ];
hardening = true;
};
sudoers = [ "xin@auth.xinyang.life" ];
};
security.sudo = {
execWheelOnly = true;
wheelNeedsPassword = false;
};
# fileSystems."/".fsType = lib.mkForce "btrfs"; # fileSystems."/".fsType = lib.mkForce "btrfs";
boot.supportedFilesystems.zfs = lib.mkForce false; boot.supportedFilesystems.zfs = lib.mkForce false;
services.dae.enable = false; services.dae.enable = true;
services.dae.configFile = "/var/lib/dae/config.dae"; services.dae.configFile = "/var/lib/dae/config.dae";
services.tailscale = {
enable = true;
permitCertUid = config.services.caddy.user;
openFirewall = true;
};
} }

48
machines/raspite/hass.nix
View file

@ -2,22 +2,21 @@
{ {
services.home-assistant = { services.home-assistant = {
enable = true; enable = true;
extraComponents = [
"default_config"
"esphome"
"met"
"radio_browser"
];
openFirewall = false; openFirewall = false;
config = { config = {
default_config = { }; default_config = { };
http = { http = {
server_host = "::1"; server_host = "127.0.0.1";
base_url = "raspite.local:1000"; use_x_forwarded_for = true;
use_x_forward_for = true; trusted_proxies = [ "127.0.0.1" ];
trusted_proxies = [ "::1" ];
}; };
}; };
extraPackages =
python3Packages: with python3Packages; [
# speed up aiohttp
isal
zlib-ng
];
}; };
services.esphome = { services.esphome = {
@ -27,23 +26,28 @@
users.groups.dialout.members = config.users.groups.wheel.members; users.groups.dialout.members = config.users.groups.wheel.members;
environment.systemPackages = with pkgs; [ zigbee2mqtt ]; services.mosquitto = {
enable = true;
};
networking.firewall.allowedTCPPorts = [ services.zigbee2mqtt = {
1000 enable = true;
1001 settings = {
]; home-assistant = config.services.home-assistant.enable;
permit_join = true;
serial = {
port = "/dev/ttyUSB0";
};
};
};
networking.firewall.allowedTCPPorts = [ 8443 ];
services.caddy = { services.caddy = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
# reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port} "raspite.coho-tet.ts.net".extraConfig = ''
"raspite.local:1000".extraConfig = '' reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port}
reverse_proxy http://[::1]:8123
'';
"raspite.local:1001".extraConfig = ''
reverse_proxy ${config.services.esphome.address}:${toString config.services.esphome.port}
''; '';
}; };
}; };