refactor: split server modules into smaller more manageable files

2025-09-16 10:14:33 -05:00 · 2025-09-16 10:14:33 -05:00 · cdeb4e108b
commit cdeb4e108b
parent b2e5ae1f98
49 changed files with 1519 additions and 1270 deletions
--- a/modules/nixos-modules/server/home-assistant/default.nix
+++ b/modules/nixos-modules/server/home-assistant/default.nix
@ -0,0 +1,118 @@
+{
+  lib,
+  config,
+  ...
+}: {
+  imports = [
+    ./proxy.nix
+    ./database.nix
+    ./fail2ban.nix
+    ./impermanence.nix
+    ./extensions
+  ];
+
+  options.services.home-assistant = {
+    subdomain = lib.mkOption {
+      type = lib.types.str;
+      description = "subdomain of base domain that home-assistant will be hosted at";
+      default = "home-assistant";
+    };
+
+    database = lib.mkOption {
+      type = lib.types.enum [
+        "builtin"
+        "postgres"
+      ];
+      description = "what database do we want to use";
+      default = "builtin";
+    };
+
+    extensions = {
+      sonos = {
+        enable = lib.mkEnableOption "enable the sonos plugin";
+        port = lib.mkOption {
+          type = lib.types.int;
+          default = 1400;
+          description = "what port to use for sonos discovery";
+        };
+      };
+      jellyfin = {
+        enable = lib.mkEnableOption "enable the jellyfin plugin";
+      };
+      wyoming = {
+        enable = lib.mkEnableOption "enable wyoming";
+      };
+    };
+  };
+
+  config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [
+    {
+      services.home-assistant = {
+        configDir = "/var/lib/hass";
+        extraComponents = [
+          "default_config"
+          "esphome"
+          "met"
+          "radio_browser"
+          "isal"
+          "zha"
+          "webostv"
+          "tailscale"
+          "syncthing"
+          "analytics_insights"
+          "unifi"
+          "openweathermap"
+          "ollama"
+          "mobile_app"
+          "logbook"
+          "ssdp"
+          "usb"
+          "webhook"
+          "bluetooth"
+          "dhcp"
+          "energy"
+          "history"
+          "backup"
+          "assist_pipeline"
+          "conversation"
+          "sun"
+          "zeroconf"
+          "cpuspeed"
+        ];
+        config = {
+          http = {
+            server_port = 8123;
+            use_x_forwarded_for = true;
+            trusted_proxies = ["127.0.0.1" "::1"];
+            ip_ban_enabled = true;
+            login_attempts_threshold = 10;
+          };
+          homeassistant = {
+            external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}";
+            # internal_url = "http://192.168.1.2:8123";
+          };
+          recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}";
+          "automation manual" = [];
+          "automation ui" = "!include automations.yaml";
+          mobile_app = {};
+        };
+        extraPackages = python3Packages:
+          with python3Packages; [
+            hassil
+            numpy
+            gtts
+          ];
+      };
+
+      # TODO: configure /var/lib/hass/secrets.yaml via sops
+
+      networking.firewall.allowedUDPPorts = [
+        1900
+      ];
+
+      systemd.tmpfiles.rules = [
+        "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass"
+      ];
+    }
+  ]);
+}