mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-11 07:10:39 +02:00
Code Activity

feat: test z2m

Browse source
This commit is contained in:
oddlama 2025-04-14 21:53:28 +02:00
parent fdfae01dac
commit fcc462879e
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
8 changed files with 111 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/sausebiene/default.nix
View file

@ -25,6 +25,7 @@
./influxdb.nix ./influxdb.nix
./mosquitto.nix ./mosquitto.nix
./wyoming.nix ./wyoming.nix
./zigbee2mqtt.nix
]; ];
topology.self.hardware.info = "Intel N100, 16GB RAM"; topology.self.hardware.info = "Intel N100, 16GB RAM";

15
hosts/sausebiene/mosquitto.nix
View file

@ -1,5 +1,12 @@
{ config, ... }: { config, ... }:
{ {
age.secrets.mosquitto-pw-zigbee2mqtt = {
mode = "440";
owner = "zigbee2mqtt";
group = "mosquitto";
generator.script = "alnum";
};
age.secrets.mosquitto-pw-home-assistant = { age.secrets.mosquitto-pw-home-assistant = {
mode = "440"; mode = "440";
owner = "hass"; owner = "hass";
@ -14,10 +21,10 @@
{ {
acl = [ "pattern readwrite #" ]; acl = [ "pattern readwrite #" ];
users = { users = {
# zigbee2mqtt = { zigbee2mqtt = {
# passwordFile = config.age.secrets.mosquitto-pw-zigbee2mqtt.path; passwordFile = config.age.secrets.mosquitto-pw-zigbee2mqtt.path;
# acl = [ "readwrite #" ]; acl = [ "readwrite #" ];
# }; };
home_assistant = { home_assistant = {
passwordFile = config.age.secrets.mosquitto-pw-home-assistant.path; passwordFile = config.age.secrets.mosquitto-pw-home-assistant.path;
acl = [ "readwrite #" ]; acl = [ "readwrite #" ];

87
hosts/sausebiene/zigbee2mqtt.nix Normal file
View file

@ -0,0 +1,87 @@
{
config,
globals,
lib,
pkgs,
...
}:
let
zigbee2mqttDomain = "zigbee.${globals.domains.personal}";
in
{
wireguard.proxy-home.firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [
config.services.zigbee2mqtt.settings.frontend.port
];
globals.services.zigbee2mqtt.domain = zigbee2mqttDomain;
# globals.monitoring.http.homeassistant = {
# url = "https://${homeasisstantDomain}";
# expectedBodyRegex = "homeassistant";
# network = "internet";
# };
services.zigbee2mqtt = {
enable = true;
package = pkgs.zigbee2mqtt_2;
settings = {
advanced = {
log_level = "info";
channel = 25;
};
homeassistant = true;
permit_join = false;
serial = {
port = "/dev/serial/by-path/pci-0000:00:14.0-usb-0:5.4:1.0-port0";
adapter = "zstack";
};
mqtt = {
server = "mqtt://localhost:1883";
user = "zigbee2mqtt";
password = "!/run/zigbee2mqtt/secrets.yaml mosquitto-pw";
};
frontend.port = 8072;
};
};
systemd.services.zigbee2mqtt = {
serviceConfig = {
RuntimeDirectory = "zigbee2mqtt";
LoadCredential = [
"mosquitto-pw-zigbee2mqtt:${config.age.secrets.mosquitto-pw-zigbee2mqtt.path}"
];
};
preStart = lib.mkBefore ''
# Update mosquitto password
# We don't use -i because it would require chown with is a @privileged syscall
MOSQUITTO_PW="$(cat "$CREDENTIALS_DIRECTORY/mosquitto-pw-zigbee2mqtt")" \
${lib.getExe pkgs.yq-go} '.mosquitto-pw = strenv(MOSQUITTO_PW)' \
/dev/null > /run/zigbee2mqtt/secrets.yaml
'';
};
nodes.ward-web-proxy = {
services.nginx = {
upstreams."zigbee2mqtt" = {
servers."${config.wireguard.proxy-home.ipv4}:${toString config.services.zigbee2mqtt.settings.frontend.port}" =
{ };
extraConfig = ''
zone zigbee2mqtt 64k;
keepalive 2;
'';
};
virtualHosts.${zigbee2mqttDomain} = {
forceSSL = true;
useACMEWildcardHost = true;
locations."/" = {
proxyPass = "http://zigbee2mqtt";
proxyWebsockets = true;
};
extraConfig = ''
allow ${globals.net.home-lan.vlans.home.cidrv4};
allow ${globals.net.home-lan.vlans.home.cidrv6};
deny all;
'';
};
};
};
}

1
hosts/sentinel/firezone.nix
View file

@ -19,6 +19,7 @@ let
globals.services.paperless.domain globals.services.paperless.domain
globals.services.esphome.domain globals.services.esphome.domain
globals.services.home-assistant.domain globals.services.home-assistant.domain
globals.services.zigbee2mqtt.domain
"fritzbox.${globals.domains.personal}" "fritzbox.${globals.domains.personal}"
]; ];

1
hosts/ward/default.nix
View file

@ -20,6 +20,7 @@ let
globals.services.paperless.domain globals.services.paperless.domain
globals.services.esphome.domain globals.services.esphome.domain
globals.services.home-assistant.domain globals.services.home-assistant.domain
globals.services.zigbee2mqtt.domain
"fritzbox.${globals.domains.personal}" "fritzbox.${globals.domains.personal}"
]; ];
in in

1
hosts/ward/guests/adguardhome.nix
View file

@ -119,6 +119,7 @@ in
globals.services.paperless.domain globals.services.paperless.domain
globals.services.esphome.domain globals.services.esphome.domain
globals.services.home-assistant.domain globals.services.home-assistant.domain
globals.services.zigbee2mqtt.domain
"fritzbox.${globals.domains.personal}" "fritzbox.${globals.domains.personal}"
]; ];
filters = [ filters = [

9
secrets/generated/sausebiene/mosquitto-pw-zigbee2mqtt.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> X25519 U/Thn4wTLTDEF+mcWV5ZC8NZ5qBIwKQxxnoZOugHiDg
gF+2ZwYjT1cGIS7Q6T/c+bZdrIKpGiEQMi27qG0bYsA
-> piv-p256 xqSe8Q ArPNbPO60gHXtHNndhWIibqoJ/3W5JFr/GWc3iZ0Gvp+
7iYbOcHduUzt2f8PAW433RLqLNpH1EDzlBDy+8ez0+M
-> iF51-grease |M2 voKb|f $({}coDX R2eT
9Us2yS3sDz89PGI3Sy3jvSv6+0Unpy76BeuhfyYEJcwHRGeqZHuiSDEkZyOT
--- Z2X0Rk9vCYMgzTsnYqPpgc28AQH60qbYHm2PTAHx9So
ã•ÐŽ…•ÞÆ–ã•z˃w("ê�:ÆÌØÃvà€:sÞƒBãêo›àá �bîAðíæ….éIÔ N‚5OóT%¨Ù|Zõ¾([

BIN
secrets/rekeyed/sausebiene/bf9d6a3cda28060387b1c7dcb58bbdfc-mosquitto-pw-zigbee2mqtt.age Normal file
View file

Binary file not shown.