nixos-config/services/home-assistant.nix

{ config, pkgs, ... }:

with pkgs; 

let
  mqttDomain = "mqtt.${config.networking.domain}";
in
{
  environment.systemPackages = with pkgs; [ deconz ];

  local.services.deconz = {
    enable = true;
    httpPort = 8080;
    wsPort = 1443;
    openFirewall = true;
  };

  services.nginx = {
    virtualHosts = {
      ${ mqttDomain } = {
        enableACME = true;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://localhost:${toString config.services.mosquitto.port}";
          proxyWebsockets = true;
        };
      };
    };
  };

  networking.firewall.allowedTCPPorts = [
    config.services.mosquitto.port
  ];

  services.mosquitto = {
    enable = true;
    host = "0.0.0.0";
    checkPasswords = true;
    extraConf = ''
      protocol websockets
    '';
    users = {
      "hass" = {
        acl = [
          "topic readwrite homeassistant/#"
          "topic readwrite tasmota/#"
          "topic readwrite owntracks/#"
        ];
        hashedPasswordFile = "/etc/nixos/secrets/mqtt/hass";
      };
      "tasmota" = {
        acl = [
          "topic readwrite tasmota/#"
          "topic readwrite homeassistant/#"
        ];
        hashedPasswordFile = "/etc/nixos/secrets/mqtt/tasmota";
      };
      "owntracks" = {
        acl = [
          "topic readwrite owntracks/#"
        ];
        hashedPasswordFile = "/etc/nixos/secrets/mqtt/owntracks";
      };
      "felix" = {
        acl = [
          "topic read owntracks/#"
          "topic readwrite owntracks/felix/#"
        ];
        hashedPasswordFile = "/etc/nixos/secrets/mqtt/felix";
      };
      "birgit" = {
        acl = [
          "topic read owntracks/#"
          "topic readwrite owntracks/birgit/#"
        ];
        hashedPasswordFile = "/etc/nixos/secrets/mqtt/birgit";
      };
    };
  };

  services.home-assistant = {
    enable = true;
    package = home-assistant.override {
      extraPackages = ps: with ps; [
        (callPackage pydeconz { })
      ];
    };
    openFirewall = true;
    config = {
      homeassistant = {
        name = "Home";
        latitude = "!secret latitude";
        longitude = "!secret longitude";
        elevation = 0;
        unit_system = "metric";
        temperature_unit = "C";
        external_url = "https://home.felschr.com";
        internal_url = "http://192.168.86.233:8123";
      };
      default_config = { };
      config = { };
      frontend = { };
      mobile_app = { };
      discovery = { };
      zeroconf = { };
      ssdp = { };
      shopping_list = { };
      deconz = {
        host = "localhost";
        port = 8080;
        api_key = "!secret deconz_apikey";
      };
      mqtt = {
        broker = "localhost";
        port = config.services.mosquitto.port;
        username = "hass";
        password = "!secret mqtt_password";
        discovery = true;
        discovery_prefix = "homeassistant";
      };
      owntracks = {
        mqtt_topic = "owntracks/#";
      };
    };
    # configWritable = true; # doesn't work atm
  };
}
fix(rpi4): fix config 2020-10-11 10:49:06 +02:00			`{ config, pkgs, ... }:`
feat(rpi4): add home-assistant 2020-10-03 16:32:06 +02:00
feat(rpi4): set up mosquitto 2020-10-21 20:54:55 +02:00			`with pkgs;`

feat(rpi4): expose mosquitto via nginx 2020-10-22 19:15:55 +02:00			`let`
			`mqttDomain = "mqtt.${config.networking.domain}";`
			`in`
feat(rpi4): set up mosquitto 2020-10-21 20:54:55 +02:00			`{`
fix(rpi4): set up deconz 2020-10-07 14:37:57 +02:00			`environment.systemPackages = with pkgs; [ deconz ];`

			`local.services.deconz = {`
			`enable = true;`
			`httpPort = 8080;`
			`wsPort = 1443;`
			`openFirewall = true;`
			`};`

feat(rpi4): expose mosquitto via nginx 2020-10-22 19:15:55 +02:00			`services.nginx = {`
			`virtualHosts = {`
			`${ mqttDomain } = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
			`proxyPass = "http://localhost:${toString config.services.mosquitto.port}";`
			`proxyWebsockets = true;`
			`};`
			`};`
			`};`
			`};`
feat(rpi4): set up mosquitto 2020-10-21 20:54:55 +02:00
			`networking.firewall.allowedTCPPorts = [`
feat(rpi4): expose mosquitto via nginx 2020-10-22 19:15:55 +02:00			`config.services.mosquitto.port`
feat(rpi4): set up mosquitto 2020-10-21 20:54:55 +02:00			`];`

