1 files changed, 58 insertions, 0 deletions

diff --git a/sys/home-assistant/hass.nix b/sys/home-assistant/hass.nix
new file mode 100644
index 0000000..631ba27
--- /dev/null
+++ b/sys/home-assistant/hass.nix
@@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+with lib; let
+  cfg = config.local.home-assistant;
+in
+{
+  options.local.home-assistant = {
+    enable = mkEnableOption "home-assistant";
+  };
+
+  config = mkIf cfg.enable {
+    # https://nathan.gs/2024/06/22/fail2ban-to-secure-ha-on-nixos/
+    environment.etc."fail2ban/filter.d/home-assistant.local".text = ''
+      [Definition]
+      failregex = ^.* \[homeassistant\.components\.http\.ban\] Login attempt or request with invalid authentication from <HOST>.*$
+      
+      ignoreregex =
+      
+      journalmatch = _SYSTEMD_UNIT=home-assistant.service + _COMM=home-assistant
+      
+      datepattern = {^LN-BEG}
+    '';
+
+    local.boot.impermanence.directories = [
+      { directory = "/var/lib/hass"; user = "hass"; group = "hass"; mode = "u=rwx,g=,o="; }
+    ];
+
+    services = {
+      fail2ban.jails.home-assistant = { };
+
+      home-assistant = {
+        enable = true;
+
+        extraComponents = [
+          "met"
+          "google_translate"
+          "radio_browser"
+          "tuya"
+          "xiaomi_miio"
+        ];
+
+        config = {
+          # Includes dependencies for a basic setup
+          # https://www.home-assistant.io/integrations/default_config/
+          default_config = { };
+        };
+
+        customComponents = with pkgs.home-assistant-custom-components; [
+          dreame_vacuum
+          xiaomi_miot
+        ];
+
+        customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
+          xiaomi-vacuum-map-card
+        ];
+      };
+    };
+  };
+}