4 changed files with 65 additions and 62 deletions
--- a/flake.lock
+++ b/flake.lock
@ -433,11 +433,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1729321331,
+        "lastModified": 1728791962,
-        "narHash": "sha256-KVyQq+ez/oB30/WbdNgVD8g/bda34z8NiU187QKQb74=",
+        "narHash": "sha256-nr5QiXwQcZmf6/auC1UpX8iAtINMtdi2mH+OkqJQVmU=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "122f70545b29ccb922e655b08acfe05bfb44ec68",
+        "rev": "64c6325b28ebd708653dd41d88f306023f296184",
        "type": "github"
      },
      "original": {
@ -540,11 +540,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1729394935,
+        "lastModified": 1728790083,
-        "narHash": "sha256-2ntUG+NJKdfhlrh/tF+jOU0fOesO7lm5ZZVSYitsvH8=",
+        "narHash": "sha256-grMdAd4KSU6uPqsfLzA1B/3pb9GtGI9o8qb0qFzEU/Y=",
        "owner": "Mic92",
        "repo": "nix-index-database",
-        "rev": "04f8a11f247ba00263b060fbcdc95484fd046104",
+        "rev": "5c54c33aa04df5dd4b0984b7eb861d1981009b22",
        "type": "github"
      },
      "original": {
@ -564,11 +564,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1729389220,
+        "lastModified": 1728179514,
-        "narHash": "sha256-vHCkVYWrw03vn48Yihor5PXiSuxDSF1TcyO2kAs1Ehg=",
+        "narHash": "sha256-mOGZFPYm9SuEXnYiXhgs/JmLu7RofRaMpAYyJiWudkc=",
        "owner": "nix-community",
        "repo": "nix-vscode-extensions",
-        "rev": "f4dd6d6b728a61095b944de1fbc58c5bbdc87320",
+        "rev": "018196c371073d669510fd69dd2f6dc0ec608c41",
        "type": "github"
      },
      "original": {
@ -579,11 +579,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1729333370,
+        "lastModified": 1728729581,
-        "narHash": "sha256-NU+tYe3QWzDNpB8RagpqR3hNQXn4BNuBd7ZGosMHLL8=",
+        "narHash": "sha256-oazkQ/z7r43YkDLLQdMg8oIB3CwWNb+2ZrYOxtLEWTQ=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "38279034170b1e2929b2be33bdaedbf14a57bfeb",
+        "rev": "a8dd1b21995964b115b1e3ec639dd6ce24ab9806",
        "type": "github"
      },
      "original": {
@ -623,11 +623,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1729181673,
+        "lastModified": 1728740863,
-        "narHash": "sha256-LDiPhQ3l+fBjRATNtnuDZsBS7hqoBtPkKBkhpoBHv3I=",
+        "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "4eb33fe664af7b41a4c446f87d20c9a0a6321fa3",
+        "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077",
        "type": "github"
      },
      "original": {
@ -639,11 +639,11 @@
    },
    "nixpkgs-stable_2": {
      "locked": {
-        "lastModified": 1729357638,
+        "lastModified": 1728156290,
-        "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=",
+        "narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "bb8c2cf7ea0dd2e18a52746b2c3a5b0c73b93c22",
+        "rev": "17ae88b569bb15590549ff478bab6494dde4a907",
        "type": "github"
      },
      "original": {
@ -713,11 +713,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1729400812,
+        "lastModified": 1728878648,
-        "narHash": "sha256-9o1t9ZOK9TH0N8HhoBzJ5jbg8jy72qM45xJ4QyffBvM=",
+        "narHash": "sha256-JYNGkY30+zGclR1zebnyHOtRhWKfKHLw6T4IoqhmJFs=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "a05b041fff7a2e4872d361dc03025d0f4cadb2f6",
+        "rev": "23d88faa35dc9de0e35fc3dc2a863c4cf451a8f8",
        "type": "github"
      },
      "original": {
@ -774,11 +774,11 @@
        "nixpkgs-stable": "nixpkgs-stable_2"
      },
      "locked": {
-        "lastModified": 1729394972,
