3 files changed, 108 insertions, 0 deletions

diff --git a/sys/home-assistant/default.nix b/sys/home-assistant/default.nix
new file mode 100644
index 0000000..e997c08
--- /dev/null
+++ b/sys/home-assistant/default.nix
@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./hass.nix
+    ./yaml-extra.nix
+  ];
+}
diff --git a/sys/home-assistant/hass.nix b/sys/home-assistant/hass.nix
new file mode 100644
index 0000000..7fd3251
--- /dev/null
+++ b/sys/home-assistant/hass.nix
@@ -0,0 +1,79 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.local.home-assistant;
+in {
+  options.local.home-assistant = {
+    enable = mkEnableOption "home-assistant";
+  };
+
+  config = mkIf cfg.enable {
+    # https://nathan.gs/2024/06/22/fail2ban-to-secure-ha-on-nixos/
+    environment.etc."fail2ban/filter.d/home-assistant.local".text = ''
+      [Definition]
+      failregex = ^.* \[homeassistant\.components\.http\.ban\] Login attempt or request with invalid authentication from <HOST>.*$
+
+      ignoreregex =
+
+      journalmatch = _SYSTEMD_UNIT=home-assistant.service + _COMM=home-assistant
+
+      datepattern = {^LN-BEG}
+    '';
+
+    local.boot.impermanence.directories = [
+      {
+        directory = "/var/lib/hass";
+        user = "hass";
+        group = "hass";
+        mode = "u=rwx,g=,o=";
+      }
+    ];
+
+    services = {
+      fail2ban.jails.home-assistant = {};
+
+      home-assistant = {
+        enable = true;
+
+        extraComponents = [
+          "met"
+          "google_translate"
+          "radio_browser"
+          "tuya"
+          "wake_on_lan"
+          "webostv"
+          "xiaomi_miio"
+        ];
+
+        config = {
+          # Includes dependencies for a basic setup
+          # https://www.home-assistant.io/integrations/default_config/
+          default_config = {};
+
+          switch = [
+            # Televisor 192.168.42.205
+            # TODO: No sirve por 192.168.34 vs 192.168.42
+            {
+              platform = "wake_on_lan";
+              mac = "74:40:be:58:5f:da";
+            }
+          ];
+        };
+
+        customComponents = with pkgs.home-assistant-custom-components; [
+          dreame_vacuum
+          smartthinq_sensors
+          xiaomi_miot
+        ];
+
+        customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
+          xiaomi-vacuum-map-card
+        ];
+      };
+    };
+  };
+}
diff --git a/sys/home-assistant/yaml-extra.nix b/sys/home-assistant/yaml-extra.nix
new file mode 100644
index 0000000..77d1ed2
--- /dev/null
+++ b/sys/home-assistant/yaml-extra.nix
@@ -0,0 +1,23 @@
+{lib, ...}:
+with lib; {
+  options.services.home-assistant = {
+    config = mkOption {
+      type = with lib.types;
+        nullOr (submodule {
+          options = {
+            http = {
+              use_x_forwarded_for = mkOption {
+                type = nullOr bool;
+                default = null;
+              };
+
+              trusted_proxies = mkOption {
+                type = nullOr (either str (listOf str));
+                default = null;
+              };
+            };
+          };
+        });
+    };
+  };
+}