From b5cfb308a627be20373e83b52585765c5f474b8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= Date: Sat, 3 Jan 2026 21:59:06 +0100 Subject: [PATCH] feat(home-assistant): set up Thread and Matter --- flake.lock | 17 ++++++++++++++++ flake.nix | 3 +++ services/home-assistant/default.nix | 30 ++++++++++++++++++++++++++++- system/networking.nix | 2 +- 4 files changed, 50 insertions(+), 2 deletions(-) diff --git a/flake.lock b/flake.lock index dd5a9db..d29db18 100644 --- a/flake.lock +++ b/flake.lock @@ -382,6 +382,22 @@ "type": "github" } }, + "nixpkgs-otbr": { + "locked": { + "lastModified": 1766776257, + "narHash": "sha256-MG9DnzBn6TdAztaMPVhW9sjYj2bi9Jcux0F0fJ6LeO4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0c4c97066d555b7d27a0a56ee400130ec51f02ee", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "refs/pull/332296/head", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1767379071, @@ -471,6 +487,7 @@ "matrix-appservices": "matrix-appservices", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", + "nixpkgs-otbr": "nixpkgs-otbr", "nixpkgs-unstable": "nixpkgs-unstable", "nvim-kitty-navigator": "nvim-kitty-navigator", "openwrt-imagebuilder": "openwrt-imagebuilder", diff --git a/flake.nix b/flake.nix index 3817bb2..9e6719a 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,9 @@ rec { nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + # https://github.com/NixOS/nixpkgs/pull/332296 + nixpkgs-otbr.url = "github:NixOS/nixpkgs/?ref=refs/pull/332296/head"; + nixos-hardware.url = "github:NixOS/nixos-hardware"; disko = { diff --git a/services/home-assistant/default.nix b/services/home-assistant/default.nix index 588d715..0e43a5c 100644 --- a/services/home-assistant/default.nix +++ b/services/home-assistant/default.nix @@ -1,5 +1,6 @@ { config, + lib, pkgs, inputs, ... @@ -7,12 +8,17 @@ let port = config.services.home-assistant.config.http.server_port; + devices = { + zigbee = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20231009144806-if00"; + thread = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20231009150648-if00"; + }; in { disabledModules = [ "services/home-automation/home-assistant.nix" ]; imports = [ "${inputs.nixpkgs-unstable}/nixos/modules/services/home-automation/home-assistant.nix" + "${inputs.nixpkgs-otbr}/nixos/modules/services/home-automation/openthread-border-router.nix" ./wyoming.nix # ./esphome.nix # HINT currently unused ]; @@ -45,7 +51,9 @@ in "otp" "upnp" "zha" - # "matter" # TODO uses insecure version of openssl + "thread" + "otbr" + "matter" # "esphome" # HINT currently unused "homekit_controller" "fritz" @@ -114,6 +122,26 @@ in # configWritable = true; # doesn't work atm }; + services.matter-server = { + enable = true; + }; + + services.openthread-border-router = { + enable = true; + package = inputs.nixpkgs-otbr.legacyPackages.${pkgs.system}.openthread-border-router; + radio = { + device = devices.thread; + baudRate = 460800; + extraDevices = [ "trel://enp2s0" ]; + }; + backboneInterface = "enp2s0"; + rest.listenPort = 58081; + web.listenPort = 58082; + }; + + # systemd-resolved is already providing mDNS, but avahi seems to be required for otbr + services.avahi.enable = lib.mkOverride 40 true; + networking.firewall.allowedTCPPorts = [ 1400 # Sonos discovery ]; diff --git a/system/networking.nix b/system/networking.nix index edd1a18..eecbafa 100644 --- a/system/networking.nix +++ b/system/networking.nix @@ -110,7 +110,7 @@ in }; # mDNS already handled by systemd-resolved - services.avahi.enable = false; + services.avahi.enable = lib.mkForce false; programs.mtr.enable = true; programs.mosh.enable = true;