zigbee2mqtt: move from microserver to router
This commit is contained in:
parent
9dd6e4f2a3
commit
0858206619
@ -36,72 +36,12 @@
|
|||||||
"net.ipv4.ip_forward" = true;
|
"net.ipv4.ip_forward" = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
## Set up simpleproxy to Zigbee bridge
|
|
||||||
systemd.services.zigbee-simpleproxy = {
|
|
||||||
description = "Simple TCP Proxy for Zigbee Bridge";
|
|
||||||
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "tailscaled.service" ];
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
DynamicUser = true;
|
|
||||||
ExecStart = with pkgs; "${simpleproxy}/bin/simpleproxy -L 100.105.131.47:8888 -R 10.239.19.40:8888 -v";
|
|
||||||
Restart = "always";
|
|
||||||
RestartSec = 10;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
## Run a persistent iperf3 server
|
## Run a persistent iperf3 server
|
||||||
services.iperf3.enable = true;
|
services.iperf3.enable = true;
|
||||||
services.iperf3.openFirewall = true;
|
services.iperf3.openFirewall = true;
|
||||||
|
|
||||||
## Home automation
|
|
||||||
age.secrets."mqtt/zigbee2mqtt.yaml" = {
|
|
||||||
file = ../../secrets/mqtt/zigbee2mqtt.age;
|
|
||||||
owner = "zigbee2mqtt";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.mosquitto = {
|
|
||||||
enable = true;
|
|
||||||
listeners = [
|
|
||||||
{
|
|
||||||
users = {
|
|
||||||
zigbee2mqtt = {
|
|
||||||
acl = [ "readwrite #" ];
|
|
||||||
hashedPassword = "$7$101$ZrD6C+b7Xo/fUoGw$Cf/6Xm52Syv2G+5+BqpUWRs+zrTrTvBL9EFzks9q/Q6ZggXVcp+Bi3ZpmQT5Du9+42G30Y7G3hWpYbA8j1ooWg==";
|
|
||||||
};
|
|
||||||
homeassistant = {
|
|
||||||
acl = [ "readwrite #" ];
|
|
||||||
hashedPassword = "$7$101$Uah+//t9m3pt6PXx$q1F410A+k38tp+ICQjRQy2fB/Gb15sodqYHgC7NUCVChMQo4Ib9eq3zpstdMbu1j//h8/zRl/ZegxDH6kjT6Dw==";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
services.zigbee2mqtt = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
permit_join = false;
|
|
||||||
mqtt = {
|
|
||||||
server = "mqtt://microserver.home.ts.hillion.co.uk:1883";
|
|
||||||
user = "zigbee2mqtt";
|
|
||||||
password = "!${config.age.secrets."mqtt/zigbee2mqtt.yaml".path} password";
|
|
||||||
};
|
|
||||||
serial = {
|
|
||||||
port = "/dev/ttyUSB0";
|
|
||||||
};
|
|
||||||
frontend = true;
|
|
||||||
homeassistant = true;
|
|
||||||
advanced = {
|
|
||||||
channel = 15;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
|
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [
|
||||||
1883 # MQTT server
|
1883 # MQTT server
|
||||||
8080 # Zigbee2MQTT frontend
|
|
||||||
8888 # Zigbee bridge simple proxy
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -70,6 +70,7 @@
|
|||||||
|
|
||||||
# Allow trusted networks to access the router
|
# Allow trusted networks to access the router
|
||||||
iifname {
|
iifname {
|
||||||
|
"lo",
|
||||||
"eth1",
|
"eth1",
|
||||||
"eth2",
|
"eth2",
|
||||||
"tailscale0",
|
"tailscale0",
|
||||||
@ -164,12 +165,6 @@
|
|||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
machines = [
|
machines = [
|
||||||
{
|
|
||||||
# Zigbee Bridge
|
|
||||||
ethernetAddress = "48:3f:da:2a:86:7a";
|
|
||||||
ipAddress = "10.239.19.40";
|
|
||||||
hostName = "tasmota-2A867A-1658";
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
# tywin.storage.ts.hillion.co.uk
|
# tywin.storage.ts.hillion.co.uk
|
||||||
ethernetAddress = "c8:7f:54:6d:e1:03";
|
ethernetAddress = "c8:7f:54:6d:e1:03";
|
||||||
@ -191,6 +186,8 @@
|
|||||||
custom.tailscale = {
|
custom.tailscale = {
|
||||||
enable = true;
|
enable = true;
|
||||||
preAuthKeyFile = config.age.secrets."tailscale/router.home.ts.hillion.co.uk".path;
|
preAuthKeyFile = config.age.secrets."tailscale/router.home.ts.hillion.co.uk".path;
|
||||||
|
ipv4Addr = "100.105.71.48";
|
||||||
|
ipv6Addr = "fd7a:115c:a1e0:ab12:4843:cd96:6269:4730";
|
||||||
};
|
};
|
||||||
|
|
||||||
## Enable btrfs compression
|
## Enable btrfs compression
|
||||||
@ -199,5 +196,8 @@
|
|||||||
|
|
||||||
## Run a persistent iperf3 server
|
## Run a persistent iperf3 server
|
||||||
services.iperf3.enable = true;
|
services.iperf3.enable = true;
|
||||||
|
|
||||||
|
## Zigbee2Mqtt
|
||||||
|
custom.services.zigbee2mqtt.enable = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@ -13,6 +13,7 @@
|
|||||||
./services/mastodon/default.nix
|
./services/mastodon/default.nix
|
||||||
./services/matrix.nix
|
./services/matrix.nix
|
||||||
./services/version_tracker.nix
|
./services/version_tracker.nix
|
||||||
|
./services/zigbee2mqtt.nix
|
||||||
./storj.nix
|
./storj.nix
|
||||||
./tailscale.nix
|
./tailscale.nix
|
||||||
./users.nix
|
./users.nix
|
||||||
|
@ -32,7 +32,8 @@ in
|
|||||||
|
|
||||||
directories = [
|
directories = [
|
||||||
"/etc/nixos"
|
"/etc/nixos"
|
||||||
] ++ (listIf config.custom.tailscale.enable [ "/var/lib/tailscale" ]);
|
] ++ (listIf config.custom.tailscale.enable [ "/var/lib/tailscale" ]) ++
|
||||||
|
(listIf config.services.zigbee2mqtt.enable [ config.services.zigbee2mqtt.dataDir ]);
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager.users =
|
home-manager.users =
|
||||||
|
91
modules/services/zigbee2mqtt.nix
Normal file
91
modules/services/zigbee2mqtt.nix
Normal file
@ -0,0 +1,91 @@
|
|||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.custom.services.zigbee2mqtt;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.custom.services.zigbee2mqtt = {
|
||||||
|
enable = lib.mkEnableOption "zigbee2mqtt";
|
||||||
|
|
||||||
|
backup = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
age.secrets."mqtt/zigbee2mqtt.yaml" = {
|
||||||
|
file = ../../secrets/mqtt/zigbee2mqtt.age;
|
||||||
|
owner = "zigbee2mqtt";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.caddy = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
virtualHosts."http://zigbee2mqtt.home.ts.hillion.co.uk" = {
|
||||||
|
listenAddresses = [ config.custom.tailscale.ipv4Addr config.custom.tailscale.ipv6Addr ];
|
||||||
|
extraConfig = "reverse_proxy http://127.0.0.1:15606";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.zigbee2mqtt = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
permit_join = false;
|
||||||
|
mqtt = {
|
||||||
|
server = "mqtt://router.home.ts.hillion.co.uk:1883";
|
||||||
|
