nix-infra/common/fragments/home-assistant.nix

{
  networking.firewall.allowedTCPPorts = [
    8123
    1883
    1884
  ];
  networking.firewall.allowedTCPPortRanges = [
    {
      from = 21063;
      to = 21070;
    }
  ];
  networking.firewall.allowedUDPPorts = [
    53
    67
    5353
  ];

  virtualisation.oci-containers.containers = {
    "home-assistant" = {
      image = "ghcr.io/home-assistant/home-assistant:stable";
      autoStart = true;
      volumes = [
        "/var/lib/hass:/config"
        "/etc/localtime:/etc/localtime:ro"
        "/run/dbus:/run/dbus:ro"
      ];
      extraOptions = [ "--network=host" ];
    };
  };

  services.mosquitto = {
    enable = true;
    listeners = [
      {
        users.root = {
          acl = [ "readwrite #" ];
          hashedPassword = "$7$101$GLzV4JTDU6Z9vHYl$GqkS+LOdufO3Znt/3M+4y0u8I3Yyv+3J/8SpsVTpKZMexNciPDhV3K67ZX6++yD75e4Eo4gJCYYhJ/JFt2o2nw==";
        };
      }
    ];
  };

  services.create_ap = {
    enable = true;
    settings = {
      WIFI_IFACE = "wlp2s0";
      SHARE_METHOD = "none";
      SSID = "Agatha-Isolated-Network";
      # TODO: Replace placeholder password after switching to sops-nix
      PASSPHRASE = "nCvKNgRH5L5DFBR4JULP3GHbDuk9XLfT";
    };
  };
  networking.networkmanager.unmanaged = [ "wlp2s0" ];
}
Init Watchtower 2024-09-05 16:30:11 +00:00			`{`
			`networking.firewall.allowedTCPPorts = [`
			`8123`
			`1883`
			`1884`
			`];`
			`networking.firewall.allowedTCPPortRanges = [`
			`{`
			`from = 21063;`
			`to = 21070;`
			`}`
			`];`
			`networking.firewall.allowedUDPPorts = [`
			`53`
			`67`
			`5353`
			`];`

			`virtualisation.oci-containers.containers = {`
			`"home-assistant" = {`
			`image = "ghcr.io/home-assistant/home-assistant:stable";`
			`autoStart = true;`
			`volumes = [`
			`"/var/lib/hass:/config"`
			`"/etc/localtime:/etc/localtime:ro"`
			`"/run/dbus:/run/dbus:ro"`
			`];`
			`extraOptions = [ "--network=host" ];`
			`};`
			`};`

			`services.mosquitto = {`
			`enable = true;`
			`listeners = [`
			`{`
			`users.root = {`
			`acl = [ "readwrite #" ];`
			`hashedPassword = "$7$101$GLzV4JTDU6Z9vHYl$GqkS+LOdufO3Znt/3M+4y0u8I3Yyv+3J/8SpsVTpKZMexNciPDhV3K67ZX6++yD75e4Eo4gJCYYhJ/JFt2o2nw==";`
			`};`
			`}`
			`];`
			`};`

			`services.create_ap = {`
			`enable = true;`
			`settings = {`
			`WIFI_IFACE = "wlp2s0";`
			`SHARE_METHOD = "none";`
			`SSID = "Agatha-Isolated-Network";`
			`# TODO: Replace placeholder password after switching to sops-nix`
			`PASSPHRASE = "nCvKNgRH5L5DFBR4JULP3GHbDuk9XLfT";`
			`};`
			`};`
			`networking.networkmanager.unmanaged = [ "wlp2s0" ];`
			`}`