Configure aresix

2025-08-14 15:58:36 +02:00 · 2025-08-14 15:58:36 +02:00 · 4011299399
commit 4011299399
parent cb8d24c6ce
7 changed files with 289 additions and 2 deletions
--- a/flake.lock
+++ b/flake.lock
@ -94,6 +94,66 @@
        "type": "github"
      }
    },
+    "flake-parts_2": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1736143030,
+        "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems_3"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "flocken": {
+      "inputs": {
+        "flake-parts": "flake-parts_2",
+        "nixpkgs": [
+          "tg-ha-door",
+          "nixpkgs"
+        ],
+        "systems": "systems_2"
+      },
+      "locked": {
+        "lastModified": 1737581094,
+        "narHash": "sha256-MSjyNy4zENfngnSdXQ6ef/wwACB0jfDyhy0qkI67F9A=",
+        "owner": "mirkolenz",
+        "repo": "flocken",
+        "rev": "97921a2650cb3de20c2a5ee591b00a6d5099fc40",
+        "type": "github"
+      },
+      "original": {
+        "owner": "mirkolenz",
+        "ref": "v2",
+        "repo": "flocken",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
@ -115,6 +175,34 @@
        "type": "github"
      }
    },
+    "ixx": {
+      "inputs": {
+        "flake-utils": [
+          "tg-ha-door",
+          "search",
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "tg-ha-door",
+          "search",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1754860581,
+        "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=",
+        "owner": "NuschtOS",
+        "repo": "ixx",
+        "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NuschtOS",
+        "ref": "v0.1.1",
+        "repo": "ixx",
+        "type": "github"
+      }
+    },
    "nix-darwin": {
      "inputs": {
        "nixpkgs": [
@ -177,6 +265,18 @@
        "url": "https://nixos.org/channels/nixpkgs-unstable/nixexprs.tar.xz"
      }
    },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1735774519,
+        "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz"
+      }
+    },
    "nixpkgs_2": {
      "locked": {
        "lastModified": 1754689972,
@ -197,7 +297,31 @@
      "inputs": {
        "clan-core": "clan-core",
        "home-manager": "home-manager",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_2",
+        "tg-ha-door": "tg-ha-door"
+      }
+    },
+    "search": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "ixx": "ixx",
+        "nixpkgs": [
+          "tg-ha-door",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1754869408,
+        "narHash": "sha256-G1zNuxiCDfqNQVoL9j5v+ZYfUER7AI158ev98/JC8LI=",
+        "owner": "NuschtOS",
+        "repo": "search",
+        "rev": "2f5478267557a0f7a70d953b6c0867a5b4282739",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NuschtOS",
+        "repo": "search",
+        "type": "github"
      }
    },
    "sops-nix": {
@ -236,6 +360,58 @@
        "type": "github"
      }
    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "systems_3": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
+    "tg-ha-door": {
+      "inputs": {
+        "flocken": "flocken",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "search": "search"
+      },
+      "locked": {
+        "lastModified": 1755008682,
+        "narHash": "sha256-7KRljl+Kh3CeL530LxAzTCs19zPSTd63Ats6x0d7zM8=",
+        "owner": "peprolinbot",
+        "repo": "tg-ha-door",
+        "rev": "8d981e2b4b047d0aca3226b2bf1a7d4eb2c3fa10",
+        "type": "github"
+      },
+      "original": {
+        "owner": "peprolinbot",
+        "repo": "tg-ha-door",
+        "type": "github"
+      }
+    },
    "treefmt-nix": {
      "inputs": {
        "nixpkgs": [
--- a/flake.nix
+++ b/flake.nix
@ -8,6 +8,11 @@
      url = "github:nix-community/home-manager/release-25.05";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+
+    tg-ha-door = {
+      url = "github:peprolinbot/tg-ha-door";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
  };

  outputs = {
--- a/machines/aresix/configuration.nix
+++ b/machines/aresix/configuration.nix
@ -1,10 +1,29 @@
 {...}: {
  imports = [
-
+    ./modules/reverse-proxy.nix
+    ./modules/home-assistant.nix
+    ./modules/dyndns.nix
  ];

  services.logind.lidSwitch = "ignore";
  boot.kernelParams = ["consoleblank=60"]; # Blanks console (screen off) after 60s

+  networking = {
+    interfaces = {
+      enp1s0.ipv4.addresses = [
+        {
+          address = "192.168.1.30";
+          prefixLength = 24;
+        }
+      ];
+    };
+
+    defaultGateway = {
+      address = "192.168.1.1";
+      interface = "enp1s0";
+    };
+    nameservers = ["1.1.1.1" "8.8.8.8"];
+  };
+
  system.stateVersion = "25.05";
 }
--- a/machines/aresix/modules/dyndns.nix
+++ b/machines/aresix/modules/dyndns.nix
@ -0,0 +1,7 @@
+{config, ...}: {
+  services.duckdns = {
+    enable = true;
+    domains = ["campares.duckdns.org"];
+    tokenFile = config.sops.secrets.duckdns-token.path;
+  };
+}
--- a/machines/aresix/modules/home-assistant.nix
+++ b/machines/aresix/modules/home-assistant.nix
@ -0,0 +1,53 @@
+{
+  inputs,
+  config,
+  ...
+}: {
+  imports = [inputs.tg-ha-door.nixosModules.tg-ha-door];
+
+  services.tg-ha-door = {
+    enable = true;
+    credentialsFile = config.sops.secrets.tg-ha-door-creds.path;
+    settings = {
+      TG_KEY_CHAT_ID = "-1001455284010";
+      TG_LOG_CHAT_ID = "-1001359679497";
+      HA_URL = "http://[::1]:8123";
+      HA_DOOR_ENTITY_ID = "cover.puerta_verde";
+      DOOR_OPEN_CLOSE_TIME = 60;
+    };
+  };
+
+  services.esphome.enable = true;
+
+  services.home-assistant = {
+    enable = true;
+    openFirewall = true;
+    extraComponents = [
+      # Components required to complete the onboarding
+      "analytics"
+      "google_translate"
+      "met"
+      "radio_browser"
+      "shopping_list"
+      # Recommended for fast zlib compression
+      # https://www.home-assistant.io/integrations/isal
+      "isal"
+
+      # Additional components
+      "esphome"
+      "mobile_app"
+    ];
+    config = {
+      http = {
+        trusted_proxies = ["::1"];
+        use_x_forwarded_for = true;
+      };
+
+      default_config = {};
+
+      "automation ui" = "!include automations.yaml";
+      "scene ui" = "!include scenes.yaml";
+      "script ui" = "!include scripts.yaml";
+    };
+  };
+}
--- a/machines/aresix/modules/reverse-proxy.nix
+++ b/machines/aresix/modules/reverse-proxy.nix
@ -0,0 +1,26 @@
+{...}: {
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "personal+letsencrypt@peprolinbot.com";
+  };
+
+  networking.firewall.allowedTCPPorts = [80 443];
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      "ha.campares.duckdns.org" = {
+        forceSSL = true;
+        enableACME = true;
+        extraConfig = ''
+          proxy_buffering off;
+        '';
+        locations."/" = {
+          proxyPass = "http://[::1]:8123";
+          proxyWebsockets = true;
+        };
+      };
+    };
+  };
+}
--- a/sops/secrets/tg-ha-door-creds/users/pedro
+++ b/sops/secrets/tg-ha-door-creds/users/pedro
@ -0,0 +1 @@
+../../../users/pedro