user = "zigbee2mqtt";
|
||||||
|
password = "!${config.age.secrets."mqtt/zigbee2mqtt.yaml".path} password";
|
||||||
|
};
|
||||||
|
serial = {
|
||||||
|
port = "/dev/ttyUSB0";
|
||||||
|
};
|
||||||
|
frontend = {
|
||||||
|
port = 15606;
|
||||||
|
url = "http://zigbee2mqtt.home.ts.hillion.co.uk";
|
||||||
|
};
|
||||||
|
homeassistant = true;
|
||||||
|
advanced = {
|
||||||
|
channel = 15;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.mosquitto = {
|
||||||
|
enable = true;
|
||||||
|
listeners = [
|
||||||
|
{
|
||||||
|
users = {
|
||||||
|
zigbee2mqtt = {
|
||||||
|
acl = [ "readwrite #" ];
|
||||||
|
hashedPassword = "$7$101$ZrD6C+b7Xo/fUoGw$Cf/6Xm52Syv2G+5+BqpUWRs+zrTrTvBL9EFzks9q/Q6ZggXVcp+Bi3ZpmQT5Du9+42G30Y7G3hWpYbA8j1ooWg==";
|
||||||
|
};
|
||||||
|
homeassistant = {
|
||||||
|
acl = [ "readwrite #" ];
|
||||||
|
hashedPassword = "$7$101$wGQZPdVdeW7iQFmH$bK/VOR6LXCLJKbb6M4PNeVptocjBAWXCLMtEU5fQNBr0Y5UAWlhVg8UAu4IkIXgnViI51NnhXKykdlWF63VkVQ==";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
age.secrets."resilio/zigbee2mqtt/1.6T.key" = lib.mkIf cfg.backup {
|
||||||
|
file = ../../secrets/restic/1.6T.age;
|
||||||
|
owner = "zigbee2mqtt";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.restic.backups."zigbee2mqtt" = lib.mkIf cfg.backup {
|
||||||
|
repository = "rest:http://restic.tywin.storage.ts.hillion.co.uk/1.6T";
|
||||||
|
user = "zigbee2mqtt";
|
||||||
|
passwordFile = config.age.secrets."resilio/zigbee2mqtt/1.6T.key".path;
|
||||||
|
|
||||||
|
timerConfig = {
|
||||||
|
OnBootSec = "15m";
|
||||||
|
OnUnitInactiveSec = "1d";
|
||||||
|
RandomizedDelaySec = "1h";
|
||||||
|
};
|
||||||
|
|
||||||
|
paths = [ config.services.zigbee2mqtt.dataDir ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
20
secrets/mqtt/homeassistant.age
Normal file
20
secrets/mqtt/homeassistant.age
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-rsa GxPFJQ
|
||||||
|
JQwr1aW+PpoDYZu2ByiZtjNoGe+D90flIc6+gXF+EgpMFwOUIW+g4+1tJ2GYhIPP
|
||||||
|
BhUDY3GJUmaTXKin0E88CwQnvImtpHRIGl4Kv2QAjK53BBMgBMcOR44c7bCo48k5
|
||||||
|
lTmv3N5LfLiIm5mIATK1Q72fVhAmg7T/U8IkS3eu2u2mGm5iatFj9cPxHGiN5w24
|
||||||
|
y/t5Lu6XewjpbilXaIP+Ya6YDpOaQ0zgYO8kRNTvUoPRz/H4SVFCcJeu+6CJcl+/
|
||||||
|
KxSIS9MvUouGXBsMDPBLNj8G8NgIAncXTwR7swW44b5twM8vJqF4BEr2OZ05CSbJ
|
||||||
|
XJjm8xbXftRp6AnFMbGheQ
|
||||||
|
-> ssh-rsa K9mW1w
|
||||||
|
I5AkWeryU6t6HbtpzFWLwTaWjDNJoVwNJ0ifV9i23QdSn8FO7Op4bk7IqSdI//lF
|
||||||
|
5DjMeTbxdMR9LOtZXNcAMKX4I3Sy0o8uagh9BdBN1+0ugRVaoGXSvJC7dG7RY2cM
|
||||||
|
RsV43MTOPSdcR6ANWsNqGlM31H06kWwtPz4R8Wyt4/l+L6gWPjiO6zhg0au6D32H
|
||||||
|
6d6YqnrE2iM7iTvQeLx5WtPDp+GLAwVsfgGTfOw6jZm5XpuABV9kQwtZ46S4Caoz
|
||||||
|
rp30b7/ZtPS/IhWj5O+yZZKvhZngr3gYBKUViMA1nJ7+8Rnde5/k2uz38/c6oUWh
|
||||||
|
MstT1bHNnHt/G9Nvcd9w2w
|
||||||
|
-> Kn5-grease Rkg" f={5zY_0 ;uV)i~
|
||||||
|
J/j9JgII2KOWVRO1iN9j1HER+gwnWOg7TWgm/ITeXIF7hsl7K8V+vOgX8fq3WElZ
|
||||||
|
7c/seypQca/viPS9yu2Z206IMPXnIs4IXWdz0v63QP/YBAKZfngqwA
|
||||||
|
--- WBm5COr2VejaZiQ12H1fUeUxm1SJraLyu8Q6p7yUaJE
|
||||||
|
nÌšFÇø,ÆÔoÔíRžfÍ«v¯º<C2AF>”êð3)‘ßëZ
óæ óʵ,†Ê¬*ãBqü7’
|
Binary file not shown.
