fix: tewi ha, ...

2026-02-09 04:19:19 -08:00 · 2022-09-16 11:37:18 -07:00 · 2022-09-16 11:37:18 -07:00 · 57e48cd9a8
commit 57e48cd9a8
parent 67c2e70205
6 changed files with 190 additions and 3 deletions
--- a/nixos/systems/tewi/home-assistant.nix
+++ b/nixos/systems/tewi/home-assistant.nix
@ -0,0 +1,107 @@
+{ config, lib, ... }: {
+  services.home-assistant = {
+    enable = true;
+    config = {
+      automation = "automations.yaml";
+      config = null;
+      counter = null;
+      device_tracker = null;
+      dhcp = null;
+      energy = null;
+      frontend = { themes = "themes"; };
+      google_assistant = null;
+      group = "groups.yaml";
+      history = null;
+      homeassistant = {
+        external_url = "https://home.gensokyo.zone";
+        packages = "packages";
+      };
+      http = {
+        cors_allowed_origins = [
+          "https://google.com"
+          "https://www.home-assistant.io"
+        ];
+        trusted_proxies = [
+          "127.0.0.0/24"
+          "200::/7"
+        ];
+        use_x_forwarded_for = true;
+      };
+      image = null;
+      input_boolean = null;
+      input_datetime = null;
+      input_number = null;
+      input_select = null;
+      input_text = null;
+      logbook = null;
+      logger = {
+        default = "info";
+      };
+      device_tracker = null;
+      map = null;
+      media_source = null;
+      mobile_app = null;
+      my = null;
+      person = null;
+      recorder = {
+        auto_purge = true;
+        commit_interval = 1;
+        exclude = {
+          domains = [
+            "automation"
+              "updater"
+          ]; 
+          entities = [
+            "sun.sun"
+              "sensor.last_boot"
+              "sensor.date"
+              "sensor.time"
+          ];
+          entity_globs = [
+            "sensor.weather_*"
+              "sensor.date_*"
+          ];
+          event_types = [
+            "call_service"
+          ];
+        };
+        purge_keep_days = 14;
+      };
+      scene = "scenes.yaml";
+      script = "scripts.yaml";
+      ssdp = null;
+      stream = null;
+      sun = null;
+      switch = null;
+      system_health = null;
+      tag = null;
+      template = null;
+      timer = null;
+      tts = [{
+        platform = "google_translate";
+        service_name = "google_say";
+      }];
+      wake_on_lan = null;
+      webhook = null;
+      zeroconf = null;
+      zone = null;
+    };
+    extraComponents = [
+      "zha"
+        "esphome"
+        "apple_tv"
+        "spotify"
+        "default_config"
+        "cast"
+        "plex"
+        "google"
+        "google_assistant"
+        "google_cloud"
+        "google_translate"
+        "homekit"
+        "mqtt"
+        "wake_on_lan"
+        "zeroconf"
+    ];
+  };
+}
--- a/nixos/systems/tewi/mosquitto.nix
+++ b/nixos/systems/tewi/mosquitto.nix
@ -0,0 +1,33 @@
+{ config, lib, tf, ... }: {
+  kw.secrets.variables.z2m-pass = {
+    path = "secrets/mosquitto";
+    field = "z2m";
+  };
+
+  secrets.files.z2m-pass = {
+    text = tf.variables.z2m-pass.ref;
+    owner = "mosquitto";
+    group = "mosquitto";
+  };
+
+  services.mosquitto = {
+    enable = true;
+    persistence = true;
+    listeners = [{
+      acl = [
+        "pattern readwrite #"
+      ];
+      users = {
+        z2m = {
+          passwordFile = config.secrets.files.z2m-pass.path;
+          acl = [
+            "topic readwrite zigbee2mqtt/#"
+          ];
+        };
+      };
+      settings = {
+        allow_anonymous = false;
+      };
+    }];
+  };
+}
--- a/nixos/systems/tewi/nixos.nix
+++ b/nixos/systems/tewi/nixos.nix
@ -3,7 +3,9 @@
 {
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
-
+    ./home-assistant.nix
+    ./zigbee2mqtt.nix
+    ./mosquitto.nix
  ];

  deploy.tf = {
--- a/nixos/systems/tewi/zigbee2mqtt.nix
+++ b/nixos/systems/tewi/zigbee2mqtt.nix
@ -0,0 +1,45 @@
+{ config, lib, tf, ... }: {
+  services.zigbee2mqtt = {
+    enable = true;
+    settings = {
+      advanced = {
+        log_level = "info";
+        network_key = "!secret network_key";
+      };
+      homeassistant = true;
+      permit_join = true;
+      frontend = {
+        port = 8072;
+      };
+      serial = {
+        port = "/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0";
+      };
+
+    };
+  };
+
+  kw.secrets.variables.z2m-network-key = {
+    path = "secrets/zigbee2mqtt";
+    field = "password";
+  };
+
+  secrets.files.zigbee2mqtt-config = {
+    text = builtins.toJSON config.services.zigbee2mqtt.settings;
+    owner = "zigbee2mqtt";
+    group = "zigbee2mqtt";
+  };
+
+  secrets.files.zigbee2mqtt-secret = {
+    text = "network_key: ${tf.variables.z2m-network-key.ref}";
+    owner = "zigbee2mqtt";
+    group = "zigbee2mqtt";
+  };
+
+  systemd.services.zigbee2mqtt.preStart = let cfg = config.services.zigbee2mqtt; in lib.mkForce ''
+    cp --no-preserve=mode ${config.secrets.files.zigbee2mqtt-config.path} "${cfg.dataDir}/configuration.yaml"
+    cp --no-preserve=mode ${config.secrets.files.zigbee2mqtt-secret.path} "${cfg.dataDir}/secret.yaml"
+  '';
+
+  network.firewall.public.tcp.ports = [ 8123 8072 1883 ];
+  network.firewall.private.tcp.ports = [ 8123 ];
+}