wip hass

hosts/vinzenz-pc2/configuration.nix

@@ -3,6 +3,7 @@
   imports = [
     ./hardware.nix
     ./vscode-server.nix
+    ./hass.nix
   ];
   config = {
     nix.settings.extra-platforms = [

hosts/vinzenz-pc2/hass.nix

@@ -0,0 +1,62 @@
+{ pkgs, ... }:
+let
+  hass-image = "ghcr.io/home-assistant/home-assistant:stable";
+  hass-service = "podman-homeassistant";
+in
+{
+  virtualisation.oci-containers = {
+    backend = "podman";
+    containers.homeassistant = {
+      image = hass-image;
+      hostname = "hass.lan";
+      serviceName = hass-service;
+      volumes = [ "home-assistant:/config" ];
+      environment.TZ = "Europe/Berlin";
+      extraOptions = [ "--network=host" ];
+    };
+  };
+
+  systemd = {
+    timers.update-hass = {
+      timerConfig = {
+        Unit = "update-hass.service";
+        OnCalendar = "Sun 02:00";
+      };
+      wantedBy = [ "timers.target" ];
+    };
+
+    services.update-hass = {
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = pkgs.writeShellScriptBin "update-hass" ''
+          podman pull ${hass-image};
+          systemctl restart ${hass-service};
+        '';
+      };
+    };
+  };
+
+  services = {
+    mosquitto = {
+      enable = true;
+    };
+
+    nginx = {
+      enable = true;
+
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+
+      # TODO: add ssl
+      # TODO: add pam auth
+
+      virtualHosts."hass.lan" = {
+        locations."/" = {
+          proxyPass = "localhost:8123";
+        };
+      };
+    };
+  };
+}