From d23ef0f0e4703cf17c1719632ecd0679f6821aab Mon Sep 17 00:00:00 2001
From: uttarayan21 <email@uttarayan.me>
Date: Wed, 27 Nov 2024 16:47:48 +0200
Subject: [PATCH] feat: Added home-assistant

---
 nixos/mirai/configuration.nix |  1 +
 nixos/mirai/docker.nix        | 27 ++++++++++++++++++++++++-
 nixos/mirai/services.nix      | 38 +++++++++++++++++++++++++++++++++++
 3 files changed, 65 insertions(+), 1 deletion(-)

diff --git a/nixos/mirai/configuration.nix b/nixos/mirai/configuration.nix
index 327379b2..823b807b 100644
--- a/nixos/mirai/configuration.nix
+++ b/nixos/mirai/configuration.nix
@@ -8,6 +8,7 @@
     # Include the results of the hardware scan.
     ./mirai.nix
     ./services.nix
+    ./docker.nix
   ];
   security.sudo.wheelNeedsPassword = false;
   sops = {
diff --git a/nixos/mirai/docker.nix b/nixos/mirai/docker.nix
index 02df9029..1b620ecd 100644
--- a/nixos/mirai/docker.nix
+++ b/nixos/mirai/docker.nix
@@ -4,5 +4,30 @@
   pkgs,
   ...
 }: {
-  virtualisation.docker.enable = true;
+  # virtualisation = {
+  #   docker.enable = true;
+  #   podman.enable = true;
+  #   oci-containers = {
+  #     backend = "podman";
+  #     containers.homeassistant = {
+  #       volumes = ["home-assistant:/config"];
+  #       environment.TZ = "Asia/Kolkata";
+  #       image = "ghcr.io/home-assistant/home-assistant:stable"; # Warning: if the tag does not change, the image will not be updated
+  #       extraOptions = [
+  #         "--network=ha-net"
+  #       ];
+  #     };
+  #   };
+  # };
+  # networking.firewall.allowedTCPPorts = [8123];
+  # environment.systemPackages = with pkgs; [
+  #   docker
+  #   podman
+  # ];
+  # services.caddy = {
+  #   enable = true;
+  #   virtualHosts."home.darksailor.dev".extraConfig = ''
+  #     reverse_proxy localhost:8123
+  #   '';
+  # };
 }
diff --git a/nixos/mirai/services.nix b/nixos/mirai/services.nix
index c9c22fbd..1066a3ea 100644
--- a/nixos/mirai/services.nix
+++ b/nixos/mirai/services.nix
@@ -15,6 +15,30 @@
     };
   };
   services = {
+    home-assistant = {
+      enable = true;
+      extraComponents = [
+        "esphome"
+        "met"
+        "radio_browser"
+        "wiz"
+        # "auth_header"
+      ];
+      customComponents = [
+        pkgs.home-assistant-custom-components.auth-header
+      ];
+      config = {
+        default_config = {};
+        http = {
+          server_host = "::1";
+          trusted_proxies = ["::1"];
+          use_x_forwarded_for = true;
+        };
+        auth_header = {
+          username_header = "Remote-User";
+        };
+      };
+    };
     authelia = {
       instances.darksailor = {
         enable = true;
@@ -36,6 +60,12 @@
           };
           access_control = {
             default_policy = "one_factor";
+            rules = [
+              {
+                domain = "darksailor.dev";
+                policy = "one_factor";
+              }
+            ];
           };
           storage = {
             local = {
@@ -156,6 +186,14 @@
       virtualHosts."auth.darksailor.dev".extraConfig = ''
         reverse_proxy localhost:5555
       '';
+      virtualHosts."home.darksailor.dev".extraConfig = ''
+        forward_auth localhost:5555 {
+            uri /api/authz/forward-auth
+            copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+        }
+        reverse_proxy localhost:8123
+
+      '';
     };
   };
 }