sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: allow homeassistant to see adguardhome

Browse source
This commit is contained in:
oddlama 2025-01-26 03:10:22 +01:00
parent 3d37e2959f
commit 962532ea09
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
8 changed files with 49 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
hosts/sausebiene/home-assistant.nix
View file

@ -8,7 +8,7 @@
}: }:
let let
homeassistantDomain = "home.${globals.domains.personal}"; homeassistantDomain = "home.${globals.domains.personal}";
fritzboxDomain = "fritzbox.${globals.domains.me}"; fritzboxDomain = "fritzbox.${globals.domains.personal}";
in in
{ {
wireguard.proxy-home.firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [ wireguard.proxy-home.firewallRuleForNode.ward-web-proxy.allowedTCPPorts = [
@ -80,7 +80,8 @@ in
currency = "EUR"; currency = "EUR";
time_zone = "Europe/Berlin"; time_zone = "Europe/Berlin";
unit_system = "metric"; unit_system = "metric";
#external_url = "https://"; external_url = "https://${homeassistantDomain}";
internal_url = "https://${homeassistantDomain}";
packages.manual = "!include manual.yaml"; packages.manual = "!include manual.yaml";
}; };
@ -164,6 +165,10 @@ in
fritzboxDomain fritzboxDomain
]; ];
networking.hosts.${nodes.ward-adguardhome.config.wireguard.proxy-home.ipv4} = [
"adguardhome.internal"
];
nodes.ward-web-proxy = { nodes.ward-web-proxy = {
services.nginx = { services.nginx = {
upstreams."home-assistant" = { upstreams."home-assistant" = {

6
hosts/ward/guests/adguardhome.nix
View file

@ -13,6 +13,12 @@ in
firewallRuleForNode.sentinel.allowedTCPPorts = [ config.services.adguardhome.port ]; firewallRuleForNode.sentinel.allowedTCPPorts = [ config.services.adguardhome.port ];
}; };
# Allow home-assistant to access it directly
wireguard.proxy-home = {
client.via = "ward";
firewallRuleForNode.sausebiene.allowedTCPPorts = [ config.services.adguardhome.port ];
};
globals.services.adguardhome.domain = adguardhomeDomain; globals.services.adguardhome.domain = adguardhomeDomain;
globals.monitoring.dns.adguardhome = { globals.monitoring.dns.adguardhome = {
server = globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv4; server = globals.net.home-lan.vlans.services.hosts.ward-adguardhome.ipv4;

8
secrets/rekeyed/ward-adguardhome/a59470476f4151bbae3e2b65010d1003-wireguard-proxy-home-psks-ward+ward-adguardhome.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 iMlJww LcDZuXwwr/dGoj/CzBn9brVhyZjpCTalCCqSghTgKXo
gjlkRjoWfeU1p62rZUiwZNmDVfkZYkGVzwjqCB4o3Kc
-> |?s>\8-grease : qWq 7s 6
BcxYNl6jGOWAQne7b73ndOl4F+Sx/KWZu2YnWSGk5t6xigHGdhnayS15c7UpMwtX
2kRllLKGT+GVa1ZdkcxqOomFVCEuTqphLflsmyAVZOWiDOcKz5trJJIwzaglCl4
--- cAhf8esIsFV6xjJB50XcoPY1Q6KRA/Zunin3KVXPIqE
?`"zlÅïÀƒêyJ…§_¿f3<P°Ú.›aäxCýHì+ýC ’û£*âk™Ìßx>ñƒ…°ÏG5<@ÏKwáÅ`Û3qO(G

8
secrets/rekeyed/ward-adguardhome/ae68e15b0af4a73aca607cc0fcae24b3-wireguard-proxy-home-priv-ward-adguardhome.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 iMlJww jtnCnEFZ1T/u9JYmyHF1qDdAss49L9pdwCLGiWx2fRk
fFlcfA91amGpSLfj+/eC3Vlq+xMT5sUbGJ1ETb6KjRE
-> Ib-grease M;HenC[2 4D~s$ eHi[gc/#
ug8sUzolBxptKxNReOiU0sw/V6K/7Z4z7d9hkZpgVDLIk7js7EElkTmLlyr5JX0/
bA5KBj6prReCaSTxlKpe5mQzW5vVjjBn
--- ajcDhhtD3Lr25V6lKBK6MhiKutoPurRyiS1daILhQ+c
äÉkßA¬Æ\‡t¹¬ÞB/»hÜo(SÇßÌþÀ€èž®Š<Z¶Æ5î»>Ò}¼QÛ…ŒgEÓ&ÏS ¦4îÍJLl“3á/P^º-

9
secrets/rekeyed/ward/0807225dcebc6e46b72050aae1d9f8ce-wireguard-proxy-home-psks-ward+ward-adguardhome.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 iNceIg aLBsJxvdC9NQbN5Sdv1JkljaXiwo3lVQLYYN3gu6jgw
B4PbbBvHf/xs97U7vaob55DJxVNwWaqMzRf26mayeP4
-> pg_02\K-grease dl34LY
qnYGF6f0nfvHrPkYDymNgG6iS7RwpThN3I2X3HIG0SOWktqmTgHpFmwqcCPrBxZS
EKML2Qzgz1hpO2ml
--- mCTF7YTPFttEgFQM1EVnTpCxTRqSijEcwgDpLqVzZ7o
öHsDu½ã¯â‡~—âŠeP Œk#£jtÁECxê)Î4¬ÜkCÍõ‰9Ì@ýùt ‘p7±8Ó«ofU „Ùs
ydÌ°>{“x‘sC

10
secrets/wireguard/proxy-home/keys/ward-adguardhome.age Normal file
View file

@ -0,0 +1,10 @@
age-encryption.org/v1
-> X25519 vW5hwIXwVkbRjMGS8cHM5lvB9SNQD0dSV5xR2PFRhkk
A4YoPsXllbPp3x7RwbMNRJjQ217PS8El/9V5TfADG7U
-> piv-p256 xqSe8Q A6xD8V3EOqGFHOytfnKWLL6K5Dz7KWO5XoAPs/Un7WT8
g59blWifMKGL6qdRj3+PYsQnmfDezySzd4FItEcl5OA
-> h6^upJ-grease
0aZsMxGYVCyLC29k+vuIjlLmUQs3nEW0tKBsJm51dQ38RhXzwfZ0/18j/iJMQbPF
f/b+LxRkNSWz7Hgb7a0Gkg
--- wyTiI3dbqYlLOg3aY/dwMNLEowuWXX5T3mR8xnDjj4k
1›—Ù36 –dqÄGën[£)|оˆpn¥»å­=ÎØ›^¦c¥dý6B¸„!oS,m–€U¦ãb¼"ŠÁ4JÕ¡N½­H3X̾öÅ3

1
secrets/wireguard/proxy-home/keys/ward-adguardhome.pub Normal file
View file

@ -0,0 +1 @@
/cNYC+G+JTSbVfjCRO+gm1odlmsbA6aIMqj76lDo210=

BIN
secrets/wireguard/proxy-home/psks/ward+ward-adguardhome.age Normal file
View file

Binary file not shown.