@ -1,21 +1,23 @@
|
|||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-rsa GxPFJQ
|
-> ssh-rsa GxPFJQ
|
||||||
r/uFxmFhyAqk0NAFNsK5Pcl3Qwoa3g7lGjpy8qIEijJnRgM5Sp59z1+S1ORdJAWX
|
P0UyPb1Gpnf/WQpDzyfS8QLJxFGdpIcLWTn4MDT9aI2rVTrTLKfSCX11xySLUawU
|
||||||
lYs3R5RB5J//ewpCubFngjoT04xuCHrQPp22NjaY7j+vCV791D3t0hrwv/oOK4nT
|
SPUI22tvE6I6/Q5S4CTGgY36fPBsfgU7mmhlLYFqmO6EUUkqNJ01+Fp+tWrXb1U3
|
||||||
SV7Dxq+wHJb6Ba39+tsFGSnt79FnVYNPBuyljkeuG0wZGTbHajT0GVIi6jNuHN6U
|
j/cSgOTcvQLhYmEf/2DNTa1Mjoyi+2pnfEy8GpcG+zNvpEuls9CGPsUAt6n+quPe
|
||||||
/D7hAS5ZztMRxWgsxqLnX6IO7QSN0CY6e/JkShnA7ITYbcs0NCkKMjvJsjZTtuOW
|
NPxIFl0McAJ+myRsTy5CSjBERjKb+1Q60GHBw8/xbhiVcq5KkLJkblQSv2ghvSB2
|
||||||
3ks9BjflTj0lmIxC+I9fOWT0H3rokdkjUqexPJff8XnwWQRnvMz+TFfW1exts2pp
|
BudwRWqeZYUiXP7xVdXbOryLS81mZvdlnEgdTxqX7OycOXEMExMnQfLjj8gaBpMG
|
||||||
GRGxHulQBHeNCaoSxyzogw
|
DX0R2ssY1zMT+4D410pNQw
|
||||||
-> ssh-rsa K9mW1w
|
-> ssh-rsa K9mW1w
|
||||||
ouKP/bdJHpsdqgGzCngHEiCcwp/iu79BDfPOnlVakr7Wc2zJCEYfFkxH1ytjhF2R
|
wRqrvO+JNvslYAfY5XXJCaOjBiO7ZkJZ5bXIvw0hNiJY5gXUwy9wUKazQjh0JirM
|
||||||
RPdtU/reY3/8Vi3RsSJ7VbOFtj29Qi59DZvFDb/W30vMixogiQoKWNngHDCs/qhQ
|
tRsVMbLUT5tk72iW0x8tIM64B+4pXK6p/l2zw/WHyIzKwuZjNgUzM8/ngVM6Ta1Z
|
||||||
r8UubFRJJDkGxqYpw1NOhs03XWvRx4kbJoNnVv1N68ftit7lWp0HhL+TyX0jBNWo
|
hdNiHbB5MvFrZkOScB3n5cb05TLYOaUb+TZQgSJXPtzuKZ+Wi5ePd/5qtkvlvKFe
|
||||||
xl4OdjkyHclKyOwOV0GlR/Znf+Q+hgQbcU0VWDSzEurZHIC5/2zvK7boFwiuiNeZ
|
E+1rQ4cuDJrUpAxPIiM/URIjUJfFWq2A26lpqltk9lGZ2ZWtIVLu9sgeLmfUvPdq
|
||||||
ybIh5TgF2LrlOuMLlWPbyeXSgxu8tx4MaHUZ0kM+RIOOppizyeA/ZDRythPa391Z
|
kMcG7rl3b7yiWmN9ranSMpJ8TJZh1PygD3bVlnfu47bXofr2xd4VEI/HcjQ6VSRV
|
||||||
RMf7UJWJecN5bBUWbgiNIA
|
32GnVIhIqo6D1MrcASisUg
|
||||||
-> ssh-ed25519 nWv9MA R/SpgfolcQRgt78ZWcm0WCMNjBsAf9bNpr771ADYXnU
|
-> ssh-ed25519 nWv9MA A8/OJQYaxm0TbJuhxwBrJ7wge1q+UofTnERbwHYEbxU
|
||||||
EKcbEG8uhK2NOXnwINU3j4l0liRM+MPa/gHg4Yor1+A
|
+LGv1ydrN0d3xddOtShD1W+gs4Wsjehlb4jUws3kyMk
|
||||||
-> 5Of6-grease m5 @Vd}HP CRP'(
|
