diff --git a/flake.lock b/flake.lock index 952cc17..685ce09 100644 --- a/flake.lock +++ b/flake.lock @@ -94,6 +94,66 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flocken": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "tg-ha-door", + "nixpkgs" + ], + "systems": "systems_2" + }, + "locked": { + "lastModified": 1737581094, + "narHash": "sha256-MSjyNy4zENfngnSdXQ6ef/wwACB0jfDyhy0qkI67F9A=", + "owner": "mirkolenz", + "repo": "flocken", + "rev": "97921a2650cb3de20c2a5ee591b00a6d5099fc40", + "type": "github" + }, + "original": { + "owner": "mirkolenz", + "ref": "v2", + "repo": "flocken", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -115,6 +175,34 @@ "type": "github" } }, + "ixx": { + "inputs": { + "flake-utils": [ + "tg-ha-door", + "search", + "flake-utils" + ], + "nixpkgs": [ + "tg-ha-door", + "search", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.1.1", + "repo": "ixx", + "type": "github" + } + }, "nix-darwin": { "inputs": { "nixpkgs": [ @@ -177,6 +265,18 @@ "url": "https://nixos.org/channels/nixpkgs-unstable/nixexprs.tar.xz" } }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1735774519, + "narHash": "sha256-CewEm1o2eVAnoqb6Ml+Qi9Gg/EfNAxbRx1lANGVyoLI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/e9b51731911566bbf7e4895475a87fe06961de0b.tar.gz" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1754689972, @@ -197,7 +297,31 @@ "inputs": { "clan-core": "clan-core", "home-manager": "home-manager", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_2", + "tg-ha-door": "tg-ha-door" + } + }, + "search": { + "inputs": { + "flake-utils": "flake-utils", + "ixx": "ixx", + "nixpkgs": [ + "tg-ha-door", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754869408, + "narHash": "sha256-G1zNuxiCDfqNQVoL9j5v+ZYfUER7AI158ev98/JC8LI=", + "owner": "NuschtOS", + "repo": "search", + "rev": "2f5478267557a0f7a70d953b6c0867a5b4282739", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" } }, "sops-nix": { @@ -236,6 +360,58 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "tg-ha-door": { + "inputs": { + "flocken": "flocken", + "nixpkgs": [ + "nixpkgs" + ], + "search": "search" + }, + "locked": { + "lastModified": 1755008682, + "narHash": "sha256-7KRljl+Kh3CeL530LxAzTCs19zPSTd63Ats6x0d7zM8=", + "owner": "peprolinbot", + "repo": "tg-ha-door", + "rev": "8d981e2b4b047d0aca3226b2bf1a7d4eb2c3fa10", + "type": "github" + }, + "original": { + "owner": "peprolinbot", + "repo": "tg-ha-door", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 7f7bf92..6c76918 100644 --- a/flake.nix +++ b/flake.nix @@ -8,6 +8,11 @@ url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + + tg-ha-door = { + url = "github:peprolinbot/tg-ha-door"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { diff --git a/machines/aresix/configuration.nix b/machines/aresix/configuration.nix index 769905e..f4e208d 100644 --- a/machines/aresix/configuration.nix +++ b/machines/aresix/configuration.nix @@ -1,10 +1,29 @@ {...}: { imports = [ - + ./modules/reverse-proxy.nix + ./modules/home-assistant.nix + ./modules/dyndns.nix ]; services.logind.lidSwitch = "ignore"; boot.kernelParams = ["consoleblank=60"]; # Blanks console (screen off) after 60s + networking = { + interfaces = { + enp1s0.ipv4.addresses = [ + { + address = "192.168.1.30"; + prefixLength = 24; + } + ]; + }; + + defaultGateway = { + address = "192.168.1.1"; + interface = "enp1s0"; + }; + nameservers = ["1.1.1.1" "8.8.8.8"]; + }; + system.stateVersion = "25.05"; } diff --git a/machines/aresix/modules/dyndns.nix b/machines/aresix/modules/dyndns.nix new file mode 100644 index 0000000..b5bfae9 --- /dev/null +++ b/machines/aresix/modules/dyndns.nix @@ -0,0 +1,7 @@ +{config, ...}: { + services.duckdns = { + enable = true; + domains = ["campares.duckdns.org"]; + tokenFile = config.sops.secrets.duckdns-token.path; + }; +} diff --git a/machines/aresix/modules/home-assistant.nix b/machines/aresix/modules/home-assistant.nix new file mode 100644 index 0000000..ae80d86 --- /dev/null +++ b/machines/aresix/modules/home-assistant.nix @@ -0,0 +1,53 @@ +{ + inputs, + config, + ... +}: { + imports = [inputs.tg-ha-door.nixosModules.tg-ha-door]; + + services.tg-ha-door = { + enable = true; + credentialsFile = config.sops.secrets.tg-ha-door-creds.path; + settings = { + TG_KEY_CHAT_ID = "-1001455284010"; + TG_LOG_CHAT_ID = "-1001359679497"; + HA_URL = "http://[::1]:8123"; + HA_DOOR_ENTITY_ID = "cover.puerta_verde"; + DOOR_OPEN_CLOSE_TIME = 60; + }; + }; + + services.esphome.enable = true; + + services.home-assistant = { + enable = true; + openFirewall = true; + extraComponents = [ + # Components required to complete the onboarding + "analytics" + "google_translate" + "met" + "radio_browser" + "shopping_list" + # Recommended for fast zlib compression + # https://www.home-assistant.io/integrations/isal + "isal" + + # Additional components + "esphome" + "mobile_app" + ]; + config = { + http = { + trusted_proxies = ["::1"]; + use_x_forwarded_for = true; + }; + + default_config = {}; + + "automation ui" = "!include automations.yaml"; + "scene ui" = "!include scenes.yaml"; + "script ui" = "!include scripts.yaml"; + }; + }; +} diff --git a/machines/aresix/modules/reverse-proxy.nix b/machines/aresix/modules/reverse-proxy.nix new file mode 100644 index 0000000..6a3379e --- /dev/null +++ b/machines/aresix/modules/reverse-proxy.nix @@ -0,0 +1,26 @@ +{...}: { + security.acme = { + acceptTerms = true; + defaults.email = "personal+letsencrypt@peprolinbot.com"; + }; + + networking.firewall.allowedTCPPorts = [80 443]; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts = { + "ha.campares.duckdns.org" = { + forceSSL = true; + enableACME = true; + extraConfig = '' + proxy_buffering off; + ''; + locations."/" = { + proxyPass = "http://[::1]:8123"; + proxyWebsockets = true; + }; + }; + }; + }; +} diff --git a/sops/secrets/tg-ha-door-creds/users/pedro b/sops/secrets/tg-ha-door-creds/users/pedro new file mode 120000 index 0000000..c7b3668 --- /dev/null +++ b/sops/secrets/tg-ha-door-creds/users/pedro @@ -0,0 +1 @@ +../../../users/pedro \ No newline at end of file