sys/home-assistant/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

{ config, lib, pkgs, ... }:
with lib; let
  cfg = config.local.home-assistant;
in
{
  options.local.home-assistant = {
    enable = mkEnableOption "home-assistant";
  };

  config = mkIf cfg.enable {
    # https://nathan.gs/2024/06/22/fail2ban-to-secure-ha-on-nixos/
    environment.etc."fail2ban/filter.d/home-assistant.local".text = ''
      [Definition]
      failregex = ^.* \[homeassistant\.components\.http\.ban\] Login attempt or request with invalid authentication from <HOST>.*$
      
      ignoreregex =
      
      journalmatch = _SYSTEMD_UNIT=home-assistant.service + _COMM=home-assistant
      
      datepattern = {^LN-BEG}
    '';

    local.boot.impermanence.directories = [
      { directory = "/var/lib/hass"; user = "hass"; group = "hass"; mode = "u=rwx,g=,o="; }
    ];

    services = {
      fail2ban.jails.home-assistant = { };

      home-assistant = {
        enable = true;

        extraComponents = [
          "met"
          "google_translate"
          "radio_browser"
          "tuya"
          "xiaomi_miio"
        ];

        config = {
          # Includes dependencies for a basic setup
          # https://www.home-assistant.io/integrations/default_config/
          default_config = { };
        };

        customComponents = with pkgs.home-assistant-custom-components; [
          dreame_vacuum
          xiaomi_miot
        ];

        customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
          xiaomi-vacuum-map-card
        ];
      };
    };
  };
}