			`services.mosquitto = {`
			`enable = true;`
			`host = "0.0.0.0";`
			`checkPasswords = true;`
feat(rpi4): expose mosquitto via nginx 2020-10-22 19:15:55 +02:00			`extraConf = ''`
			`protocol websockets`
			`'';`
feat(rpi4): set up mosquitto 2020-10-21 20:54:55 +02:00			`users = {`
			`"hass" = {`
			`acl = [`
			`"topic readwrite homeassistant/#"`
			`"topic readwrite tasmota/#"`
			`"topic readwrite owntracks/#"`
			`];`
			`hashedPasswordFile = "/etc/nixos/secrets/mqtt/hass";`
			`};`
fix(rpi4): fix home-assistant tasmota integration 2020-10-22 19:16:43 +02:00			`"tasmota" = {`
			`acl = [`
			`"topic readwrite tasmota/#"`
			`"topic readwrite homeassistant/#"`
			`];`
			`hashedPasswordFile = "/etc/nixos/secrets/mqtt/tasmota";`
			`};`
feat(rpi4): set up mosquitto 2020-10-21 20:54:55 +02:00			`"owntracks" = {`
			`acl = [`
			`"topic readwrite owntracks/#"`
			`];`
			`hashedPasswordFile = "/etc/nixos/secrets/mqtt/owntracks";`
			`};`
fix(rpi4): add new mqtt users 2020-10-22 19:17:19 +02:00			`"felix" = {`
			`acl = [`
			`"topic read owntracks/#"`
			`"topic readwrite owntracks/felix/#"`
			`];`
			`hashedPasswordFile = "/etc/nixos/secrets/mqtt/felix";`
			`};`
			`"birgit" = {`
			`acl = [`
			`"topic read owntracks/#"`
			`"topic readwrite owntracks/birgit/#"`
			`];`
			`hashedPasswordFile = "/etc/nixos/secrets/mqtt/birgit";`
			`};`
feat(rpi4): set up mosquitto 2020-10-21 20:54:55 +02:00			`};`
			`};`

feat(rpi4): add home-assistant 2020-10-03 16:32:06 +02:00			`services.home-assistant = {`
			`enable = true;`
fix(rpi4): set up deconz 2020-10-07 14:37:57 +02:00			`package = home-assistant.override {`
feat(rpi4): expose mosquitto via nginx 2020-10-22 19:15:55 +02:00			`extraPackages = ps: with ps; [`
			`(callPackage pydeconz { })`
			`];`
fix(rpi4): set up deconz 2020-10-07 14:37:57 +02:00			`};`
feat(rpi4): add home-assistant 2020-10-03 16:32:06 +02:00			`openFirewall = true;`
			`config = {`
			`homeassistant = {`
			`name = "Home";`
			`latitude = "!secret latitude";`
			`longitude = "!secret longitude";`
			`elevation = 0;`
			`unit_system = "metric";`
			`temperature_unit = "C";`
			`external_url = "https://home.felschr.com";`
			`internal_url = "http://192.168.86.233:8123";`
			`};`
feat: expose pydeconz Expose pydeconz via the nix flake. 2020-10-11 10:13:22 +02:00			`default_config = { };`
			`config = { };`
			`frontend = { };`
			`mobile_app = { };`
			`discovery = { };`
			`zeroconf = { };`
			`ssdp = { };`
			`shopping_list = { };`
fix(rpi4): set up deconz 2020-10-07 14:37:57 +02:00			`deconz = {`
			`host = "localhost";`
			`port = 8080;`
feat: expose pydeconz Expose pydeconz via the nix flake. 2020-10-11 10:13:22 +02:00			`api_key = "!secret deconz_apikey";`
fix(rpi4): set up deconz 2020-10-07 14:37:57 +02:00			`};`
feat(rpi4): set up mosquitto 2020-10-21 20:54:55 +02:00			`mqtt = {`
			`broker = "localhost";`
fix(rpi4): fix home-assistant tasmota integration 2020-10-22 19:16:43 +02:00			`port = config.services.mosquitto.port;`
feat(rpi4): set up mosquitto 2020-10-21 20:54:55 +02:00			`username = "hass";`
			`password = "!secret mqtt_password";`
			`discovery = true;`
			`discovery_prefix = "homeassistant";`
			`};`
			`owntracks = {`
			`mqtt_topic = "owntracks/#";`
			`};`
feat(rpi4): add home-assistant 2020-10-03 16:32:06 +02:00			`};`
			`# configWritable = true; # doesn't work atm`
			`};`
			`}`