feat: allow homeassistant to see adguardhome

2025-01-26 03:10:22 +01:00 · 2025-01-26 03:10:22 +01:00 · 962532ea09
commit 962532ea09
parent 3d37e2959f
8 changed files with 49 additions and 2 deletions
--- a/hosts/sausebiene/home-assistant.nix
+++ b/hosts/sausebiene/home-assistant.nix
@ -8,7 +8,7 @@
 }:
 let
  homeassistantDomain = "home.${globals.domains.personal}";
-  fritzboxDomain = "fritzbox.${globals.domains.me}";
+  fritzboxDomain = "fritzbox.${globals.domains.personal}";
 in
 {
  wireguard.proxy-home.firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [
@ -80,7 +80,8 @@ in
        currency = "EUR";
        time_zone = "Europe/Berlin";
        unit_system = "metric";
-        #external_url = "https://";
+        external_url = "https://${homeassistantDomain}";
+        internal_url = "https://${homeassistantDomain}";
        packages.manual = "!include manual.yaml";
      };

@ -164,6 +165,10 @@ in
    fritzboxDomain
  ];

+  networking.hosts.${nodes.ward-adguardhome.config.wireguard.proxy-home.ipv4} = [
+    "adguardhome.internal"
+  ];
+
  nodes.ward-web-proxy = {
    services.nginx = {
      upstreams."home-assistant" = {
--- a/hosts/ward/guests/adguardhome.nix
+++ b/hosts/ward/guests/adguardhome.nix
@ -13,6 +13,12 @@ in
    firewallRuleForNode.sentinel.allowedTCPPorts = [ config.services.adguardhome.port ];
  };

+  # Allow home-assistant to access it directly
+  wireguard.proxy-home = {
+    client.via = "ward";
+    firewallRuleForNode.sausebiene.allowedTCPPorts = [ config.services.adguardhome.port ];
+  };
+
  globals.services.adguardhome.domain = adguardhomeDomain;
  globals.monitoring.dns.adguardhome = {
    server = globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv4;