raspite: fix hass

flake.lock: Update
Flake lock file updates: • Updated input 'home-manager': 'github:nix-community/home-manager/64c6325b28ebd708653dd41d88f306023f296184' (2024-10-13) → 'github:nix-community/home-manager/122f70545b29ccb922e655b08acfe05bfb44ec68' (2024-10-19) • Updated input 'nix-index-database': 'github:Mic92/nix-index-database/5c54c33aa04df5dd4b0984b7eb861d1981009b22' (2024-10-13) → 'github:Mic92/nix-index-database/04f8a11f247ba00263b060fbcdc95484fd046104' (2024-10-20) • Updated input 'nix-vscode-extensions': 'github:nix-community/nix-vscode-extensions/018196c371073d669510fd69dd2f6dc0ec608c41' (2024-10-06) → 'github:nix-community/nix-vscode-extensions/f4dd6d6b728a61095b944de1fbc58c5bbdc87320' (2024-10-20) • Updated input 'nixos-hardware': 'github:NixOS/nixos-hardware/a8dd1b21995964b115b1e3ec639dd6ce24ab9806' (2024-10-12) → 'github:NixOS/nixos-hardware/38279034170b1e2929b2be33bdaedbf14a57bfeb' (2024-10-19) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/a3f9ad65a0bf298ed5847629a57808b97e6e8077' (2024-10-12) → 'github:nixos/nixpkgs/4eb33fe664af7b41a4c446f87d20c9a0a6321fa3' (2024-10-17) • Updated input 'nur': 'github:nix-community/NUR/23d88faa35dc9de0e35fc3dc2a863c4cf451a8f8' (2024-10-14) → 'github:nix-community/NUR/a05b041fff7a2e4872d361dc03025d0f4cadb2f6' (2024-10-20) • Updated input 'sops-nix': 'github:Mic92/sops-nix/06535d0e3d0201e6a8080dd32dbfde339b94f01b' (2024-10-08) → 'github:Mic92/sops-nix/c504fd7ac946d7a1b17944d73b261ca0a0b226a5' (2024-10-20) • Updated input 'sops-nix/nixpkgs-stable': 'github:NixOS/nixpkgs/17ae88b569bb15590549ff478bab6494dde4a907' (2024-10-05) → 'github:NixOS/nixpkgs/bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22' (2024-10-19)
2024-10-20 15:14:01 +08:00 · 2024-10-20 15:12:06 +08:00
4 changed files with 62 additions and 65 deletions
--- a/flake.lock
+++ b/flake.lock
@ -433,11 +433,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1728791962,
-        "narHash": "sha256-nr5QiXwQcZmf6/auC1UpX8iAtINMtdi2mH+OkqJQVmU=",
+        "lastModified": 1729321331,
+        "narHash": "sha256-KVyQq+ez/oB30/WbdNgVD8g/bda34z8NiU187QKQb74=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "64c6325b28ebd708653dd41d88f306023f296184",
+        "rev": "122f70545b29ccb922e655b08acfe05bfb44ec68",
        "type": "github"
      },
      "original": {
@ -540,11 +540,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1728790083,
-        "narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=",
+        "lastModified": 1729394935,
+        "narHash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22",
+        "rev": "04f8a11f247ba00263b060fbcdc95484fd046104",
        "type": "github"
      },
      "original": {
@ -564,11 +564,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1728179514,
-        "narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=",
+        "lastModified": 1729389220,
+        "narHash": "sha256-vHCkVYWrw03vn48Yihor5PXiSuxDSF1TcyO2kAs1Ehg=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "018196c371073d669510fd69dd2f6dc0ec608c41",
+        "rev": "f4dd6d6b728a61095b944de1fbc58c5bbdc87320",
        "type": "github"
      },
      "original": {
@ -579,11 +579,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1728729581,
-        "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=",
+        "lastModified": 1729333370,
+        "narHash": "sha256-NU+tYe3QWzDNpB8RagpqR3hNQXn4BNuBd7ZGosMHLL8=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806",
+        "rev": "38279034170b1e2929b2be33bdaedbf14a57bfeb",
        "type": "github"
      },
      "original": {
@ -623,11 +623,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1728740863,
-        "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
+        "lastModified": 1729181673,
+        "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077",
+        "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3",
        "type": "github"
      },
      "original": {
@ -639,11 +639,11 @@
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1728156290,
-        "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=",
+        "lastModified": 1729357638,
+        "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "17ae88b569bb15590549ff478bab6494dde4a907",
+        "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22",
        "type": "github"
      },
      "original": {
@ -713,11 +713,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1728878648,
-        "narHash": "sha256-JYNGkY30+zGclR1zebnyHOtRhWKfKHLw6T4IoqhmJFs=",
+        "lastModified": 1729400812,
+        "narHash": "sha256-9o1t9ZOK9TH0N8HhoBzJ5jbg8jy72qM45xJ4QyffBvM=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "23d88faa35dc9de0e35fc3dc2a863c4cf451a8f8",
+        "rev": "a05b041fff7a2e4872d361dc03025d0f4cadb2f6",
        "type": "github"
      },
      "original": {
@ -774,11 +774,11 @@
        "nixpkgs-stable": "nixpkgs-stable_2"
      },
      "locked": {
-        "lastModified": 1728345710,
-        "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
+        "lastModified": 1729394972,
+        "narHash": "sha256-fADlzOzcSaGsrO+THUZ8SgckMMc7bMQftztKFCLVcFI=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
+        "rev": "c504fd7ac946d7a1b17944d73b261ca0a0b226a5",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -208,7 +208,7 @@
          { ... }:
          {
            deployment = {
-              targetHost = "raspite.local";
+              targetHost = "raspite.coho-tet.ts.net";
              buildOnTarget = false;
            };
            nixpkgs.system = "aarch64-linux";
--- a/machines/raspite/configuration.nix
+++ b/machines/raspite/configuration.nix
@ -8,7 +8,10 @@
 {
  imports = [ ./hass.nix ];

