jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: moved nixos modules to dendrite pattern

Browse source
This commit is contained in:
Leyla Becker 2026-04-07 15:39:45 -05:00
parent df8dd110ad
commit 0ea11e0236
219 changed files with 4802 additions and 4820 deletions
Download patch file Download diff file Expand all files Collapse all files

55
modules/nixos/programs/home-assistant/database.nix Normal file
View file

@ -0,0 +1,55 @@
{...}: {
flake.nixosModules.home-assistant-database = {
lib,
config,
...
}: {
options.services.home-assistant = {
postgres = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Use PostgreSQL instead of SQLite";
};
user = lib.mkOption {
type = lib.types.str;
default = "hass";
description = "Database user name";
};
database = lib.mkOption {
type = lib.types.str;
default = "hass";
description = "Database name";
};
};
};
config = lib.mkIf config.services.home-assistant.enable {
assertions = [
{
assertion = !config.services.home-assistant.postgres.enable || config.services.postgresql.enable;
message = "PostgreSQL must be enabled when using postgres database for Home Assistant";
}
];
services.postgresql.databases.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable {
enable = true;
user = config.services.home-assistant.postgres.user;
database = config.services.home-assistant.postgres.database;
};
services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable {
extraPackages = python3Packages:
with python3Packages; [
psycopg2
];
};
systemd.services.home-assistant = lib.mkIf config.services.home-assistant.postgres.enable {
requires = [
config.systemd.services.postgresql.name
];
};
};
};
}

14
modules/nixos/programs/home-assistant/default.nix Normal file
View file

@ -0,0 +1,14 @@
{config, ...}: let
mod = config.flake.nixosModules;
in {
flake.nixosModules.home-assistant = {
imports = [
mod.home-assistant-service
mod.home-assistant-proxy
mod.home-assistant-database
mod.home-assistant-fail2ban
mod.home-assistant-storage
mod.home-assistant-extensions
];
};
}

11
modules/nixos/programs/home-assistant/extensions/default.nix Normal file
View file

@ -0,0 +1,11 @@
{config, ...}: let
mod = config.flake.nixosModules;
in {
flake.nixosModules.home-assistant-extensions = {
imports = [
mod.home-assistant-sonos
mod.home-assistant-jellyfin
mod.home-assistant-wyoming
];
};
}

11
modules/nixos/programs/home-assistant/extensions/jellyfin.nix Normal file
View file

@ -0,0 +1,11 @@
{...}: {
flake.nixosModules.home-assistant-jellyfin = {
lib,
config,
...
}:
lib.mkIf (config.services.home-assistant.extensions.jellyfin.enable) {
services.home-assistant.extraComponents = ["jellyfin"];
# TODO: configure port, address, and login information here
};
}

13
modules/nixos/programs/home-assistant/extensions/sonos.nix Normal file
View file

@ -0,0 +1,13 @@
{...}: {
flake.nixosModules.home-assistant-sonos = {
lib,
config,
...
}:
lib.mkIf (config.services.home-assistant.extensions.sonos.enable) {
services.home-assistant.extraComponents = ["sonos"];
networking.firewall.allowedTCPPorts = [
config.services.home-assistant.extensions.sonos.port
];
};
}

11
modules/nixos/programs/home-assistant/extensions/wyoming.nix Normal file
View file

@ -0,0 +1,11 @@
{...}: {
flake.nixosModules.home-assistant-wyoming = {
lib,
config,
...
}:
lib.mkIf (config.services.home-assistant.extensions.wyoming.enable) {
services.home-assistant.extraComponents = ["wyoming"];
services.wyoming.enable = true;
};
}

51
modules/nixos/programs/home-assistant/fail2ban.nix Normal file
View file

@ -0,0 +1,51 @@
{...}: {
flake.nixosModules.home-assistant-fail2ban = {
lib,
pkgs,
config,
...
}: {
options.services.home-assistant = {
fail2ban = {
enable = lib.mkOption {
type = lib.types.bool;
default = config.services.fail2ban.enable && config.services.home-assistant.enable;
};
};
};
config = lib.mkIf config.services.home-assistant.fail2ban.enable {
environment.etc = {
"fail2ban/filter.d/hass.local".text = (
pkgs.lib.mkDefault (pkgs.lib.mkAfter ''
[INCLUDES]
before = common.conf
[Definition]
failregex = ^%(__prefix_line)s.*Login attempt or request with invalid authentication from <HOST>.*$
ignoreregex =
[Init]
datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S
'')
);
};
services.fail2ban = {
jails = {
home-assistant-iptables.settings = {
enabled = true;
filter = "hass";
action = ''iptables-multiport[name=HTTP, port="http,https"]'';
logpath = "${config.services.home-assistant.configDir}/*.log";
backend = "auto";
findtime = 600;
bantime = 600;
maxretry = 5;
};
};
};
};
};
}

