Configure aresix

machines/aresix/configuration.nix

@@ -1,10 +1,29 @@
 {...}: {
   imports = [
-
+    ./modules/reverse-proxy.nix
+    ./modules/home-assistant.nix
+    ./modules/dyndns.nix
   ];
 
   services.logind.lidSwitch = "ignore";
   boot.kernelParams = ["consoleblank=60"]; # Blanks console (screen off) after 60s
 
+  networking = {
+    interfaces = {
+      enp1s0.ipv4.addresses = [
+        {
+          address = "192.168.1.30";
+          prefixLength = 24;
+        }
+      ];
+    };
+
+    defaultGateway = {
+      address = "192.168.1.1";
+      interface = "enp1s0";
+    };
+    nameservers = ["1.1.1.1" "8.8.8.8"];
+  };
+
   system.stateVersion = "25.05";
 }

machines/aresix/modules/dyndns.nix

@@ -0,0 +1,7 @@
+{config, ...}: {
+  services.duckdns = {
+    enable = true;
+    domains = ["campares.duckdns.org"];
+    tokenFile = config.sops.secrets.duckdns-token.path;
+  };
+}

machines/aresix/modules/home-assistant.nix

@@ -0,0 +1,53 @@
+{
+  inputs,
+  config,
+  ...
+}: {
+  imports = [inputs.tg-ha-door.nixosModules.tg-ha-door];
+
+  services.tg-ha-door = {
+    enable = true;
+    credentialsFile = config.sops.secrets.tg-ha-door-creds.path;
+    settings = {
+      TG_KEY_CHAT_ID = "-1001455284010";
+      TG_LOG_CHAT_ID = "-1001359679497";
+      HA_URL = "http://[::1]:8123";
+      HA_DOOR_ENTITY_ID = "cover.puerta_verde";
+      DOOR_OPEN_CLOSE_TIME = 60;
+    };
+  };
+
+  services.esphome.enable = true;
+
+  services.home-assistant = {
+    enable = true;
+    openFirewall = true;
+    extraComponents = [
+      # Components required to complete the onboarding
+      "analytics"
+      "google_translate"
+      "met"
+      "radio_browser"
+      "shopping_list"
+      # Recommended for fast zlib compression
+      # https://www.home-assistant.io/integrations/isal
+      "isal"
+
+      # Additional components
+      "esphome"
+      "mobile_app"
+    ];
+    config = {
+      http = {
+        trusted_proxies = ["::1"];
+        use_x_forwarded_for = true;
+      };
+
+      default_config = {};
+
+      "automation ui" = "!include automations.yaml";
+      "scene ui" = "!include scenes.yaml";
+      "script ui" = "!include scripts.yaml";
+    };
+  };
+}

machines/aresix/modules/reverse-proxy.nix

@@ -0,0 +1,26 @@
+{...}: {
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "personal+letsencrypt@peprolinbot.com";
+  };
+
+  networking.firewall.allowedTCPPorts = [80 443];
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      "ha.campares.duckdns.org" = {
+        forceSSL = true;
+        enableACME = true;
+        extraConfig = ''
+          proxy_buffering off;
+        '';
+        locations."/" = {
+          proxyPass = "http://[::1]:8123";
+          proxyWebsockets = true;
+        };
+      };
+    };
+  };
+}