homeassistant: announce locally and deploy to hallway tablet
Some checks failed
flake / flake (push) Failing after 20s

This commit is contained in:
Jake Hillion 2024-10-06 14:53:04 +01:00
parent 3d8a60da5b
commit 0cb607cfdb
6 changed files with 74 additions and 10 deletions

View File

@ -263,6 +263,16 @@
ip-address = "10.239.19.3";
hostname = "living-room-everything-presence-one";
}
{
hw-address = "a0:7d:9c:b0:f0:14";
ip-address = "10.239.19.4";
hostname = "hallway-wall-tablet";
}
{
hw-address = "d8:3a:dd:c3:d6:2b";
ip-address = "10.239.19.5";
hostname = "sodium";
}
];
}
{

View File

@ -16,6 +16,7 @@
boot.loader.efi.canTouchEfiVariables = true;
custom.defaults = true;
custom.www.home.enable = true;
## Enable btrfs compression
fileSystems."/data".options = [ "compress=zstd" ];
@ -51,11 +52,11 @@
# Networking
networking = {
useDHCP = false;
interfaces = {
end0 = {
name = "eth0";
useDHCP = true;
interfaces.end0.name = "eth0";
vlans = {
iot = {
id = 2;
interface = "eth0";
};
};
};
@ -63,15 +64,17 @@
networking.firewall = {
trustedInterfaces = [ "tailscale0" ];
allowedTCPPorts = lib.mkForce [
];
allowedTCPPorts = lib.mkForce [];
allowedUDPPorts = lib.mkForce [];
interfaces = {
eth0 = {
allowedTCPPorts = lib.mkForce [
80 # HTTP 1-2
443 # HTTPS 1-2
7654 # Tang
];
allowedUDPPorts = lib.mkForce [
443 # HTTP 3
];
};
};

View File

@ -21,8 +21,7 @@
./ssh/default.nix
./storj.nix
./users.nix
./www/global.nix
./www/www-repo.nix
./www/default.nix
];
options.custom = {

View File

@ -62,6 +62,20 @@ in
config = {
default_config = { };
homeassistant = {
auth_providers = [
{ type = "homeassistant"; }
{
type = "trusted_networks";
trusted_networks = [ "10.239.19.4/32" ];
trusted_users = {
"10.239.19.4" = "fb4979873ecb480d9e3bb336250fa344";
};
allow_bypass_login = true;
}
];
};
recorder = {
db_url = "postgresql://@/homeassistant";
};
@ -71,6 +85,8 @@ in
trusted_proxies = with config.custom.dns.authoritative; [
ipv4.uk.co.hillion.ts.cx.boron
ipv6.uk.co.hillion.ts.cx.boron
ipv4.uk.co.hillion.ts.pop.sodium
ipv6.uk.co.hillion.ts.pop.sodium
];
};

9
modules/www/default.nix Normal file
View File

@ -0,0 +1,9 @@
{ config, lib, ... }:
{
imports = [
./global.nix
./home.nix
./www-repo.nix
];
}

27
modules/www/home.nix Normal file
View File

@ -0,0 +1,27 @@
{ pkgs, lib, config, ... }:
let
cfg = config.custom.www.home;
locations = config.custom.locations.locations;
in
{
options.custom.www.home = {
enable = lib.mkEnableOption "home";
};
config = lib.mkIf cfg.enable {
services.caddy = {
enable = true;
package = pkgs.unstable.caddy;
virtualHosts = {
"homeassistant.home.hillion.co.uk".extraConfig = ''
tls {
ca https://ca.ts.hillion.co.uk:8443/acme/acme/directory
}
reverse_proxy http://${locations.services.homeassistant}:8123
'';
};
};
};
}