JakeHillion/nixos
1
0
Fork 0
Code Issues 10 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

zigbee2mqtt: move from microserver to router
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Jake Hillion 2023-07-23 18:27:54 +01:00
parent 9dd6e4f2a3
commit 0858206619
9 changed files with 143 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
hosts/microserver.home.ts.hillion.co.uk/default.nix
View File

@ -36,72 +36,12 @@
"net.ipv4.ip_forward" = true;
};
## Set up simpleproxy to Zigbee bridge
systemd.services.zigbee-simpleproxy = {
description = "Simple TCP Proxy for Zigbee Bridge";
wantedBy = [ "multi-user.target" ];
after = [ "tailscaled.service" ];
serviceConfig = {
DynamicUser = true;
ExecStart = with pkgs; "${simpleproxy}/bin/simpleproxy -L 100.105.131.47:8888 -R 10.239.19.40:8888 -v";
Restart = "always";
RestartSec = 10;
};
};
## Run a persistent iperf3 server
services.iperf3.enable = true;
services.iperf3.openFirewall = true;
## Home automation
age.secrets."mqtt/zigbee2mqtt.yaml" = {
file = ../../secrets/mqtt/zigbee2mqtt.age;
owner = "zigbee2mqtt";
};
services.mosquitto = {
enable = true;
listeners = [
{
users = {
zigbee2mqtt = {
acl = [ "readwrite #" ];
hashedPassword = "$7$101$ZrD6C+b7Xo/fUoGw$Cf/6Xm52Syv2G+5+BqpUWRs+zrTrTvBL9EFzks9q/Q6ZggXVcp+Bi3ZpmQT5Du9+42G30Y7G3hWpYbA8j1ooWg==";
};
homeassistant = {
acl = [ "readwrite #" ];
hashedPassword = "$7$101$Uah+//t9m3pt6PXx$q1F410A+k38tp+ICQjRQy2fB/Gb15sodqYHgC7NUCVChMQo4Ib9eq3zpstdMbu1j//h8/zRl/ZegxDH6kjT6Dw==";
};
};
}
];
};
services.zigbee2mqtt = {
enable = true;
settings = {
permit_join = false;
mqtt = {
server = "mqtt://microserver.home.ts.hillion.co.uk:1883";
user = "zigbee2mqtt";
password = "!${config.age.secrets."mqtt/zigbee2mqtt.yaml".path} password";
};
serial = {
port = "/dev/ttyUSB0";
};
frontend = true;
homeassistant = true;
advanced = {
channel = 15;
};
};
};
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
1883 # MQTT server
8080 # Zigbee2MQTT frontend
8888 # Zigbee bridge simple proxy
];
};
}

12
hosts/router.home.ts.hillion.co.uk/default.nix
View File

@ -70,6 +70,7 @@
# Allow trusted networks to access the router
iifname {
"lo",
"eth1",
"eth2",
"tailscale0",
@ -164,12 +165,6 @@
}
'';
machines = [
{
# Zigbee Bridge
ethernetAddress = "48:3f:da:2a:86:7a";
ipAddress = "10.239.19.40";
hostName = "tasmota-2A867A-1658";
}
{
# tywin.storage.ts.hillion.co.uk
ethernetAddress = "c8:7f:54:6d:e1:03";
@ -191,6 +186,8 @@
custom.tailscale = {
enable = true;
preAuthKeyFile = config.age.secrets."tailscale/router.home.ts.hillion.co.uk".path;
ipv4Addr = "100.105.71.48";
ipv6Addr = "fd7a:115c:a1e0:ab12:4843:cd96:6269:4730";
};
## Enable btrfs compression
@ -199,5 +196,8 @@
## Run a persistent iperf3 server
services.iperf3.enable = true;
## Zigbee2Mqtt
custom.services.zigbee2mqtt.enable = true;
};
}

1
modules/default.nix
View File

@ -13,6 +13,7 @@
./services/mastodon/default.nix
./services/matrix.nix
./services/version_tracker.nix
./services/zigbee2mqtt.nix
./storj.nix
./tailscale.nix
./users.nix

