diff --git a/terranix/containers/home-assistant/default.nix b/terranix/containers/home-assistant/default.nix new file mode 100644 index 0000000..a61092b --- /dev/null +++ b/terranix/containers/home-assistant/default.nix @@ -0,0 +1,84 @@ +{ elib, ... }: +let + inherit (elib) + nfsVolume + nomadJob; + + flake_host = ""; + flake_rev = ""; + flake_ref = ""; + flake_sha = ""; +in +{ + resource."nomad_volume"."home-assistant_hass" = nfsVolume { + volume_name = "home-assistant_hass"; + access_mode = "single-node-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/var/nfs/home-assistant_hass"; + mount_flags = [ "nfsvers=3" "hard" "async" ]; + }; + + resource."nomad_volume"."home-assistant_db" = nfsVolume { + volume_name = "home-assistant_db"; + access_mode = "single-node-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/var/nfs/home-assistant_db"; + mount_flags = [ "nfsvers=3" "hard" "async" ]; + }; + + resource."nomad_volume"."home-assistant_zigbee2mqtt" = nfsVolume { + volume_name = "home-assistant_zigbee2mqtt"; + access_mode = "single-node-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/var/nfs/home-assistant_zigbee2mqtt"; + mount_flags = [ "nfsvers=3" "hard" "async" ]; + }; + + resource."nomad_volume"."home-assistant_mosquitto" = nfsVolume { + volume_name = "home-assistant_mosquitto"; + access_mode = "single-node-writer"; + server = "blowhole.hosts.in.redalder.org"; + share = "/var/nfs/home-assistant_mosquitto"; + mount_flags = [ "nfsvers=3" "hard" "async" ]; + }; + + resource."vault_policy"."home-assistant-policy" = { + name = "home-assistant-policy"; + policy = '' + path "kv/data/cluster/home-assistant" { + capabilities = ["read"] + } + ''; + }; + + resource."vault_policy"."zigbee2mqtt-policy" = { + name = "zigbee2mqtt-policy"; + policy = '' + path "kv/data/cluster/mqtt" { + capabilities = ["read"] + } + + path "kv/data/cluster/zigbee2mqtt" { + capabilities = ["read"] + } + ''; + }; + + resource."vault_policy"."mosquitto-policy" = { + name = "mosquitto-policy"; + policy = '' + path "kv/data/cluster/mqtt" { + capabilities = ["read"] + } + ''; + }; + + resource."nomad_job"."home-assistant" = nomadJob { + jobspec = ./job.hcl; + + vars = { + flake_ref = "${flake_host}?rev=${flake_rev}&ref=${flake_ref}"; + flake_sha = flake_sha; + }; + }; +} diff --git a/terranix/containers/home-assistant/job.hcl b/terranix/containers/home-assistant/job.hcl new file mode 100644 index 0000000..4afbbc5 --- /dev/null +++ b/terranix/containers/home-assistant/job.hcl @@ -0,0 +1,317 @@ +variable "flake_ref" { + type = string +} + +variable "flake_sha" { + type = string +} + +job "home-assistant" { + datacenters = [ "homelab-1" ] + type = "service" + + constraint { + attribute = "${attr.unique.hostname}" + value = "blowhole" + } + + group "zigbee2mqtt" { + count = 1 + + restart { + attempts = 5 + delay = "5s" + } + + network { + mode = "bridge" + + port "http" { + static = 8456 + to = 8456 + } + } + + volume "home-assistant_zigbee2mqtt" { + type = "csi" + source = "home-assistant_zigbee2mqtt" + read_only = false + + attachment_mode = "file-system" + access_mode = "single-node-writer" + } + + service { + name = "zigbee2mqtt" + port = "8456" + + connect { + sidecar_service { + proxy { + upstreams { + destination_name = "mqtt" + local_bind_port = 1883 + datacenter = "homelab-1" + } + } + } + } + } + + task "zigbee2mqtt" { + driver = "docker" + + vault { + policies = ["zigbee2mqtt-policy"] + } + + config { + nix_flake_ref = "${var.flake_ref}#nixngSystems.zigbee2mqtt.config.system.build.toplevel" + nix_flake_sha = var.flake_sha + entrypoint = [ "init" ] + + devices = [ + { + host_path = "/dev/ttyUSB0" #"serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_4c004e9c53c9eb118a9f8b4f1d69213e-if00-port0" + container_path = "/dev/ttyUSB0" + } + ] + } + + resources { + cpu = 128 + memory = 128 + memory_max = 256 + } + + volume_mount { + volume = "home-assistant_zigbee2mqtt" + destination = "/var/zigbee2mqtt" + read_only = false + } + + template { + data = <