diff --git a/hosts/zackbiene/README.md b/hosts/zackbiene/README.md new file mode 100644 index 0000000..aea9262 --- /dev/null +++ b/hosts/zackbiene/README.md @@ -0,0 +1,5 @@ +# First Setup + +- In HomeAssistant, MQTT integration needs to be added + manually, and the mqtt connection details must be entered + localhost:1883, user=home_assistant, pass= diff --git a/hosts/zackbiene/default.nix b/hosts/zackbiene/default.nix index 1e599a6..f7bcad0 100644 --- a/hosts/zackbiene/default.nix +++ b/hosts/zackbiene/default.nix @@ -15,7 +15,11 @@ ./fs.nix ./net.nix + ./home-assistant.nix + ./mosquitto.nix + ./zigbee2mqtt.nix + ./esphome.nix ]; boot.loader.grub.enable = false; diff --git a/hosts/zackbiene/esphome.nix b/hosts/zackbiene/esphome.nix index def7edf..b8d9b3d 100644 --- a/hosts/zackbiene/esphome.nix +++ b/hosts/zackbiene/esphome.nix @@ -41,8 +41,7 @@ in { ReadWritePaths = dataDir; RemoveIPC = true; RestrictAddressFamilies = [ - "AF_INET" - "AF_INET6" + "AF_UNIX" ]; RestrictNamespaces = true; RestrictRealtime = true; diff --git a/hosts/zackbiene/home-assistant-secrets.yaml.age b/hosts/zackbiene/home-assistant-secrets.yaml.age new file mode 100644 index 0000000..b6b2d30 --- /dev/null +++ b/hosts/zackbiene/home-assistant-secrets.yaml.age @@ -0,0 +1,12 @@ +age-encryption.org/v1 +-> X25519 90GQu1DAxHxwy1GWOAE1rHYoQs77Q35YPuQCRTgcWFk +3AefIIsdsaE/exhb7acz/Vh4OBKIl15rRxFnndo6g2I +-> piv-p256 xqSe8Q A+/OdhOqSsDgiaYVOoa7Tnk/JZdSGgHJ094mtoort+V3 +tBDFM3y1wDUt2UzjMLgFWprcFSPp25djnJAqXah4/+4 +-> ;[OuQ^De-grease Ce@IYqTR +B85uiwRHPv4yBPoaXxIvJJb9s+UGkfF/KQ1mEIoBu9XBArYESFmj+kLcSWgLI1r5 +CI26cYM +--- K9FHvO0db0Xe6pGjnbLeJRqHGI+lFFnFoo6/R5d8dZ4 +>©ˆqñOhÓ¦qP +)Ć°„%®É>ÂôÔ|ÁÀÒzNjó G•<à3S´àÝR‰2¶±^?\|ßDEÏ2œÕ'€ ±[l‡fL³*GªùQ ùUk#JEÞGàxЪ-Šù*̬Bnµƒç"šq;£©¾Â‘{Ê +ì¬{ü僦°ì{!)ðŒ˜w ÷ÝÃU w½H„}àŒòýœüîïæDÕ„5jRWîLCl8_Ù¢G \ No newline at end of file diff --git a/hosts/zackbiene/home-assistant.nix b/hosts/zackbiene/home-assistant.nix index 3d88dde..c9db282 100644 --- a/hosts/zackbiene/home-assistant.nix +++ b/hosts/zackbiene/home-assistant.nix @@ -1,4 +1,8 @@ { + lib, + config, + ... +}: { services.home-assistant = { enable = true; extraComponents = [ @@ -13,6 +17,22 @@ ]; openFirewall = true; config = { + homeassistant = { + name = "!secret ha_name"; + latitude = "!secret ha_latitude"; + longitude = "!secret ha_longitude"; + elevation = "!secret ha_elevation"; + currency = "!secret ha_currency"; + time_zone = "!secret ha_time_zone"; + unit_system = "metric"; + #external_url = "https://"; + packages = { + manual = "!include manual.yaml"; + }; + }; + #frontend = { + # themes = "!include_dir_merge_named themes"; + #}; default_config = {}; met = {}; }; @@ -24,35 +44,20 @@ ]; }; - # TODO set lat long etc here not manually + rekey.secrets."home-assistant-secrets.yaml" = { + file = ./home-assistant-secrets.yaml.age; + owner = "hass"; + }; + + systemd.services.home-assistant = { + preStart = lib.mkBefore '' + ln -sf ${config.rekey.secrets."home-assistant-secrets.yaml".path} ${config.services.home-assistant.configDir}/secrets.yaml + touch -a ${config.services.home-assistant.configDir}/{automations,scenes,scripts,manual}.yaml + ''; + }; + # TODO HA and zigbee2mqtt behind nginx please - # - auth for zigbee2mqtt + # - auth for zigbee2mqtt frontend # - auth for esphome dashboard # - only allow connections from privileged LAN to HA or from vpn range - # TODO use password auth for mosquitto - services.mosquitto = { - enable = true; - persistence = true; - listeners = [ - { - acl = ["pattern readwrite #"]; - omitPasswordAuth = true; - settings.allow_anonymous = true; - } - ]; - }; - networking.firewall.allowedTCPPorts = [8072]; - services.zigbee2mqtt = { - enable = true; - settings = { - homeassistant = true; - permit_join = true; - serial = { - port = "/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0"; - }; - frontend = { - port = 8072; - }; - }; - }; } diff --git a/hosts/zackbiene/mosquitto-pw-home_assistant.age b/hosts/zackbiene/mosquitto-pw-home_assistant.age new file mode 100644 index 0000000..c4626c8 Binary files /dev/null and b/hosts/zackbiene/mosquitto-pw-home_assistant.age differ diff --git a/hosts/zackbiene/mosquitto-pw-zigbee2mqtt.age b/hosts/zackbiene/mosquitto-pw-zigbee2mqtt.age new file mode 100644 index 0000000..5d4df35 --- /dev/null +++ b/hosts/zackbiene/mosquitto-pw-zigbee2mqtt.