3
modules/impermanence.nix
View File

@ -32,7 +32,8 @@ in
directories = [
"/etc/nixos"
] ++ (listIf config.custom.tailscale.enable [ "/var/lib/tailscale" ]);
] ++ (listIf config.custom.tailscale.enable [ "/var/lib/tailscale" ]) ++
(listIf config.services.zigbee2mqtt.enable [ config.services.zigbee2mqtt.dataDir ]);
};
home-manager.users =

91
modules/services/zigbee2mqtt.nix Normal file
View File

@ -0,0 +1,91 @@
{ config, lib, pkgs, ... }:
let
cfg = config.custom.services.zigbee2mqtt;
in
{
options.custom.services.zigbee2mqtt = {
enable = lib.mkEnableOption "zigbee2mqtt";
backup = lib.mkOption {
type = lib.types.bool;
default = true;
};
};
config = lib.mkIf cfg.enable {
age.secrets."mqtt/zigbee2mqtt.yaml" = {
file = ../../secrets/mqtt/zigbee2mqtt.age;
owner = "zigbee2mqtt";
};
services.caddy = {
enable = true;
virtualHosts."http://zigbee2mqtt.home.ts.hillion.co.uk" = {
listenAddresses = [ config.custom.tailscale.ipv4Addr config.custom.tailscale.ipv6Addr ];
extraConfig = "reverse_proxy http://127.0.0.1:15606";
};
};
services.zigbee2mqtt = {
enable = true;
settings = {
permit_join = false;
mqtt = {
server = "mqtt://router.home.ts.hillion.co.uk:1883";
user = "zigbee2mqtt";
password = "!${config.age.secrets."mqtt/zigbee2mqtt.yaml".path} password";
};
serial = {
port = "/dev/ttyUSB0";
};
frontend = {
port = 15606;
url = "http://zigbee2mqtt.home.ts.hillion.co.uk";
};
homeassistant = true;
advanced = {
channel = 15;
};
};
};
services.mosquitto = {
enable = true;
listeners = [
{
users = {
zigbee2mqtt = {
acl = [ "readwrite #" ];
hashedPassword = "$7$101$ZrD6C+b7Xo/fUoGw$Cf/6Xm52Syv2G+5+BqpUWRs+zrTrTvBL9EFzks9q/Q6ZggXVcp+Bi3ZpmQT5Du9+42G30Y7G3hWpYbA8j1ooWg==";
};
homeassistant = {
acl = [ "readwrite #" ];
hashedPassword = "$7$101$wGQZPdVdeW7iQFmH$bK/VOR6LXCLJKbb6M4PNeVptocjBAWXCLMtEU5fQNBr0Y5UAWlhVg8UAu4IkIXgnViI51NnhXKykdlWF63VkVQ==";
};
};
}
];
};
age.secrets."resilio/zigbee2mqtt/1.6T.key" = lib.mkIf cfg.backup {
file = ../../secrets/restic/1.6T.age;
owner = "zigbee2mqtt";
};
services.restic.backups."zigbee2mqtt" = lib.mkIf cfg.backup {
repository = "rest:http://restic.tywin.storage.ts.hillion.co.uk/1.6T";
user = "zigbee2mqtt";
passwordFile = config.age.secrets."resilio/zigbee2mqtt/1.6T.key".path;
timerConfig = {
OnBootSec = "15m";
OnUnitInactiveSec = "1d";
RandomizedDelaySec = "1h";
};
paths = [ config.services.zigbee2mqtt.dataDir ];
};
};
}

