feat(home-assistant): set up Thread and Matter

flake.lock

@@ -382,6 +382,22 @@
         "type": "github"
       }
     },
+    "nixpkgs-otbr": {
+      "locked": {
+        "lastModified": 1766776257,
+        "narHash": "sha256-MG9DnzBn6TdAztaMPVhW9sjYj2bi9Jcux0F0fJ6LeO4=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "0c4c97066d555b7d27a0a56ee400130ec51f02ee",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "refs/pull/332296/head",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "nixpkgs-unstable": {
       "locked": {
         "lastModified": 1767379071,
@@ -471,6 +487,7 @@
         "matrix-appservices": "matrix-appservices",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
+        "nixpkgs-otbr": "nixpkgs-otbr",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "nvim-kitty-navigator": "nvim-kitty-navigator",
         "openwrt-imagebuilder": "openwrt-imagebuilder",

flake.nix

@@ -17,6 +17,9 @@ rec {
 
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
 
+    # https://github.com/NixOS/nixpkgs/pull/332296
+    nixpkgs-otbr.url = "github:NixOS/nixpkgs/?ref=refs/pull/332296/head";
+
     nixos-hardware.url = "github:NixOS/nixos-hardware";
 
     disko = {

services/home-assistant/default.nix

@@ -1,5 +1,6 @@
 {
   config,
+  lib,
   pkgs,
   inputs,
   ...
@@ -7,12 +8,17 @@
 
 let
   port = config.services.home-assistant.config.http.server_port;
+  devices = {
+    zigbee = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20231009144806-if00";
+    thread = "/dev/serial/by-id/usb-ITEAD_SONOFF_Zigbee_3.0_USB_Dongle_Plus_V2_20231009150648-if00";
+  };
 in
 {
   disabledModules = [ "services/home-automation/home-assistant.nix" ];
 
   imports = [
     "${inputs.nixpkgs-unstable}/nixos/modules/services/home-automation/home-assistant.nix"
+    "${inputs.nixpkgs-otbr}/nixos/modules/services/home-automation/openthread-border-router.nix"
     ./wyoming.nix
     # ./esphome.nix # HINT currently unused
   ];
@@ -45,7 +51,9 @@ in
       "otp"
       "upnp"
       "zha"
-      # "matter" # TODO uses insecure version of openssl
+      "thread"
+      "otbr"
+      "matter"
       # "esphome" # HINT currently unused
       "homekit_controller"
       "fritz"
@@ -114,6 +122,26 @@ in
     # configWritable = true; # doesn't work atm
   };
 
+  services.matter-server = {
+    enable = true;
+  };
+
+  services.openthread-border-router = {
+    enable = true;
+    package = inputs.nixpkgs-otbr.legacyPackages.${pkgs.system}.openthread-border-router;
+    radio = {
+      device = devices.thread;
+      baudRate = 460800;
+      extraDevices = [ "trel://enp2s0" ];
+    };
+    backboneInterface = "enp2s0";
+    rest.listenPort = 58081;
+    web.listenPort = 58082;
+  };
+
+  # systemd-resolved is already providing mDNS, but avahi seems to be required for otbr
+  services.avahi.enable = lib.mkOverride 40 true;
+
   networking.firewall.allowedTCPPorts = [
     1400 # Sonos discovery
   ];

system/networking.nix

@@ -110,7 +110,7 @@ in
   };
 
   # mDNS already handled by systemd-resolved
-  services.avahi.enable = false;
+  services.avahi.enable = lib.mkForce false;
 
   programs.mtr.enable = true;
   programs.mosh.enable = true;