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> X25519 fnG14tqQJow7aCttB48iukNYbIENNYSCOdnGmzsUR08 +CUgbzHmMTVDjVvwXoJ1Li1HJuCQcexOwTA8vyI1qBy0 +-> piv-p256 xqSe8Q A2lUZF0cZPhAduYPGQg/vrpLPVidJQuIXMh1KCIw2fJu +SVtOdeJXECGJtNsJkDGnrljvO1xWqmCueMS7dISppP0 +-> 97L6-grease 9 Uv0 :8=|& +5sV9Y2boLn0oRELbKB1PHp/1YbofZfNprKwUjrcXHTl2qsc02mVOVGBcoghUg7qa +z99fVBeVj+nR/E6In8lDKR7mUf7ZF8oHxIDEGQcQ9hysO3jbWFA6CMH48h9ICcen +hEI +--- gP2qI8vwLWirtwKRpx3iyNc+MUi03qQ353vfzxjYA+8 +RN¯±c<’{rÏ2_Zèj|žÆAõ.ê*=9C‘öÈÞ¸qp‰Ê•/PÓ@¬ÈO-±  \ No newline at end of file diff --git a/hosts/zackbiene/mosquitto-pw-zigbee2mqtt.yaml.age b/hosts/zackbiene/mosquitto-pw-zigbee2mqtt.yaml.age new file mode 100644 index 0000000..10aa994 Binary files /dev/null and b/hosts/zackbiene/mosquitto-pw-zigbee2mqtt.yaml.age differ diff --git a/hosts/zackbiene/mosquitto.nix b/hosts/zackbiene/mosquitto.nix new file mode 100644 index 0000000..5f3366f --- /dev/null +++ b/hosts/zackbiene/mosquitto.nix @@ -0,0 +1,39 @@ +{ + lib, + config, + ... +}: { + rekey.secrets.mosquitto-pw-zigbee2mqtt = { + file = ./mosquitto-pw-zigbee2mqtt.age; + mode = "440"; + owner = "zigbee2mqtt"; + group = "mosquitto"; + }; + rekey.secrets.mosquitto-pw-home_assistant = { + file = ./mosquitto-pw-home_assistant.age; + mode = "440"; + owner = "hass"; + group = "mosquitto"; + }; + + services.mosquitto = { + enable = true; + persistence = true; + listeners = [ + { + acl = ["pattern readwrite #"]; + users = { + zigbee2mqtt = { + passwordFile = config.rekey.secrets.mosquitto-pw-zigbee2mqtt.path; + acl = ["readwrite #"]; + }; + home_assistant = { + passwordFile = config.rekey.secrets.mosquitto-pw-home_assistant.path; + acl = ["readwrite #"]; + }; + }; + settings.allow_anonymous = false; + } + ]; + }; +} diff --git a/hosts/zackbiene/zigbee2mqtt.nix b/hosts/zackbiene/zigbee2mqtt.nix new file mode 100644 index 0000000..a3db3f0 --- /dev/null +++ b/hosts/zackbiene/zigbee2mqtt.nix @@ -0,0 +1,32 @@ +{ + lib, + config, + ... +}: { + rekey.secrets."mosquitto-pw-zigbee2mqtt.yaml" = { + file = ./mosquitto-pw-zigbee2mqtt.yaml.age; + mode = "440"; + owner = "zigbee2mqtt"; + group = "mosquitto"; + }; + + networking.firewall.allowedTCPPorts = [8072]; + services.zigbee2mqtt = { + enable = true; + settings = { + homeassistant = true; + permit_join = true; + serial = { + port = "/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0"; + }; + mqtt = { + server = "mqtt://localhost:1883"; + user = "zigbee2mqtt"; + password = "!${config.rekey.secrets."mosquitto-pw-zigbee2mqtt.yaml".path} password"; + }; + frontend = { + port = 8072; + }; + }; + }; +} diff --git a/users/common/graphical/kitty.nix b/users/common/graphical/kitty.nix index af81b5e..345570e 100644 --- a/users/common/graphical/kitty.nix +++ b/users/common/graphical/kitty.nix @@ -3,6 +3,9 @@ pkgs, ... }: { + home.sessionVariables = { + TERMINFO_DIRS = "${pkgs.kitty.terminfo.outPath}/share/terminfo"; + }; programs.kitty = { enable = true; package = pkgs.kitty.overrideAttrs (finalAttrs: prevAttrs: { @@ -14,9 +17,6 @@ size = 10; }; settings = { - # Use xterm-256color because copying terminfo-kitty is painful. - term = "xterm-256color"; - # Do not wait for inherited child processes. close_on_child_death = "yes";