yukari: move to SSDs. ha: turn off zigbee join

2026-02-09 12:29:19 -08:00 · 2022-04-10 00:31:36 +01:00 · 2022-04-10 00:31:36 +01:00 · 0d7fdc9c81
commit 0d7fdc9c81
parent 0a7ca0611a
3 changed files with 39 additions and 12 deletions
--- a/config/hosts/yukari.nix
+++ b/config/hosts/yukari.nix
@ -31,23 +31,23 @@

  fileSystems = {
    "/" = {
-      device = "zroot/safe/root";
+      device = "rpool/safe/root";
      fsType = "zfs";
    };
    "/nix" = {
-      device = "zroot/local/nix";
+      device = "rpool/local/nix";
      fsType = "zfs";
    };
    "/home" = {
-      device = "zroot/safe/home";
+      device = "rpool/safe/home";
      fsType = "zfs";
    };
    "/boot" = {
-      device = "/dev/disk/by-uuid/44CC-7137";
+      device = "/dev/disk/by-id/ata-Samsung_SSD_860_EVO_250GB_S3YJNX0K780441Z-part3";
      fsType = "vfat";
    };
    "/boot-fallback" = {
-      device = "/dev/disk/by-uuid/4520-4E5F";
+      device = "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S3R0NF1J841629N-part3";
      fsType = "vfat";
    };
    "/mnt/zraw" = {
@ -61,8 +61,8 @@
  };

  swapDevices = [
-    { device = "/dev/disk/by-uuid/682df001-bad8-4d94-a86b-9068ce5eee4c"; }
-    { device = "/dev/disk/by-uuid/1ee2d322-235c-41de-b272-7ceded4e2624"; }
+    { device = "/dev/disk/by-id/ata-Samsung_SSD_860_EVO_250GB_S3YJNX0K780441Z-part2"; }
+    { device = "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S3R0NF1J841629N-part2"; }
  ];

  boot.loader = {
@ -73,7 +73,7 @@
      device = "nodev";
      mirroredBoots = [
        {
-          devices = [ "/dev/disk/by-uuid/4520-4E5F" ];
+          devices = [ "/dev/disk/by-id/ata-Samsung_SSD_850_EVO_250GB_S3R0NF1J841629N-part3" ];
          path = "/boot-fallback";
        }
      ];
--- a/config/services/ha.nix
+++ b/config/services/ha.nix
@ -1,4 +1,4 @@
-{ config, ... }: {
+{ config, lib, tf, ... }: {
  services = {
    home-assistant = {
      enable = true;
@ -34,8 +34,12 @@
    zigbee2mqtt = {
      enable = true;
      settings = {
+        advanced = {
+          log_level = "info";
+          network_key = "!secret network_key";
+        };
        homeassistant = true;
-        permit_join = true;
+        permit_join = false;
        frontend = {
          port = 8072;
        };
@ -43,10 +47,33 @@
          port = "tcp://192.168.1.149:8888";
          adapter = "ezsp";
        };
+
      };
    };
  };

-  network.firewall.public.tcp.ports = [ 8123 ];
+  kw.secrets.variables.z2m-network-key = {
+    path = "secrets/zigbee2mqtt";
+    field = "password";
+  };
+
+  secrets.files.zigbee2mqtt-config = {
+    text = builtins.toJSON config.services.zigbee2mqtt.settings;
+    owner = "zigbee2mqtt";
+    group = "zigbee2mqtt";
+  };
+
+  secrets.files.zigbee2mqtt-secret = {
+    text = "network_key: ${tf.variables.z2m-network-key.ref}";
+    owner = "zigbee2mqtt";
+    group = "zigbee2mqtt";
+  };
+
+  systemd.services.zigbee2mqtt.preStart = let cfg = config.services.zigbee2mqtt; in lib.mkForce ''
+    cp --no-preserve=mode ${config.secrets.files.zigbee2mqtt-config.path} "${cfg.dataDir}/configuration.yaml"
+    cp --no-preserve=mode ${config.secrets.files.zigbee2mqtt-secret.path} "${cfg.dataDir}/secret.yaml"
+  '';
+
+  network.firewall.public.tcp.ports = [ 8123 8072 ];
  network.firewall.private.tcp.ports = [ 8123 ];
 }
--- a/config/tf
+++ b/config/tf
@ -1 +1 @@
-Subproject commit b4d44f3e882b132b88165a6620c47e2b8d699d99
+Subproject commit 84b1742d36714279de336e2bee37848d0b3b6de8