+        "lastModified": 1728345710,
-        "narHash": "sha256-fADlzOzcSaGsrO+THUZ8SgckMMc7bMQftztKFCLVcFI=",
+        "narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "c504fd7ac946d7a1b17944d73b261ca0a0b226a5",
+        "rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -208,7 +208,7 @@
          { ... }:
          {
            deployment = {
-              targetHost = "raspite.coho-tet.ts.net";
+              targetHost = "raspite.local";
              buildOnTarget = false;
            };
            nixpkgs.system = "aarch64-linux";
--- a/machines/raspite/configuration.nix
+++ b/machines/raspite/configuration.nix
@ -8,10 +8,7 @@
 {
  imports = [ ./hass.nix ];
-  commonSettings = {
+  commonSettings.nix.enableMirrors = true;
    nix.enableMirrors = true;
    auth.enable = true;
  };
  nixpkgs.overlays = [
    # Workaround https://github.com/NixOS/nixpkgs/issues/126755#issuecomment-869149243
@ -36,15 +33,25 @@
  # boot.kernelPackages = pkgs.linuxPackages_stable;
  custom.kanidm-client = {
    enable = true;
    uri = "https://auth.xinyang.life";
    asSSHAuth = {
      enable = true;
      allowedGroups = [ "linux_users" ];
      hardening = true;
    };
    sudoers = [ "xin@auth.xinyang.life" ];
  };
  security.sudo = {
    execWheelOnly = true;
    wheelNeedsPassword = false;
  };
  # fileSystems."/".fsType = lib.mkForce "btrfs";
  boot.supportedFilesystems.zfs = lib.mkForce false;
-  services.dae.enable = true;
+  services.dae.enable = false;
  services.dae.configFile = "/var/lib/dae/config.dae";
  services.tailscale = {
    enable = true;
    permitCertUid = config.services.caddy.user;
    openFirewall = true;
  };
 }
--- a/machines/raspite/hass.nix
+++ b/machines/raspite/hass.nix
@ -2,21 +2,22 @@
 {
  services.home-assistant = {
    enable = true;
    extraComponents = [
      "default_config"
      "esphome"
      "met"
      "radio_browser"
    ];
    openFirewall = false;
    config = {
      default_config = { };
      http = {
-        server_host = "127.0.0.1";
+        server_host = "::1";
-        use_x_forwarded_for = true;
+        base_url = "raspite.local:1000";
-        trusted_proxies = [ "127.0.0.1" ];
+        use_x_forward_for = true;
        trusted_proxies = [ "::1" ];
      };
    };
    extraPackages =
      python3Packages: with python3Packages; [
        # speed up aiohttp
        isal
        zlib-ng
      ];
  };
  services.esphome = {
@ -26,28 +27,23 @@
  users.groups.dialout.members = config.users.groups.wheel.members;
-  services.mosquitto = {
+  environment.systemPackages = with pkgs; [ zigbee2mqtt ];
    enable = true;
  };
-  services.zigbee2mqtt = {
+  networking.firewall.allowedTCPPorts = [
-    enable = true;
+    1000
-    settings = {
+    1001
-      home-assistant = config.services.home-assistant.enable;
+  ];
      permit_join = true;
      serial = {
        port = "/dev/ttyUSB0";
      };
    };
  };
  networking.firewall.allowedTCPPorts = [ 8443 ];
  services.caddy = {
    enable = true;
    virtualHosts = {
-      "raspite.coho-tet.ts.net".extraConfig = ''
+      # reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port}
-        reverse_proxy ${config.services.home-assistant.config.http.server_host}:${toString config.services.home-assistant.config.http.server_port}
+      "raspite.local:1000".extraConfig = ''
        reverse_proxy http://[::1]:8123
      '';
      "raspite.local:1001".extraConfig = ''
        reverse_proxy ${config.services.esphome.address}:${toString config.services.esphome.port}
      '';
    };
  };