From 517b25a10908b569bf1d4725b27fdb8aa5a9b7f8 Mon Sep 17 00:00:00 2001
From: xinyangli <lixinyang411@gmail.com>
Date: Sun, 20 Oct 2024 15:12:06 +0800
Subject: [PATCH 1/2] flake.lock: Update
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/64c6325b28ebd708653dd41d88f306023f296184' (2024-10-13)
  → 'github:nix-community/home-manager/122f70545b29ccb922e655b08acfe05bfb44ec68' (2024-10-19)
• Updated input 'nix-index-database':
    'github:Mic92/nix-index-database/5c54c33aa04df5dd4b0984b7eb861d1981009b22' (2024-10-13)
  → 'github:Mic92/nix-index-database/04f8a11f247ba00263b060fbcdc95484fd046104' (2024-10-20)
• Updated input 'nix-vscode-extensions':
    'github:nix-community/nix-vscode-extensions/018196c371073d669510fd69dd2f6dc0ec608c41' (2024-10-06)
  → 'github:nix-community/nix-vscode-extensions/f4dd6d6b728a61095b944de1fbc58c5bbdc87320' (2024-10-20)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/a8dd1b21995964b115b1e3ec639dd6ce24ab9806' (2024-10-12)
  → 'github:NixOS/nixos-hardware/38279034170b1e2929b2be33bdaedbf14a57bfeb' (2024-10-19)
• Updated input 'nixpkgs-stable':
    'github:nixos/nixpkgs/a3f9ad65a0bf298ed5847629a57808b97e6e8077' (2024-10-12)
  → 'github:nixos/nixpkgs/4eb33fe664af7b41a4c446f87d20c9a0a6321fa3' (2024-10-17)
• Updated input 'nur':
    'github:nix-community/NUR/23d88faa35dc9de0e35fc3dc2a863c4cf451a8f8' (2024-10-14)
  → 'github:nix-community/NUR/a05b041fff7a2e4872d361dc03025d0f4cadb2f6' (2024-10-20)
• Updated input 'sops-nix':
    'github:Mic92/sops-nix/06535d0e3d0201e6a8080dd32dbfde339b94f01b' (2024-10-08)
  → 'github:Mic92/sops-nix/c504fd7ac946d7a1b17944d73b261ca0a0b226a5' (2024-10-20)
• Updated input 'sops-nix/nixpkgs-stable':
    'github:NixOS/nixpkgs/17ae88b569bb15590549ff478bab6494dde4a907' (2024-10-05)
  → 'github:NixOS/nixpkgs/bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22' (2024-10-19)
---
 flake.lock | 48 ++++++++++++++++++++++++------------------------
 1 file changed, 24 insertions(+), 24 deletions(-)

diff --git a/flake.lock b/flake.lock
index 632d531..222391d 100644
--- a/flake.lock
+++ b/flake.lock
@@ -433,11 +433,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728791962,
-        "narHash": "sha256-nr5QiXwQcZmf6/auC1UpX8iAtINMtdi2mH+OkqJQVmU=",
+        "lastModified": 1729321331,
+        "narHash": "sha256-KVyQq+ez/oB30/WbdNgVD8g/bda34z8NiU187QKQb74=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "64c6325b28ebd708653dd41d88f306023f296184",
+        "rev": "122f70545b29ccb922e655b08acfe05bfb44ec68",
         "type": "github"
       },
       "original": {
@@ -540,11 +540,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728790083,
-        "narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=",
+        "lastModified": 1729394935,
+        "narHash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=",
         "owner": "Mic92",
         "repo": "nix-index-database",
-        "rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22",
+        "rev": "04f8a11f247ba00263b060fbcdc95484fd046104",
         "type": "github"
       },
       "original": {
@@ -564,11 +564,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1728179514,
-        "narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=",
+        "lastModified": 1729389220,
+        "narHash": "sha256-vHCkVYWrw03vn48Yihor5PXiSuxDSF1TcyO2kAs1Ehg=",
         "owner": "nix-community",
         "repo": "nix-vscode-extensions",
-        "rev": "018196c371073d669510fd69dd2f6dc0ec608c41",
+        "rev": "f4dd6d6b728a61095b944de1fbc58c5bbdc87320",
         "type": "github"
       },
       "original": {
@@ -579,11 +579,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1728729581,
-        "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=",
+        "lastModified": 1729333370,
+        "narHash": "sha256-NU+tYe3QWzDNpB8RagpqR3hNQXn4BNuBd7ZGosMHLL8=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806",
+        "rev": "38279034170b1e2929b2be33bdaedbf14a57bfeb",
         "type": "github"
       },
       "original": {
@@ -623,11 +623,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1728740863,
-        "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
+        "lastModified": 1729181673,
+        "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077",
+        "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3",
         "type": "github"
       },
       "original": {
@@ -639,11 +639,11 @@
     },
     "nixpkgs-stable_2": {
       "locked": {
-        "lastModified": 1728156290,
-        "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=",
+        "lastModified": 1729357638,
+        "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "17ae88b569bb15590549ff478bab6494dde4a907",
+        "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22",
         "type": "github"
       },
       "original": {
@@ -713,11 +713,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1728878648,
-        "narHash": "sha256-JYNGkY30+zGclR1zebnyHOtRhWKfKHLw6T4IoqhmJFs=",
+        "lastModified": 1729400812,
+        "narHash": "sha256-9o1t9ZOK9TH0N8HhoBzJ5jbg8jy72qM45xJ4QyffBvM=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "23d88faa35dc9de0e35fc3dc2a863c4cf451a8f8",
+        "rev": "a05b041fff7a2e4872d361dc03025d0f4cadb2f6",
         "type": "github"
       },
       "original": {
@@ -774,11 +774,11 @@
         "nixpkgs-stable": "nixpkgs-stable_2"
       },
       "locked": {
-        "lastModified": 1728345710,
-        "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
+        "lastModified": 1729394972,
+        "narHash": "sha256-fADlzOzcSaGsrO+THUZ8SgckMMc7bMQftztKFCLVcFI=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
+        "rev": "c504fd7ac946d7a1b17944d73b261ca0a0b226a5",
         "type": "github"
       },
       "original": {

