From f49c5f4fd257bb4405a75c6c56a9b08403c68b1a Mon Sep 17 00:00:00 2001 From: Vinzenz Schroeter Date: Wed, 10 Sep 2025 22:41:31 +0200 Subject: [PATCH] wip hass --- hosts/vinzenz-pc2/configuration.nix | 1 + hosts/vinzenz-pc2/hass.nix | 62 +++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) create mode 100644 hosts/vinzenz-pc2/hass.nix diff --git a/hosts/vinzenz-pc2/configuration.nix b/hosts/vinzenz-pc2/configuration.nix index 812f6f0..fcd9256 100644 --- a/hosts/vinzenz-pc2/configuration.nix +++ b/hosts/vinzenz-pc2/configuration.nix @@ -3,6 +3,7 @@ imports = [ ./hardware.nix ./vscode-server.nix + ./hass.nix ]; config = { nix.settings.extra-platforms = [ diff --git a/hosts/vinzenz-pc2/hass.nix b/hosts/vinzenz-pc2/hass.nix new file mode 100644 index 0000000..187cc30 --- /dev/null +++ b/hosts/vinzenz-pc2/hass.nix @@ -0,0 +1,62 @@ +{ pkgs, ... }: +let + hass-image = "ghcr.io/home-assistant/home-assistant:stable"; + hass-service = "podman-homeassistant"; +in +{ + virtualisation.oci-containers = { + backend = "podman"; + containers.homeassistant = { + image = hass-image; + hostname = "hass.lan"; + serviceName = hass-service; + volumes = [ "home-assistant:/config" ]; + environment.TZ = "Europe/Berlin"; + extraOptions = [ "--network=host" ]; + }; + }; + + systemd = { + timers.update-hass = { + timerConfig = { + Unit = "update-hass.service"; + OnCalendar = "Sun 02:00"; + }; + wantedBy = [ "timers.target" ]; + }; + + services.update-hass = { + serviceConfig = { + Type = "oneshot"; + ExecStart = pkgs.writeShellScriptBin "update-hass" '' + podman pull ${hass-image}; + systemctl restart ${hass-service}; + ''; + }; + }; + }; + + services = { + mosquitto = { + enable = true; + }; + + nginx = { + enable = true; + + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + + # TODO: add ssl + # TODO: add pam auth + + virtualHosts."hass.lan" = { + locations."/" = { + proxyPass = "localhost:8123"; + }; + }; + }; + }; +}