summary refs log tree commit diff
path: root/services/home-assistant.nix
blob: d240d85d2392c4464b320c30b99c585d2b3793b0 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87

{ me, auxiliaryPkgs, ... }:

let
  inherit (auxiliaryPkgs) common;

  homeVersion = "2025.3.3";
  homeDir = "/srv/home";
  homePort = 8123;
  matterPort = 8124;

  homeImage = common.pullImage {
    name = "homeassistant/home-assistant";
    tag = homeVersion;
    digest = "sha256:b67d76f5d0bacf55cf6c914be379a0436a1da1f8acb94ee08e3b108d46cf8c58";
    x86.sha256 = "06ijcvdzax473fsy90657jmr2vjzh5pwdssk2vzgva8d6g3d396l";
  };

  matterImage = common.pullImage {
    registry = "github";
    name = "matter-js/python-matter-server";
    tag = "stable";
    digest = "sha256:44d47c9ec91bf06fcb72a8df2dd2f36e90934c7b0d1d85f1ecb46fc695164746";
    x86.sha256 = "sha256-976g4aYR+XqPAb5C8QU7VewvbuPP48JUR15vayHvZSw=";
  };
in
{
  foundation.service.home-assistant = {
    default = {
      fullImage = homeImage;
      # give home-assistant control over the device network
      # stack to auto-discover devices on the network.
      customNetworkOption = "host";
      # allow home-assistant to access zigbee/matter+thread
      # dongle.
      devices = [
        "/dev/serial/by-id/usb-SMLIGHT_SMLIGHT_SLZB-07_6e29216e5272ef119d2f43848fcc3fa0-if00-port0"
      ];
      volumes = [
        [
          "/etc/localtime"
          "/etc/localtime:ro"
        ]
        [
          "${homeDir}/config"
          "/config"
        ]
      ];
      ports = [ homePort ];
    };

    # additional services can be added here to enable
    # more home-manager device integrations.

    matter = {
      fullImage = matterImage;
      customNetworkOption = "host";
      volumes = [
        [
          "${homeDir}/matter"
          "/data"
        ]
      ];
      ports = [ matterPort ];
      cmd = [
        "--port" (toString matterPort)
        "--storage-path" "/data"
        "--paa-root-cert-dir" "/data/credentials"
      ];
    };
  };

  services.nginx.virtualHosts = {
    "home.rnrd.fyi" = {
      useACMEHost = "rnrd.fyi";
      forceSSL = true;
      listenAddresses = [ me.tailscale.ip ];
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString homePort}";
        proxyWebsockets = true;
      };
      extraConfig = ''
        proxy_buffering off;
        access_log /var/log/nginx/home.access.log json_combined;
      '';
    };
  };
}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-25 13:06:10 +0000