20
secrets/mqtt/homeassistant.age Normal file
View File

@ -0,0 +1,20 @@
age-encryption.org/v1
-> ssh-rsa GxPFJQ
JQwr1aW+PpoDYZu2ByiZtjNoGe+D90flIc6+gXF+EgpMFwOUIW+g4+1tJ2GYhIPP
BhUDY3GJUmaTXKin0E88CwQnvImtpHRIGl4Kv2QAjK53BBMgBMcOR44c7bCo48k5
lTmv3N5LfLiIm5mIATK1Q72fVhAmg7T/U8IkS3eu2u2mGm5iatFj9cPxHGiN5w24
y/t5Lu6XewjpbilXaIP+Ya6YDpOaQ0zgYO8kRNTvUoPRz/H4SVFCcJeu+6CJcl+/
KxSIS9MvUouGXBsMDPBLNj8G8NgIAncXTwR7swW44b5twM8vJqF4BEr2OZ05CSbJ
XJjm8xbXftRp6AnFMbGheQ
-> ssh-rsa K9mW1w
I5AkWeryU6t6HbtpzFWLwTaWjDNJoVwNJ0ifV9i23QdSn8FO7Op4bk7IqSdI//lF
5DjMeTbxdMR9LOtZXNcAMKX4I3Sy0o8uagh9BdBN1+0ugRVaoGXSvJC7dG7RY2cM
RsV43MTOPSdcR6ANWsNqGlM31H06kWwtPz4R8Wyt4/l+L6gWPjiO6zhg0au6D32H
6d6YqnrE2iM7iTvQeLx5WtPDp+GLAwVsfgGTfOw6jZm5XpuABV9kQwtZ46S4Caoz
rp30b7/ZtPS/IhWj5O+yZZKvhZngr3gYBKUViMA1nJ7+8Rnde5/k2uz38/c6oUWh
MstT1bHNnHt/G9Nvcd9w2w
-> Kn5-grease Rkg" f={5zY_0 ;uV)i~
J/j9JgII2KOWVRO1iN9j1HER+gwnWOg7TWgm/ITeXIF7hsl7K8V+vOgX8fq3WElZ
7c/seypQca/viPS9yu2Z206IMPXnIs4IXWdz0v63QP/YBAKZfngqwA
--- WBm5COr2VejaZiQ12H1fUeUxm1SJraLyu8Q6p7yUaJE
nÌšFÇø,ÆÔoÔíRžfÍ«v¯º<C2AF>”êð3)ßëZ óæ óʵ,†Ê¬*ãBqü7

BIN
secrets/mqtt/zigbee2mqtt.age
View File

Binary file not shown.