-> ssh-ed25519 8+Ls0w 4wcGH2icTxRoRG0VKJWYFpS7QqXGzUmeRNQS8lMV4GI
|
||||||
gK3pW6/TOo2NPw
|
pT86WqRCOn1fGcYN0crkh1m7P/dnc6cDWx9gr4aAg4w
|
||||||
--- pM3+d/SPME2u9Xy64Ev4TsBXSEkeJFoC1UmudUafeyI
|
-> v70-g!{J-grease ">Groa:
|
||||||
[_ ËM@½™ùOW“ ïßÿbÅO@ÚŠÚÈEæÌʽ
yv<79>¬lɵ¶C0¿~áràL#ùwMÞÑŒ`—ä
|
eFWzN3OQi5mRRuX7tBlcnMwzi9FUOMOuAOfEYPp1viI
|
||||||
|
--- H+KWCPxjjcoagmOoNR2l6kSPBGrL6islS15TQUI7UU8
|
||||||
|
Jݱ£q·yìu¬I´ähão_a«Zä~dzÃÇÑüù.ž•$š–üW¬
;u O/ìTa²[p„Q
|
@ -61,7 +61,7 @@ in
|
|||||||
|
|
||||||
# Backups Secrets
|
# Backups Secrets
|
||||||
"restic/128G.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.strangervm.vm ];
|
"restic/128G.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.strangervm.vm ];
|
||||||
"restic/1.6T.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
"restic/1.6T.age".publicKeys = jake_users ++ [ ts.storage.tywin ts.home.router ];
|
||||||
|
|
||||||
"git/git_backups_ecdsa.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
"git/git_backups_ecdsa.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
||||||
"git/git_backups_remotes.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
"git/git_backups_remotes.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
||||||
@ -89,7 +89,8 @@ in
|
|||||||
"version_tracker/ssh.key.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
|
"version_tracker/ssh.key.age".publicKeys = jake_users ++ [ ts.strangervm.vm ];
|
||||||
|
|
||||||
# Home Automation secrets
|
# Home Automation secrets
|
||||||
"mqtt/zigbee2mqtt.age".publicKeys = jake_users ++ [ ts.home.microserver ];
|
"mqtt/zigbee2mqtt.age".publicKeys = jake_users ++ [ ts.home.router ];
|
||||||
|
"mqtt/homeassistant.age".publicKeys = jake_users ++ [ ];
|
||||||
|
|
||||||
# Wireguard Secrets
|
# Wireguard Secrets
|
||||||
"wireguard/downloads.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
"wireguard/downloads.age".publicKeys = jake_users ++ [ ts.storage.tywin ];
|
||||||
|
Loading…
Reference in New Issue
Block a user