-  commonSettings.nix.enableMirrors = true;
+  commonSettings = {
+    nix.enableMirrors = true;
+    auth.enable = true;
+  };

  nixpkgs.overlays = [
    # Workaround https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243
@ -33,25 +36,15 @@

  # boot.kernelPackages = pkgs.linuxPackages_stable;

-  custom.kanidm-client = {
-    enable = true;
-    uri = "https://auth.xinyang.life";
-    asSSHAuth = {
-      enable = true;
-      allowedGroups = [ "linux_users" ];
-      hardening = true;
-    };
-    sudoers = [ "xin@auth.xinyang.life" ];
-  };
-
-  security.sudo = {
-    execWheelOnly = true;
-    wheelNeedsPassword = false;
-  };
-
  # fileSystems."/".fsType = lib.mkForce "btrfs";
  boot.supportedFilesystems.zfs = lib.mkForce false;

-  services.dae.enable = false;
+  services.dae.enable = true;
  services.dae.configFile = "/var/lib/dae/config.dae";
+
+  services.tailscale = {
+    enable = true;
+    permitCertUid = config.services.caddy.user;
+    openFirewall = true;
+  };
 }
--- a/machines/raspite/hass.nix
+++ b/machines/raspite/hass.nix
@ -2,22 +2,21 @@
 {
  services.home-assistant = {
    enable = true;
-    extraComponents = [
-      "default_config"
-      "esphome"
-      "met"
-      "radio_browser"
-    ];
    openFirewall = false;
    config = {
      default_config = { };
      http = {
-        server_host = "::1";
-        base_url = "raspite.local:1000";
-        use_x_forward_for = true;
-        trusted_proxies = [ "::1" ];
+        server_host = "127.0.0.1";
+        use_x_forwarded_for = true;
+        trusted_proxies = [ "127.0.0.1" ];
      };
    };
+    extraPackages =
+      python3Packages: with python3Packages; [
+        # speed up aiohttp
+        isal
+        zlib-ng
+      ];
  };

  services.esphome = {
@ -27,23 +26,28 @@

  users.groups.dialout.members = config.users.groups.wheel.members;

-  environment.systemPackages = with pkgs; [ zigbee2mqtt ];
+  services.mosquitto = {
+    enable = true;
+  };

-  networking.firewall.allowedTCPPorts = [
-    1000
-    1001
-  ];
+  services.zigbee2mqtt = {
+    enable = true;
+    settings = {
+      home-assistant = config.services.home-assistant.enable;
+      permit_join = true;
+      serial = {
+        port = "/dev/ttyUSB0";
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 8443 ];

  services.caddy = {
    enable = true;
    virtualHosts = {
-      # reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port}
-      "raspite.local:1000".extraConfig = ''
-        reverse_proxy http://[::1]:8123
-      '';
-
-      "raspite.local:1001".extraConfig = ''
-        reverse_proxy ${config.services.esphome.address}:${toString config.services.esphome.port}
+      "raspite.coho-tet.ts.net".extraConfig = ''
+        reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port}
      '';
    };
  };