feat(home-assistant): set up Thread and Matter

2026-01-03 21:59:06 +01:00 · 2026-01-03 21:59:06 +01:00 · b5cfb308a6
commit b5cfb308a6
parent 74f811a5e0
4 changed files with 50 additions and 2 deletions
--- a/flake.lock
+++ b/flake.lock
@ -382,6 +382,22 @@
        "type": "github"
      }
    },
    "nixpkgs-otbr": {
      "locked": {
        "lastModified": 1766776257,
        "narHash": "sha256-MG9DnzBn6TdAztaMPVhW9sjYj2bi9Jcux0F0fJ6LeO4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "0c4c97066d555b7d27a0a56ee400130ec51f02ee",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "refs/pull/332296/head",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1767379071,
@ -471,6 +487,7 @@
        "matrix-appservices": "matrix-appservices",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs",
        "nixpkgs-otbr": "nixpkgs-otbr",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "nvim-kitty-navigator": "nvim-kitty-navigator",
        "openwrt-imagebuilder": "openwrt-imagebuilder",
--- a/flake.nix
+++ b/flake.nix
@ -17,6 +17,9 @@ rec {
    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
    # https://github.com/NixOS/nixpkgs/pull/332296
    nixpkgs-otbr.url = "github:NixOS/nixpkgs/?ref=refs/pull/332296/head";
    nixos-hardware.url = "github:NixOS/nixos-hardware";
    disko = {
--- a/services/home-assistant/default.nix
+++ b/services/home-assistant/default.nix
@ -1,5 +1,6 @@
 {
  config,
  lib,
  pkgs,
  inputs,
  ...
@ -7,12 +8,17 @@
 let
  port = config.services.home-assistant.config.http.server_port;
  devices = {
    zigbee = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20231009144806-if00";
    thread = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20231009150648-if00";
  };
 in
 {
  disabledModules = [ "services/home-automation/home-assistant.nix" ];
  imports = [
    "${inputs.nixpkgs-unstable}/nixos/modules/services/home-automation/home-assistant.nix"
    "${inputs.nixpkgs-otbr}/nixos/modules/services/home-automation/openthread-border-router.nix"
    ./wyoming.nix
    # ./esphome.nix # HINT currently unused
  ];
@ -45,7 +51,9 @@ in
      "otp"
      "upnp"
      "zha"
-      # "matter" # TODO uses insecure version of openssl
+      "thread"
      "otbr"
      "matter"
      # "esphome" # HINT currently unused
      "homekit_controller"
      "fritz"
@ -114,6 +122,26 @@ in
    # configWritable = true; # doesn't work atm
  };
  services.matter-server = {
    enable = true;
  };
  services.openthread-border-router = {
    enable = true;
    package = inputs.nixpkgs-otbr.legacyPackages.${pkgs.system}.openthread-border-router;
    radio = {
      device = devices.thread;
      baudRate = 460800;
      extraDevices = [ "trel://enp2s0" ];
    };
    backboneInterface = "enp2s0";
    rest.listenPort = 58081;
    web.listenPort = 58082;
  };
  # systemd-resolved is already providing mDNS, but avahi seems to be required for otbr
  services.avahi.enable = lib.mkOverride 40 true;
  networking.firewall.allowedTCPPorts = [
    1400 # Sonos discovery
  ];
--- a/system/networking.nix
+++ b/system/networking.nix
@ -110,7 +110,7 @@ in
  };
  # mDNS already handled by systemd-resolved
-  services.avahi.enable = false;
+  services.avahi.enable = lib.mkForce false;
  programs.mtr.enable = true;
  programs.mosh.enable = true;