106
modules/nixos/programs/home-assistant/home-assistant.nix Normal file
View file

@ -0,0 +1,106 @@
{...}: {
flake.nixosModules.home-assistant-service = {
lib,
config,
...
}: {
options.services.home-assistant = {
database = lib.mkOption {
type = lib.types.enum [
"builtin"
"postgres"
];
description = "what database do we want to use";
default = "builtin";
};
extensions = {
sonos = {
enable = lib.mkEnableOption "enable the sonos plugin";
port = lib.mkOption {
type = lib.types.int;
default = 1400;
description = "what port to use for sonos discovery";
};
};
jellyfin = {
enable = lib.mkEnableOption "enable the jellyfin plugin";
};
wyoming = {
enable = lib.mkEnableOption "enable wyoming";
};
};
};
config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [
{
services.home-assistant = {
configDir = "/var/lib/hass";
extraComponents = [
"default_config"
"esphome"
"met"
"radio_browser"
"isal"
"zha"
"webostv"
"tailscale"
"syncthing"
"analytics_insights"
"unifi"
"openweathermap"
"ollama"
"mobile_app"
"logbook"
"ssdp"
"usb"
"webhook"
"bluetooth"
"dhcp"
"energy"
"history"
"backup"
"assist_pipeline"
"conversation"
"sun"
"zeroconf"
"cpuspeed"
];
config = {
http = {
server_port = 8123;
use_x_forwarded_for = true;
trusted_proxies = ["127.0.0.1" "::1"];
ip_ban_enabled = true;
login_attempts_threshold = 10;
};
homeassistant = {
external_url = "https://${config.services.home-assistant.domain}";
# internal_url = "http://192.168.1.2:8123";
};
recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}";
"automation manual" = [];
"automation ui" = "!include automations.yaml";
mobile_app = {};
};
extraPackages = python3Packages:
with python3Packages; [
hassil
numpy
gtts
];
};
# TODO: configure /var/lib/hass/secrets.yaml via sops
networking.firewall.allowedUDPPorts = [
1900
];
systemd.tmpfiles.rules = [
"f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass"
];
}
]);
};
}

45
modules/nixos/programs/home-assistant/proxy.nix Normal file
View file

@ -0,0 +1,45 @@
{...}: {
flake.nixosModules.home-assistant-proxy = {
lib,
config,
...
}: {
options.services.home-assistant = {
domain = lib.mkOption {
type = lib.types.str;
description = "domain that home-assistant will be hosted at";
default = "home-assistant.arpa";
};
extraDomains = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "extra domains that should be configured for home-assistant";
default = [];
};
reverseProxy = {
enable = lib.mkOption {
type = lib.types.bool;
default = config.services.reverseProxy.enable && config.services.home-assistant.enable;
};
};
};
config = lib.mkIf config.services.home-assistant.reverseProxy.enable {
services.reverseProxy.services.home-assistant = {
target = "http://localhost:${toString config.services.home-assistant.config.http.server_port}";
domain = config.services.home-assistant.domain;
extraDomains = config.services.home-assistant.extraDomains;
settings = {
proxyWebsockets.enable = true;
forwardHeaders.enable = true;
# Custom timeout settings
proxyHeaders = {
enable = true;
timeout = 90;
};
};
};
};
};
}

23
modules/nixos/programs/home-assistant/storage.nix Normal file
View file

@ -0,0 +1,23 @@
{...}: {
flake.nixosModules.home-assistant-storage = {
lib,
config,
...
}: let
configDir = "/var/lib/hass";
in {
options.services.home-assistant.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.home-assistant.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.home-assistant.enable {
storage.datasets.replicate."system/root" = {
directories."${configDir}" = lib.mkIf config.services.home-assistant.impermanence.enable {
owner.name = "hass";
group.name = "hass";
};
};
};
};
}