feat: Added home-assistant

2024-11-27 16:47:48 +02:00
parent c7915e9e0f
commit d23ef0f0e4
3 changed files with 65 additions and 1 deletions
--- a/nixos/mirai/configuration.nix
+++ b/nixos/mirai/configuration.nix
@@ -8,6 +8,7 @@
    # Include the results of the hardware scan.
    ./mirai.nix
    ./services.nix
+    ./docker.nix
  ];
  security.sudo.wheelNeedsPassword = false;
  sops = {
--- a/nixos/mirai/docker.nix
+++ b/nixos/mirai/docker.nix
@@ -4,5 +4,30 @@
  pkgs,
  ...
 }: {
-  virtualisation.docker.enable = true;
+  # virtualisation = {
+  #   docker.enable = true;
+  #   podman.enable = true;
+  #   oci-containers = {
+  #     backend = "podman";
+  #     containers.homeassistant = {
+  #       volumes = ["home-assistant:/config"];
+  #       environment.TZ = "Asia/Kolkata";
+  #       image = "ghcr.io/home-assistant/home-assistant:stable"; # Warning: if the tag does not change, the image will not be updated
+  #       extraOptions = [
+  #         "--network=ha-net"
+  #       ];
+  #     };
+  #   };
+  # };
+  # networking.firewall.allowedTCPPorts = [8123];
+  # environment.systemPackages = with pkgs; [
+  #   docker
+  #   podman
+  # ];
+  # services.caddy = {
+  #   enable = true;
+  #   virtualHosts."home.darksailor.dev".extraConfig = ''
+  #     reverse_proxy localhost:8123
+  #   '';
+  # };
 }
--- a/nixos/mirai/services.nix
+++ b/nixos/mirai/services.nix
@@ -15,6 +15,30 @@
    };
  };
  services = {
+    home-assistant = {
+      enable = true;
+      extraComponents = [
+        "esphome"
+        "met"
+        "radio_browser"
+        "wiz"
+        # "auth_header"
+      ];
+      customComponents = [
+        pkgs.home-assistant-custom-components.auth-header
+      ];
+      config = {
+        default_config = {};
+        http = {
+          server_host = "::1";
+          trusted_proxies = ["::1"];
+          use_x_forwarded_for = true;
+        };
+        auth_header = {
+          username_header = "Remote-User";
+        };
+      };
+    };
    authelia = {
      instances.darksailor = {
        enable = true;
@@ -36,6 +60,12 @@
          };
          access_control = {
            default_policy = "one_factor";
+            rules = [
+              {
+                domain = "darksailor.dev";
+                policy = "one_factor";
+              }
+            ];
          };
          storage = {
            local = {
@@ -156,6 +186,14 @@
      virtualHosts."auth.darksailor.dev".extraConfig = ''
        reverse_proxy localhost:5555
      '';
+      virtualHosts."home.darksailor.dev".extraConfig = ''
+        forward_auth localhost:5555 {
+            uri /api/authz/forward-auth
+            copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+        }
+        reverse_proxy localhost:8123
+
+      '';
    };
  };
 }