{ lib, config, ... }: { imports = [ ./proxy.nix ./database.nix ./fail2ban.nix ./impermanence.nix ./extensions ]; options.services.home-assistant = { database = lib.mkOption { type = lib.types.enum [ "builtin" "postgres" ]; description = "what database do we want to use"; default = "builtin"; }; extensions = { sonos = { enable = lib.mkEnableOption "enable the sonos plugin"; port = lib.mkOption { type = lib.types.int; default = 1400; description = "what port to use for sonos discovery"; }; }; jellyfin = { enable = lib.mkEnableOption "enable the jellyfin plugin"; }; wyoming = { enable = lib.mkEnableOption "enable wyoming"; }; }; }; config = lib.mkIf config.services.home-assistant.enable (lib.mkMerge [ { services.home-assistant = { configDir = "/var/lib/hass"; extraComponents = [ "default_config" "esphome" "met" "radio_browser" "isal" "zha" "webostv" "tailscale" "syncthing" "analytics_insights" "unifi" "openweathermap" "ollama" "mobile_app" "logbook" "ssdp" "usb" "webhook" "bluetooth" "dhcp" "energy" "history" "backup" "assist_pipeline" "conversation" "sun" "zeroconf" "cpuspeed" ]; config = { http = { server_port = 8123; use_x_forwarded_for = true; trusted_proxies = ["127.0.0.1" "::1"]; ip_ban_enabled = true; login_attempts_threshold = 10; }; homeassistant = { external_url = "https://${config.services.home-assistant.subdomain}.${config.host.reverse_proxy.hostname}"; # internal_url = "http://192.168.1.2:8123"; }; recorder.db_url = "postgresql://@/${config.services.home-assistant.configDir}"; "automation manual" = []; "automation ui" = "!include automations.yaml"; mobile_app = {}; }; extraPackages = python3Packages: with python3Packages; [ hassil numpy gtts ]; }; # TODO: configure /var/lib/hass/secrets.yaml via sops networking.firewall.allowedUDPPorts = [ 1900 ]; systemd.tmpfiles.rules = [ "f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass" ]; } ]); }