summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--machines/corsac/default.nix3
-rw-r--r--services/home-assistant.nix57
2 files changed, 59 insertions, 1 deletions
diff --git a/machines/corsac/default.nix b/machines/corsac/default.nix
index fde09f6..d030b31 100644
--- a/machines/corsac/default.nix
+++ b/machines/corsac/default.nix
@@ -13,13 +13,14 @@
     ../../modules/nfs.nix
     ../../modules/jellyfin.nix
 
+    ../../services/home-assistant.nix
     ../../services/immich.nix
     ../../services/transmission.nix
   ];
 
   foundation.monitoring = {
     client.enable = true;
-    services = [ "base" "dns" "jellyfin" "immich" ];
+    services = [ "base" "dns" "home" "jellyfin" "immich" ];
   };
 
   system.stateVersion = "24.05";
diff --git a/services/home-assistant.nix b/services/home-assistant.nix
new file mode 100644
index 0000000..cf594b0
--- /dev/null
+++ b/services/home-assistant.nix
@@ -0,0 +1,57 @@
+{ me, auxiliaryPkgs, ... }:
+
+let
+  inherit (auxiliaryPkgs) common;
+
+  homeVersion = "2025.3.3";
+  homeDir = "/srv/home";
+  homeLocalPort = 8123;
+
+  homeImage = common.pullImage {
+    name = "homeassistant/home-assistant";
+    tag = homeVersion;
+    digest = "sha256:b67d76f5d0bacf55cf6c914be379a0436a1da1f8acb94ee08e3b108d46cf8c58";
+    x86.sha256 = "06ijcvdzax473fsy90657jmr2vjzh5pwdssk2vzgva8d6g3d396l";
+  };
+
+in
+{
+  foundation.service.home-assistant = {
+    default = {
+      fullImage = homeImage;
+      # give home-assistant control over the device network
+      # stack to auto-discover devices on the network.
+      customNetwork = "host";
+      volumes = [
+        [
+          "/etc/localtime"
+          "/etc/localtime:ro"
+        ]
+        [
+          "${homeDir}/config"
+          "/config"
+        ]
+      ];
+      ports = [ 8123 ];
+    };
+
+    # additional services can be added here to enable
+    # more home-manager device integrations.
+  };
+
+  services.nginx.virtualHosts = {
+    "home.rnrd.fyi" = {
+      useACMEHost = "rnrd.fyi";
+      forceSSL = true;
+      listenAddresses = [ me.tailscale.ip ];
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:${toString homeLocalPort}";
+        proxyWebsockets = true;
+      };
+      extraConfig = ''
+        proxy_buffering off;
+        access_log /var/log/nginx/home.access.log json_combined;
+      '';
+    };
+  };
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-25 13:57:31 +0000