colonelpanic/dotfiles
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[NixOS] Enable external access to home assistant

Browse Source
This commit is contained in:
Ivan Malison
2025-02-06 02:29:57 -07:00
parent 166c3a24ea
commit eb6f67559e
1 changed files with 68 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
nixos/machines/justin-bieber-creek.nix
View File

@@ -5,6 +5,10 @@
../configuration.nix ../configuration.nix
]; ];
services.synergy.server = {
enable = true;
};
myModules.fonts.enable = true; myModules.fonts.enable = true;
myModules.base.enable = true; myModules.base.enable = true;
myModules.desktop.enable = true; myModules.desktop.enable = true;
@@ -12,6 +16,11 @@
networking.enableIPv6 = true; networking.enableIPv6 = true;
services.synergy.client = {
enable = true;
serverAddress = "strixi-minaj.local:24800";
};
boot.kernel.sysctl = { boot.kernel.sysctl = {
# For all interfaces (e.g. if you want to accept RA on all): # For all interfaces (e.g. if you want to accept RA on all):
"net.ipv6.conf.all.accept_ra" = lib.mkForce "1"; "net.ipv6.conf.all.accept_ra" = lib.mkForce "1";
@@ -50,7 +59,18 @@
services.matter-server = { services.matter-server = {
enable = true; enable = true;
logLevel = "debug"; logLevel = "debug";
extraArgs = ["--bluetooth-adapter=0"]; extraArgs = let cert-dir = pkgs.fetchFromGitHub {
repo = "connectedhomeip";
owner = "project-chip";
rev = "6e8676be6142bb541fa68048c77f2fc56a21c7b1";
hash = "sha256-QwPKn2R4mflTKMyr1k4xF04t0PJIlzNCOdXEiQwX5wk=";
}; in
["--bluetooth-adapter=0" "--paa-root-cert-dir=${cert-dir}/credentials/production/paa-root-certs" "--enable-test-net-dcl"];
};
age.secrets.google-service-account = {
file = ../secrets/google-assistant-integration-service-key.age;
owner = "hass";
}; };
services.home-assistant = { services.home-assistant = {
@@ -85,10 +105,57 @@
universal-silabs-flasher universal-silabs-flasher
]; ];
config = { config = {
http = {
use_x_forwarded_for = true;
trusted_proxies = ["0.0.0.0" "127.0.0.1" "::1" "192.168.50.1"];
};
google_assistant = {
project_id = "canyon-run-b104-home-assistant";
service_account = "!include ${config.age.secrets.google-service-account.path}";
report_state = true;
exposed_domains = ["switch" "light"];
};
default_config = {}; default_config = {};
}; };
}; };
security.acme = {
acceptTerms = true;
defaults.email = "IvanMalison@gmail.com";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"homeassistant.canyonrunb104.duckdns.org" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://localhost:8123";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
"ha.canyonrunb104.duckdns.org" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://localhost:8123";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
};
};
boot.loader.systemd-boot.configurationLimit = 3; boot.loader.systemd-boot.configurationLimit = 3;
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;