diff options
Diffstat (limited to 'sys/home-assistant')
| -rw-r--r-- | sys/home-assistant/default.nix | 60 | ||||
| -rw-r--r-- | sys/home-assistant/hass.nix | 58 | ||||
| -rw-r--r-- | sys/home-assistant/yaml-extra.nix | 22 |
3 files changed, 84 insertions, 56 deletions
diff --git a/sys/home-assistant/default.nix b/sys/home-assistant/default.nix index 631ba27..e997c08 100644 --- a/sys/home-assistant/default.nix +++ b/sys/home-assistant/default.nix @@ -1,58 +1,6 @@ -{ config, lib, pkgs, ... }: -with lib; let - cfg = config.local.home-assistant; -in { - options.local.home-assistant = { - enable = mkEnableOption "home-assistant"; - }; - - config = mkIf cfg.enable { - # https://nathan.gs/2024/06/22/fail2ban-to-secure-ha-on-nixos/ - environment.etc."fail2ban/filter.d/home-assistant.local".text = '' - [Definition] - failregex = ^.* \[homeassistant\.components\.http\.ban\] Login attempt or request with invalid authentication from <HOST>.*$ - - ignoreregex = - - journalmatch = _SYSTEMD_UNIT=home-assistant.service + _COMM=home-assistant - - datepattern = {^LN-BEG} - ''; - - local.boot.impermanence.directories = [ - { directory = "/var/lib/hass"; user = "hass"; group = "hass"; mode = "u=rwx,g=,o="; } - ]; - - services = { - fail2ban.jails.home-assistant = { }; - - home-assistant = { - enable = true; - - extraComponents = [ - "met" - "google_translate" - "radio_browser" - "tuya" - "xiaomi_miio" - ]; - - config = { - # Includes dependencies for a basic setup - # https://www.home-assistant.io/integrations/default_config/ - default_config = { }; - }; - - customComponents = with pkgs.home-assistant-custom-components; [ - dreame_vacuum - xiaomi_miot - ]; - - customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [ - xiaomi-vacuum-map-card - ]; - }; - }; - }; + imports = [ + ./hass.nix + ./yaml-extra.nix + ]; } diff --git a/sys/home-assistant/hass.nix b/sys/home-assistant/hass.nix new file mode 100644 index 0000000..631ba27 --- /dev/null +++ b/sys/home-assistant/hass.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: +with lib; let + cfg = config.local.home-assistant; +in +{ + options.local.home-assistant = { + enable = mkEnableOption "home-assistant"; + }; + + config = mkIf cfg.enable { + # https://nathan.gs/2024/06/22/fail2ban-to-secure-ha-on-nixos/ + environment.etc."fail2ban/filter.d/home-assistant.local".text = '' + [Definition] + failregex = ^.* \[homeassistant\.components\.http\.ban\] Login attempt or request with invalid authentication from <HOST>.*$ + + ignoreregex = + + journalmatch = _SYSTEMD_UNIT=home-assistant.service + _COMM=home-assistant + + datepattern = {^LN-BEG} + ''; + + local.boot.impermanence.directories = [ + { directory = "/var/lib/hass"; user = "hass"; group = "hass"; mode = "u=rwx,g=,o="; } + ]; + + services = { + fail2ban.jails.home-assistant = { }; + + home-assistant = { + enable = true; + + extraComponents = [ + "met" + "google_translate" + "radio_browser" + "tuya" + "xiaomi_miio" + ]; + + config = { + # Includes dependencies for a basic setup + # https://www.home-assistant.io/integrations/default_config/ + default_config = { }; + }; + + customComponents = with pkgs.home-assistant-custom-components; [ + dreame_vacuum + xiaomi_miot + ]; + + customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [ + xiaomi-vacuum-map-card + ]; + }; + }; + }; +} diff --git a/sys/home-assistant/yaml-extra.nix b/sys/home-assistant/yaml-extra.nix new file mode 100644 index 0000000..6275e12 --- /dev/null +++ b/sys/home-assistant/yaml-extra.nix @@ -0,0 +1,22 @@ +{ lib, ... }: +with lib; { + options.services.home-assistant = { + config = mkOption { + type = with lib.types; nullOr (submodule { + options = { + http = { + use_x_forwarded_for = mkOption { + type = nullOr bool; + default = null; + }; + + trusted_proxies = mkOption { + type = nullOr (either str (listOf str)); + default = null; + }; + }; + }; + }); + }; + }; +} |