{ config, inputs, lib, pkgs, system, ... }: let port = 8123; path = "/data/nginx"; certPath = "${path}/cert.pem"; keyPath = "${path}/key.pem"; zwaveSerialPort = "/dev/serial/by-id/usb-Silicon_Labs_CP2105_Dual_USB_to_UART_Bridge_Controller_012B8DD3-if00-port0"; zigbeeSerialPort = "/dev/serial/by-id/usb-Silicon_Labs_CP2105_Dual_USB_to_UART_Bridge_Controller_012B8DD3-if01-port0"; in { imports = [../nginx.nix ./virtualisation.nix]; networking.firewall.allowedTCPPorts = [port 1883 8089 8091]; # sends messages to mqtt, no direct connection with home assistant virtualisation.oci-containers.containers.zwave-js = { image = "zwavejs/zwave-js-ui@sha256:ad447f95ac6afbdd39bf626f751d032290ea38c203945598b2395baab3d89305"; volumes = ["zwave-js-ui:/usr/src/app/store"]; extraOptions = ["--device=${zwaveSerialPort}:/dev/zwave"]; ports = ["8091:8091"]; }; services = { mosquitto = { enable = true; package = inputs.nixpkgs-nixos-unstable.legacyPackages."${system}".mosquitto; dataDir = "/data/mosquitto"; listeners = [ { port = 1883; omitPasswordAuth = true; users = {}; settings = { allow_anonymous = true; }; acl = ["topic readwrite #"]; } ]; }; zigbee2mqtt = { enable = true; package = inputs.nixpkgs-master.legacyPackages."${system}".zigbee2mqtt; settings = { homeassistant = true; permit_join = true; availability.active.timeout = 10; availability.passive.timeout = 90; frontend.port = 8089; mqtt.server = "mqtt://10.0.0.8:1883"; serial = { port = zigbeeSerialPort; baudrate = 115200; adapter = "ember"; }; }; }; nginx = { virtualHosts = { "bolty.raptor-carp.ts.net" = { forceSSL = true; enableACME = false; locations."/" = { proxyPass = "http://10.0.0.244:8123"; proxyWebsockets = true; }; sslCertificateKey = keyPath; sslCertificate = certPath; }; }; }; }; systemd.services.nginx-tailscale-certs = { script = '' mkdir -p ${path} cp -rv /var/lib/tailscale-certs/cert.pem ${certPath} cp -rv /var/lib/tailscale-certs/key.pem ${keyPath} chown -Rv nginx:nginx ${path} ''; serviceConfig = { Type = "oneshot"; ReloadPropagatedFrom = "tailscale-cert.service"; }; before = ["nginx.service"]; wantedBy = ["multi-user.target"]; after = [ "network.target" "network-online.target" "tailscaled.service" "tailscale-cert.service" ]; wants = ["tailscale-cert.service"]; }; }