From ac6ebac159cab11fdd65ece71cd6a5440d4e5a4b Mon Sep 17 00:00:00 2001
From: xinyangli <lixinyang411@gmail.com>
Date: Sun, 20 Oct 2024 15:14:01 +0800
Subject: [PATCH 2/2] raspite: fix hass

---
 flake.nix                          |  2 +-
 machines/raspite/configuration.nix | 29 +++++++-----------
 machines/raspite/hass.nix          | 48 ++++++++++++++++--------------
 3 files changed, 38 insertions(+), 41 deletions(-)

diff --git a/flake.nix b/flake.nix
index 4af8705..e8700a4 100644
--- a/flake.nix
+++ b/flake.nix
@@ -208,7 +208,7 @@
           { ... }:
           {
             deployment = {
-              targetHost = "raspite.local";
+              targetHost = "raspite.coho-tet.ts.net";
               buildOnTarget = false;
             };
             nixpkgs.system = "aarch64-linux";
diff --git a/machines/raspite/configuration.nix b/machines/raspite/configuration.nix
index 049e67e..234d0e9 100644
--- a/machines/raspite/configuration.nix
+++ b/machines/raspite/configuration.nix
@@ -8,7 +8,10 @@
 {
   imports = [ ./hass.nix ];
 
-  commonSettings.nix.enableMirrors = true;
+  commonSettings = {
+    nix.enableMirrors = true;
+    auth.enable = true;
+  };
 
   nixpkgs.overlays = [
     # Workaround https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243
@@ -33,25 +36,15 @@
 
   # boot.kernelPackages = pkgs.linuxPackages_stable;
 
-  custom.kanidm-client = {
-    enable = true;
-    uri = "https://auth.xinyang.life";
-    asSSHAuth = {
-      enable = true;
-      allowedGroups = [ "linux_users" ];
-      hardening = true;
-    };
-    sudoers = [ "xin@auth.xinyang.life" ];
-  };
-
-  security.sudo = {
-    execWheelOnly = true;
-    wheelNeedsPassword = false;
-  };
-
   # fileSystems."/".fsType = lib.mkForce "btrfs";
   boot.supportedFilesystems.zfs = lib.mkForce false;
 
-  services.dae.enable = false;
+  services.dae.enable = true;
   services.dae.configFile = "/var/lib/dae/config.dae";
+
+  services.tailscale = {
+    enable = true;
+    permitCertUid = config.services.caddy.user;
+    openFirewall = true;
+  };
 }
diff --git a/machines/raspite/hass.nix b/machines/raspite/hass.nix
index 68d161b..f7b682e 100644
--- a/machines/raspite/hass.nix
+++ b/machines/raspite/hass.nix
@@ -2,22 +2,21 @@
 {
   services.home-assistant = {
     enable = true;
-    extraComponents = [
-      "default_config"
-      "esphome"
-      "met"
-      "radio_browser"
-    ];
     openFirewall = false;
     config = {
       default_config = { };
       http = {
-        server_host = "::1";
-        base_url = "raspite.local:1000";
-        use_x_forward_for = true;
-        trusted_proxies = [ "::1" ];
+        server_host = "127.0.0.1";
+        use_x_forwarded_for = true;
+        trusted_proxies = [ "127.0.0.1" ];
       };
     };
+    extraPackages =
+      python3Packages: with python3Packages; [
+        # speed up aiohttp
+        isal
+        zlib-ng
+      ];
   };
 
   services.esphome = {
@@ -27,23 +26,28 @@
 
   users.groups.dialout.members = config.users.groups.wheel.members;
 
-  environment.systemPackages = with pkgs; [ zigbee2mqtt ];
+  services.mosquitto = {
+    enable = true;
+  };
 
-  networking.firewall.allowedTCPPorts = [
-    1000
-    1001
-  ];
+  services.zigbee2mqtt = {
+    enable = true;
+    settings = {
+      home-assistant = config.services.home-assistant.enable;
+      permit_join = true;
+      serial = {
+        port = "/dev/ttyUSB0";
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 8443 ];
 
   services.caddy = {
     enable = true;
     virtualHosts = {
-      # reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port}
-      "raspite.local:1000".extraConfig = ''
-        reverse_proxy http://[::1]:8123
-      '';
-
-      "raspite.local:1001".extraConfig = ''
-        reverse_proxy ${config.services.esphome.address}:${toString config.services.esphome.port}
+      "raspite.coho-tet.ts.net".extraConfig = ''
+        reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port}
       '';
     };
   };