JakeHillion/nixos
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

homeassistant: enable node-red
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Jake Hillion 2024-03-19 19:58:15 +00:00
parent 790d0a8a6b
commit 59aa275c52
3 changed files with 38 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
hosts/microserver.home.ts.hillion.co.uk/default.nix
View File

@ -24,6 +24,8 @@
preAuthKeyFile = config.age.secrets."tailscale/microserver.home.ts.hillion.co.uk".path; preAuthKeyFile = config.age.secrets."tailscale/microserver.home.ts.hillion.co.uk".path;
advertiseRoutes = [ "10.64.50.0/24" "10.239.19.0/24" ]; advertiseRoutes = [ "10.64.50.0/24" "10.239.19.0/24" ];
advertiseExitNode = true; advertiseExitNode = true;
ipv4Addr = "100.105.131.47";
ipv6Addr = "fd7a:115c:a1e0:ab12:4843:cd96:6269:832f";
}; };
## Enable IoT VLAN ## Enable IoT VLAN
@ -47,14 +49,17 @@
services.iperf3.enable = true; services.iperf3.enable = true;
services.iperf3.openFirewall = true; services.iperf3.openFirewall = true;
networking.firewall.interfaces = { networking.firewall = {
"eth0" = { trustedInterfaces = [ "tailscale0" ];
allowedUDPPorts = [ interfaces = {
5353 # HomeKit "eth0" = {
]; allowedUDPPorts = [
allowedTCPPorts = [ 5353 # HomeKit
21063 # HomeKit ];
]; allowedTCPPorts = [
21063 # HomeKit
];
};
}; };
}; };
}; };

1
modules/backups/homeassistant.nix
View File

@ -26,6 +26,7 @@ in
passwordFile = config.age.secrets."backups/homeassistant/restic/128G".path; passwordFile = config.age.secrets."backups/homeassistant/restic/128G".path;
paths = [ paths = [
config.services.home-assistant.configDir config.services.home-assistant.configDir
config.services.node-red.userDir
]; ];
}; };
}; };

24
modules/services/homeassistant.nix
View File

@ -34,6 +34,17 @@ in
''; '';
}; };
node-red = {
enable = true;
};
caddy = {
enable = true;
virtualHosts."http://nodered.home.ts.hillion.co.uk" = {
listenAddresses = [ config.custom.tailscale.ipv4Addr config.custom.tailscale.ipv6Addr ];
extraConfig = "reverse_proxy http://localhost:1880";
};
};
home-assistant = { home-assistant = {
enable = true; enable = true;
@ -152,5 +163,18 @@ in
}; };
}; };
}; };
### HACK: Allow Caddy to restart if it fails. This happens because Tailscale
### is too late at starting. Upstream nixos caddy does restart on failure
### but it's prevented on exit code 1. Set the exit code to 0 (non-failure)
### to override this.
systemd.services.caddy = {
requires = [ "tailscaled.service" ];
after = [ "tailscaled.service" ];
serviceConfig = {
RestartPreventExitStatus = lib.mkForce 0;
};
};
}; };
} }