blob: 7fd3251f9a3f33501633cd9ea6d51fc56a12f214 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
|
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.local.home-assistant;
in {
options.local.home-assistant = {
enable = mkEnableOption "home-assistant";
};
config = mkIf cfg.enable {
# https://nathan.gs/2024/06/22/fail2ban-to-secure-ha-on-nixos/
environment.etc."fail2ban/filter.d/home-assistant.local".text = ''
[Definition]
failregex = ^.* \[homeassistant\.components\.http\.ban\] Login attempt or request with invalid authentication from <HOST>.*$
ignoreregex =
journalmatch = _SYSTEMD_UNIT=home-assistant.service + _COMM=home-assistant
datepattern = {^LN-BEG}
'';
local.boot.impermanence.directories = [
{
directory = "/var/lib/hass";
user = "hass";
group = "hass";
mode = "u=rwx,g=,o=";
}
];
services = {
fail2ban.jails.home-assistant = {};
home-assistant = {
enable = true;
extraComponents = [
"met"
"google_translate"
"radio_browser"
"tuya"
"wake_on_lan"
"webostv"
"xiaomi_miio"
];
config = {
# Includes dependencies for a basic setup
# https://www.home-assistant.io/integrations/default_config/
default_config = {};
switch = [
# Televisor 192.168.42.205
# TODO: No sirve por 192.168.34 vs 192.168.42
{
platform = "wake_on_lan";
mac = "74:40:be:58:5f:da";
}
];
};
customComponents = with pkgs.home-assistant-custom-components; [
dreame_vacuum
smartthinq_sensors
xiaomi_miot
];
customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
xiaomi-vacuum-map-card
];
};
};
};
}
|