38
secrets/restic/1.6T.age
View File

@ -1,21 +1,23 @@
age-encryption.org/v1
-> ssh-rsa GxPFJQ
r/uFxmFhyAqk0NAFNsK5Pcl3Qwoa3g7lGjpy8qIEijJnRgM5Sp59z1+S1ORdJAWX
lYs3R5RB5J//ewpCubFngjoT04xuCHrQPp22NjaY7j+vCV791D3t0hrwv/oOK4nT
SV7Dxq+wHJb6Ba39+tsFGSnt79FnVYNPBuyljkeuG0wZGTbHajT0GVIi6jNuHN6U
/D7hAS5ZztMRxWgsxqLnX6IO7QSN0CY6e/JkShnA7ITYbcs0NCkKMjvJsjZTtuOW
3ks9BjflTj0lmIxC+I9fOWT0H3rokdkjUqexPJff8XnwWQRnvMz+TFfW1exts2pp
GRGxHulQBHeNCaoSxyzogw
P0UyPb1Gpnf/WQpDzyfS8QLJxFGdpIcLWTn4MDT9aI2rVTrTLKfSCX11xySLUawU
SPUI22tvE6I6/Q5S4CTGgY36fPBsfgU7mmhlLYFqmO6EUUkqNJ01+Fp+tWrXb1U3
j/cSgOTcvQLhYmEf/2DNTa1Mjoyi+2pnfEy8GpcG+zNvpEuls9CGPsUAt6n+quPe
NPxIFl0McAJ+myRsTy5CSjBERjKb+1Q60GHBw8/xbhiVcq5KkLJkblQSv2ghvSB2
BudwRWqeZYUiXP7xVdXbOryLS81mZvdlnEgdTxqX7OycOXEMExMnQfLjj8gaBpMG
DX0R2ssY1zMT+4D410pNQw
-> ssh-rsa K9mW1w
ouKP/bdJHpsdqgGzCngHEiCcwp/iu79BDfPOnlVakr7Wc2zJCEYfFkxH1ytjhF2R
RPdtU/reY3/8Vi3RsSJ7VbOFtj29Qi59DZvFDb/W30vMixogiQoKWNngHDCs/qhQ
r8UubFRJJDkGxqYpw1NOhs03XWvRx4kbJoNnVv1N68ftit7lWp0HhL+TyX0jBNWo
xl4OdjkyHclKyOwOV0GlR/Znf+Q+hgQbcU0VWDSzEurZHIC5/2zvK7boFwiuiNeZ
ybIh5TgF2LrlOuMLlWPbyeXSgxu8tx4MaHUZ0kM+RIOOppizyeA/ZDRythPa391Z
RMf7UJWJecN5bBUWbgiNIA
-> ssh-ed25519 nWv9MA R/SpgfolcQRgt78ZWcm0WCMNjBsAf9bNpr771ADYXnU
EKcbEG8uhK2NOXnwINU3j4l0liRM+MPa/gHg4Yor1+A
-> 5Of6-grease m5 @Vd}HP CRP'(
gK3pW6/TOo2NPw
--- pM3+d/SPME2u9Xy64Ev4TsBXSEkeJFoC1UmudUafeyI
[_ ËM@½™ùOW“ ïßÿbÅO@ÚŠÚÈEæÌʽ yv<79>¬lɵ¶C0¿~áràL#ùwMÞÑŒ`—ä
wRqrvO+JNvslYAfY5XXJCaOjBiO7ZkJZ5bXIvw0hNiJY5gXUwy9wUKazQjh0JirM
tRsVMbLUT5tk72iW0x8tIM64B+4pXK6p/l2zw/WHyIzKwuZjNgUzM8/ngVM6Ta1Z
hdNiHbB5MvFrZkOScB3n5cb05TLYOaUb+TZQgSJXPtzuKZ+Wi5ePd/5qtkvlvKFe
E+1rQ4cuDJrUpAxPIiM/URIjUJfFWq2A26lpqltk9lGZ2ZWtIVLu9sgeLmfUvPdq
kMcG7rl3b7yiWmN9ranSMpJ8TJZh1PygD3bVlnfu47bXofr2xd4VEI/HcjQ6VSRV
32GnVIhIqo6D1MrcASisUg
-> ssh-ed25519 nWv9MA A8/OJQYaxm0TbJuhxwBrJ7wge1q+UofTnERbwHYEbxU
+LGv1ydrN0d3xddOtShD1W+gs4Wsjehlb4jUws3kyMk
-> ssh-ed25519 8+Ls0w 4wcGH2icTxRoRG0VKJWYFpS7QqXGzUmeRNQS8lMV4GI
pT86WqRCOn1fGcYN0crkh1m7P/dnc6cDWx9gr4aAg4w
-> v70-g!{J-grease ">Groa:
eFWzN3OQi5mRRuX7tBlcnMwzi9FUOMOuAOfEYPp1viI
--- H+KWCPxjjcoagmOoNR2l6kSPBGrL6islS15TQUI7UU8
±£q·yìu¬I´ähão_a«~Ç­³ÃÇÑüù.Å ¾•$šüW¬ ;u O/ìTa²[p„Q

5
secrets/secrets.nix
View File

@ -61,7 +61,7 @@ in
# Backups Secrets
"restic/128G.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.strangervm.vm ];
"restic/1.6T.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
"restic/1.6T.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.home.router ];
"git/git_backups_ecdsa.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
"git/git_backups_remotes.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
@ -89,7 +89,8 @@ in
"version_tracker/ssh.key.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
# Home Automation secrets
"mqtt/zigbee2mqtt.age".publicKeys = jake_users ++ [ ts.home.microserver ];
"mqtt/zigbee2mqtt.age".publicKeys = jake_users ++ [ ts.home.router ];
"mqtt/homeassistant.age".publicKeys = jake_users ++ [ ];
# Wireguard Secrets
"wireguard/downloads.age".publicKeys = jake_users ++ [ ts.storage.tywin ];