web/sites: add home portal

1 files changed, 41 insertions, 39 deletions

diff --git a/sys/nspawn/dmz.nix b/sys/nspawn/dmz.nix
index 080b32d..af91f82 100644
--- a/sys/nspawn/dmz.nix
+++ b/sys/nspawn/dmz.nix
@@ -2,6 +2,9 @@
 with lib; let
   cfg = config.local.nspawn.dmz;
   inherit (config.local) mailHost;
+
+  hassPort = config.services.home-assistant.config.http.server_port;
+  hassEnable = config.local.home-assistant.enable;
 in
 {
   options.local.nspawn.dmz = with types; {
@@ -44,52 +47,51 @@ in
 
   config = mkIf cfg.enable {
     local = {
-      mailHost = {
-        mdaListen = cfg.hostAddr;
-        saslPort = 11000;
-        lmtpPort = 11001;
-      };
+      mailHost.mdaListen = cfg.hostAddr;
+
+      nspawn.dmz.system =
+        let
+          containerModule = { ... }: {
+            #TODO: urgente: bloquear puertos de dovecot a non-postfix con iptables
+            config = {
+              local = {
+                preset.dmz = {
+                  enable = true;
+                  container = true;
+                };
 
-      nspawn.dmz = {
-        system =
-          let
-            containerModule = { ... }: {
-              #TODO: urgente: bloquear puertos de dovecot a non-postfix con iptables
-              config = {
-                local = {
-                  preset.dmz = {
-                    enable = true;
-                    container = true;
-                  };
-
-                  mta = {
-                    mdaAddr = mailHost.mdaListen;
-                    inherit (mailHost) saslPort lmtpPort;
-                  };
+                mta = {
+                  mdaAddr = mailHost.mdaListen;
+                  inherit (mailHost) saslPort lmtpPort;
                 };
 
-                nixpkgs = {
-                  pkgs = mkDefault pkgs;
-                  localSystem = mkDefault pkgs.stdenv.hostPlatform;
+                web.sites.home = {
+                  enable = hassEnable;
+                  proxyUrl = "http://${cfg.hostAddr}:${toString hassPort}";
                 };
               };
+
+              nixpkgs = {
+                pkgs = mkDefault pkgs;
+                localSystem = mkDefault pkgs.stdenv.hostPlatform;
+              };
             };
-          in
-          # Tomado de la definición de pkgs.nixos junto con definición de nixpkgs.{pkgs,localSystem} arriba
-          import "${flakes.nixpkgs}/nixos/lib/eval-config.nix" {
-            modules = [
-              ../.
-              containerModule
-            ];
-
-            system = null;
-            specialArgs = { inherit flakes; };
           };
+        in
+        # Tomado de la definición de pkgs.nixos junto con definición de nixpkgs.{pkgs,localSystem} arriba
+        import "${flakes.nixpkgs}/nixos/lib/eval-config.nix" {
+          modules = [
+            ../.
+            containerModule
+          ];
+
+          system = null;
+          specialArgs = { inherit flakes; };
+        };
+    };
 
-        net = "10.34.3.0";
-        netBits = 28;
-        hostAddr = "10.34.3.1";
-      };
+    services = {
+      home-assistant.config.http.server_host = singleton cfg.hostAddr;
     };
 
     systemd = {
@@ -152,7 +154,7 @@ in
       allowedTCPPorts = [ 25 80 443 ];
 
       interfaces.ve-dmz = {
-        allowedTCPPorts = [ mailHost.saslPort mailHost.lmtpPort ];
+        allowedTCPPorts = [ mailHost.saslPort mailHost.lmtpPort ] ++ optional hassEnable hassPort;
         allowedUDPPorts = [ 67 ]; # DHCP
       };
     };