2023-08-13 17:00:41 +01:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
inputs,
|
|
|
|
|
lib,
|
2023-10-25 20:41:20 +01:00
|
|
|
pkgs,
|
|
|
|
|
system,
|
2023-08-13 17:00:41 +01:00
|
|
|
...
|
|
|
|
|
}: let
|
2023-04-22 22:37:02 +01:00
|
|
|
port = 8123;
|
|
|
|
|
path = "/data/nginx";
|
|
|
|
|
certPath = "${path}/cert.pem";
|
|
|
|
|
keyPath = "${path}/key.pem";
|
2024-06-22 08:49:11 +01:00
|
|
|
zwaveSerialPort = "/dev/serial/by-id/usb-Silicon_Labs_CP2105_Dual_USB_to_UART_Bridge_Controller_012B8DD3-if00-port0";
|
|
|
|
|
zigbeeSerialPort = "/dev/serial/by-id/usb-Silicon_Labs_CP2105_Dual_USB_to_UART_Bridge_Controller_012B8DD3-if01-port0";
|
2022-11-09 17:50:48 +00:00
|
|
|
in {
|
2023-08-13 17:00:41 +01:00
|
|
|
imports = [../nginx.nix ./virtualisation.nix];
|
2023-04-22 12:30:19 +01:00
|
|
|
|
2024-06-16 12:58:06 +01:00
|
|
|
networking.firewall.allowedTCPPorts = [port 1883 8089 8091];
|
2024-04-27 11:33:38 +01:00
|
|
|
|
2024-06-22 08:49:11 +01:00
|
|
|
# sends messages to mqtt, no direct connection with home assistant
|
2024-06-16 12:58:06 +01:00
|
|
|
virtualisation.oci-containers.containers.zwave-js = {
|
2024-06-22 08:49:11 +01:00
|
|
|
image = "zwavejs/zwave-js-ui@sha256:ad447f95ac6afbdd39bf626f751d032290ea38c203945598b2395baab3d89305";
|
2024-06-16 12:58:06 +01:00
|
|
|
volumes = ["zwave-js-ui:/usr/src/app/store"];
|
2024-06-22 08:49:11 +01:00
|
|
|
extraOptions = ["--device=${zwaveSerialPort}:/dev/zwave"];
|
2024-06-16 12:58:06 +01:00
|
|
|
ports = ["8091:8091"];
|
2024-06-16 11:22:22 +01:00
|
|
|
};
|
2024-04-27 11:33:38 +01:00
|
|
|
services = {
|
|
|
|
|
mosquitto = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = inputs.nixpkgs-nixos-unstable.legacyPackages."${system}".mosquitto;
|
|
|
|
|
dataDir = "/data/mosquitto";
|
|
|
|
|
listeners = [
|
|
|
|
|
{
|
|
|
|
|
port = 1883;
|
|
|
|
|
omitPasswordAuth = true;
|
|
|
|
|
users = {};
|
|
|
|
|
settings = {
|
|
|
|
|
allow_anonymous = true;
|
|
|
|
|
};
|
|
|
|
|
acl = ["topic readwrite #"];
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
zigbee2mqtt = {
|
|
|
|
|
enable = true;
|
|
|
|
|
package = inputs.nixpkgs-master.legacyPackages."${system}".zigbee2mqtt;
|
|
|
|
|
settings = {
|
|
|
|
|
homeassistant = true;
|
|
|
|
|
permit_join = true;
|
|
|
|
|
availability.active.timeout = 10;
|
|
|
|
|
availability.passive.timeout = 90;
|
|
|
|
|
frontend.port = 8089;
|
|
|
|
|
mqtt.server = "mqtt://10.0.0.8:1883";
|
|
|
|
|
serial = {
|
2024-06-22 08:49:11 +01:00
|
|
|
port = zigbeeSerialPort;
|
2024-04-27 11:33:38 +01:00
|
|
|
baudrate = 115200;
|
2024-06-16 10:05:30 +01:00
|
|
|
adapter = "ember";
|
2023-07-13 19:36:21 +01:00
|
|
|
};
|
2023-09-02 20:24:28 +01:00
|
|
|
};
|
|
|
|
|
};
|
2024-04-27 11:33:38 +01:00
|
|
|
nginx = {
|
|
|
|
|
virtualHosts = {
|
|
|
|
|
"bolty.raptor-carp.ts.net" = {
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
enableACME = false;
|
|
|
|
|
locations."/" = {
|
|
|
|
|
proxyPass = "http://10.0.0.244:8123";
|
|
|
|
|
proxyWebsockets = true;
|
|
|
|
|
};
|
|
|
|
|
sslCertificateKey = keyPath;
|
|
|
|
|
sslCertificate = certPath;
|
2023-04-22 22:37:02 +01:00
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
systemd.services.nginx-tailscale-certs = {
|
|
|
|
|
script = ''
|
|
|
|
|
mkdir -p ${path}
|
|
|
|
|
cp -rv /var/lib/tailscale-certs/cert.pem ${certPath}
|
|
|
|
|
cp -rv /var/lib/tailscale-certs/key.pem ${keyPath}
|
|
|
|
|
chown -Rv nginx:nginx ${path}
|
|
|
|
|
'';
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
ReloadPropagatedFrom = "tailscale-cert.service";
|
|
|
|
|
};
|
2023-08-13 17:00:41 +01:00
|
|
|
before = ["nginx.service"];
|
|
|
|
|
wantedBy = ["multi-user.target"];
|
2023-04-22 22:37:02 +01:00
|
|
|
after = [
|
|
|
|
|
"network.target"
|
|
|
|
|
"network-online.target"
|
|
|
|
|
"tailscaled.service"
|
|
|
|
|
"tailscale-cert.service"
|
|
|
|
|
];
|
2023-08-13 17:00:41 +01:00
|
|
|
wants = ["tailscale-cert.service"];
|
2023-04-22 22:37:02 +01:00
|
|
|
};
|
2022-08-28 08:28:54 +01:00
|
|
|
}
|
