fix(esphome): secure dashboard with password
This commit is contained in:
parent
945596ae95
commit
bf60a6fd82
GPG key ID:
671E39E6744C807D
3 changed files with 18 additions and 7 deletions
services
|
|
@ -5,7 +5,10 @@ with pkgs;
|
|||
let
|
||||
port = 6052;
|
||||
inherit (config.services.home-assistant) configDir;
|
||||
passwordFile = config.age.secrets.esphome-password.path;
|
||||
in {
|
||||
age.secrets.esphome-password.file = ../secrets/esphome/password.age;
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts."esphome.felschr.com" = {
|
||||
enableACME = true;
|
||||
|
|
@ -21,12 +24,10 @@ in {
|
|||
description = "ESPHome";
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
User = "hass";
|
||||
Group = "hass";
|
||||
Restart = "on-failure";
|
||||
WorkingDirectory = configDir;
|
||||
ExecStart = "${pkgs.esphome}/bin/esphome dashboard ${configDir}/esphome";
|
||||
};
|
||||
serviceConfig.LoadCredential = [ "password:${passwordFile}" ];
|
||||
script = ''
|
||||
password="$(<"$CREDENTIALS_DIRECTORY/password")"
|
||||
${pkgs.esphome}/bin/esphome dashboard ${configDir}/esphome --password "$password"
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue