motiejus/config
1
Fork 0
Code Packages Releases Activity

hass

Browse Source
This commit is contained in:
Motiejus Jakštys 2023-11-14 09:01:02 +02:00
parent 2af9421074
commit c3bb5e41d6
4 changed files with 59 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
data.nix
View File

@ -29,6 +29,7 @@ rec {
matrix-synapse = 8008; matrix-synapse = 8008;
vaultwarden = 8222; vaultwarden = 8222;
kodi = 8080; kodi = 8080;
hass = 8123;
prometheus = 9001; prometheus = 9001;
tailscale = 41641; tailscale = 41641;
exporters.node = 9002; exporters.node = 9002;
@ -160,6 +161,11 @@ rec {
_acme-endpoint.irc NS ns._acme-endpoint.irc _acme-endpoint.irc NS ns._acme-endpoint.irc
ns._acme-endpoint.irc A ${vno1} ns._acme-endpoint.irc A ${vno1}
hass A ${hosts."vno1-oh2.servers.jakst".jakstIP}
_acme-challenge.hass CNAME _acme-endpoint.hass
_acme-endpoint.hass NS ns._acme-endpoint.hass
ns._acme-endpoint.hass A ${vno1}
bitwarden A ${hosts."vno1-oh2.servers.jakst".jakstIP} bitwarden A ${hosts."vno1-oh2.servers.jakst".jakstIP}
_acme-challenge.bitwarden CNAME _acme-endpoint.bitwarden _acme-challenge.bitwarden CNAME _acme-endpoint.bitwarden
_acme-endpoint.bitwarden NS ns._acme-endpoint.bitwarden _acme-endpoint.bitwarden NS ns._acme-endpoint.bitwarden

13
hosts/vno1-oh2/configuration.nix
View File

@ -173,6 +173,7 @@
enable = true; enable = true;
zones."irc.jakstys.lt".accountKey = accountKey; zones."irc.jakstys.lt".accountKey = accountKey;
zones."hdd.jakstys.lt".accountKey = accountKey; zones."hdd.jakstys.lt".accountKey = accountKey;
zones."hass.jakstys.lt".accountKey = accountKey;
zones."grafana.jakstys.lt".accountKey = accountKey; zones."grafana.jakstys.lt".accountKey = accountKey;
zones."bitwarden.jakstys.lt".accountKey = accountKey; zones."bitwarden.jakstys.lt".accountKey = accountKey;
}; };
@ -250,6 +251,12 @@
metrics metrics
} }
''; '';
virtualHosts."hass.jakstys.lt".extraConfig = ''
@denied not remote_ip ${myData.subnets.tailscale.cidr}
abort @denied
reverse_proxy 127.0.0.1:8123
tls {$CREDENTIALS_DIRECTORY}/hass.jakstys.lt-cert.pem {$CREDENTIALS_DIRECTORY}/hass.jakstys.lt-key.pem
'';
virtualHosts."grafana.jakstys.lt".extraConfig = '' virtualHosts."grafana.jakstys.lt".extraConfig = ''
@denied not remote_ip ${myData.subnets.tailscale.cidr} @denied not remote_ip ${myData.subnets.tailscale.cidr}
abort @denied abort @denied
@ -526,20 +533,25 @@
systemd.services = { systemd.services = {
caddy = let caddy = let
hass = config.mj.services.nsd-acme.zones."hass.jakstys.lt";
grafana = config.mj.services.nsd-acme.zones."grafana.jakstys.lt"; grafana = config.mj.services.nsd-acme.zones."grafana.jakstys.lt";
bitwarden = config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt"; bitwarden = config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt";
in { in {
serviceConfig.LoadCredential = [ serviceConfig.LoadCredential = [
"hass.jakstys.lt-cert.pem:${hass.certFile}"
"hass.jakstys.lt-key.pem:${hass.keyFile}"
"grafana.jakstys.lt-cert.pem:${grafana.certFile}" "grafana.jakstys.lt-cert.pem:${grafana.certFile}"
"grafana.jakstys.lt-key.pem:${grafana.keyFile}" "grafana.jakstys.lt-key.pem:${grafana.keyFile}"
"bitwarden.jakstys.lt-cert.pem:${bitwarden.certFile}" "bitwarden.jakstys.lt-cert.pem:${bitwarden.certFile}"
"bitwarden.jakstys.lt-key.pem:${bitwarden.keyFile}" "bitwarden.jakstys.lt-key.pem:${bitwarden.keyFile}"
]; ];
after = [ after = [
"nsd-acme-hass.jakstys.lt.service"
"nsd-acme-grafana.jakstys.lt.service" "nsd-acme-grafana.jakstys.lt.service"
"nsd-acme-bitwarden.jakstys.lt.service" "nsd-acme-bitwarden.jakstys.lt.service"
]; ];
requires = [ requires = [
"nsd-acme-hass.jakstys.lt.service"
"nsd-acme-grafana.jakstys.lt.service" "nsd-acme-grafana.jakstys.lt.service"
"nsd-acme-bitwarden.jakstys.lt.service" "nsd-acme-bitwarden.jakstys.lt.service"
]; ];
@ -610,6 +622,7 @@
wantedBy = ["multi-user.target"]; wantedBy = ["multi-user.target"];
pathConfig = { pathConfig = {
PathChanged = [ PathChanged = [
config.mj.services.nsd-acme.zones."hass.jakstys.lt".certFile
config.mj.services.nsd-acme.zones."grafana.jakstys.lt".certFile config.mj.services.nsd-acme.zones."grafana.jakstys.lt".certFile
config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt".certFile config.mj.services.nsd-acme.zones."bitwarden.jakstys.lt".certFile
]; ];

1
modules/services/default.nix
View File

@ -5,6 +5,7 @@
./deployerbot ./deployerbot
./friendlyport ./friendlyport
./gitea ./gitea
./hass
./headscale ./headscale
./jakstpub ./jakstpub
./matrix-synapse ./matrix-synapse

39
modules/services/hass/default.nix Normal file
View File

@ -0,0 +1,39 @@
{
config,
lib,
myData,
...
}: let
cfg = config.mj.services.hass;
in {
options.mj.services.hass = with lib.types; {
enable = lib.mkEnableOption "Enable home-assistant";
};
config = lib.mkIf cfg.enable {
mj.services.friendlyport.ports = [
{
subnets = myData.subnets.vpn.cidrs;
tcp = [myData.ports.hass];
}
];
services = {
home-assistant = {
enable = true;
extraComponents = [
"esphome"
"met"
"radio_browser"
];
config = {
auth_providers = {
trusted_networks = [myData.subnets.tailscale.cidr];
#trusted_proxies = ["127.0.0.1"];
};
default_config = {};
};
};
};
};
}