magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-11-22 08:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add terranix config for home-assistant

Browse source 
Signed-off-by: Magic_RB <magic_rb@redalder.org>
This commit is contained in:
Magic_RB 2023-06-15 23:07:53 +02:00
parent 8ab965a374
commit 52705b08ee
2 changed files with 401 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
terranix/containers/home-assistant/default.nix Normal file
View file

@ -0,0 +1,84 @@
{ elib, ... }:
let
inherit (elib)
nfsVolume
nomadJob;
flake_host = "";
flake_rev = "";
flake_ref = "";
flake_sha = "";
in
{
resource."nomad_volume"."home-assistant_hass" = nfsVolume {
volume_name = "home-assistant_hass";
access_mode = "single-node-writer";
server = "blowhole.hosts.in.redalder.org";
share = "/var/nfs/home-assistant_hass";
mount_flags = [ "nfsvers=3" "hard" "async" ];
};
resource."nomad_volume"."home-assistant_db" = nfsVolume {
volume_name = "home-assistant_db";
access_mode = "single-node-writer";
server = "blowhole.hosts.in.redalder.org";
share = "/var/nfs/home-assistant_db";
mount_flags = [ "nfsvers=3" "hard" "async" ];
};
resource."nomad_volume"."home-assistant_zigbee2mqtt" = nfsVolume {
volume_name = "home-assistant_zigbee2mqtt";
access_mode = "single-node-writer";
server = "blowhole.hosts.in.redalder.org";
share = "/var/nfs/home-assistant_zigbee2mqtt";
mount_flags = [ "nfsvers=3" "hard" "async" ];
};
resource."nomad_volume"."home-assistant_mosquitto" = nfsVolume {
volume_name = "home-assistant_mosquitto";
access_mode = "single-node-writer";
server = "blowhole.hosts.in.redalder.org";
share = "/var/nfs/home-assistant_mosquitto";
mount_flags = [ "nfsvers=3" "hard" "async" ];
};
resource."vault_policy"."home-assistant-policy" = {
name = "home-assistant-policy";
policy = ''
path "kv/data/cluster/home-assistant" {
capabilities = ["read"]
}
'';
};
resource."vault_policy"."zigbee2mqtt-policy" = {
name = "zigbee2mqtt-policy";
policy = ''
path "kv/data/cluster/mqtt" {
capabilities = ["read"]
}
path "kv/data/cluster/zigbee2mqtt" {
capabilities = ["read"]
}
'';
};
resource."vault_policy"."mosquitto-policy" = {
name = "mosquitto-policy";
policy = ''
path "kv/data/cluster/mqtt" {
capabilities = ["read"]
}
'';
};
resource."nomad_job"."home-assistant" = nomadJob {
jobspec = ./job.hcl;
vars = {
flake_ref = "${flake_host}?rev=${flake_rev}&ref=${flake_ref}";
flake_sha = flake_sha;
};
};
}

317
terranix/containers/home-assistant/job.hcl Normal file
View file

@ -0,0 +1,317 @@
variable "flake_ref" {
type = string
}
variable "flake_sha" {
type = string
}
job "home-assistant" {
datacenters = [ "homelab-1" ]
type = "service"
constraint {
attribute = "${attr.unique.hostname}"
value = "blowhole"
}
group "zigbee2mqtt" {
count = 1
restart {
attempts = 5
delay = "5s"
}
network {
mode = "bridge"
port "http" {
static = 8456
to = 8456
}
}
volume "home-assistant_zigbee2mqtt" {
type = "csi"
source = "home-assistant_zigbee2mqtt"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
service {
name = "zigbee2mqtt"
port = "8456"
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "mqtt"
local_bind_port = 1883
datacenter = "homelab-1"
}
}
}
}
}
task "zigbee2mqtt" {
driver = "docker"
vault {
policies = ["zigbee2mqtt-policy"]
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.zigbee2mqtt.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
devices = [
{
host_path = "/dev/ttyUSB0" #"serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_4c004e9c53c9eb118a9f8b4f1d69213e-if00-port0"
container_path = "/dev/ttyUSB0"
}
]
}
resources {
cpu = 128
memory = 128
memory_max = 256
}
volume_mount {
volume = "home-assistant_zigbee2mqtt"
destination = "/var/zigbee2mqtt"
read_only = false
}
template {
data = <<EOF
{{ with secret "kv/data/cluster/zigbee2mqtt" }}
XIAOMI_HUB_ADDRESS={{ .Data.data.xiaomi_hub_address }}
{{ end }}
{{ with secret "kv/data/cluster/mqtt" }}
MQTT_PASSWORD={{ .Data.data.password }}
MQTT_USER={{ .Data.data.user }}
{{ end }}
EOF
destination = "secrets/environment"
env = true
perms = "444"
}
}
}
group "mqtt" {
count = 1
restart {
attempts = 5
delay = "5s"
}
network {
mode = "bridge"
}
volume "home-assistant_mosquitto" {
type = "csi"
source = "home-assistant_mosquitto"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
service {
name = "mqtt"
port = "1883"
connect {
sidecar_service {}
}
}
task "mosquitto" {
driver = "docker"
vault {
policies = ["mosquitto-policy"]
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.mosquitto.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
resources {
cpu = 128
memory = 128
memory_max = 256
}
volume_mount {
volume = "home-assistant_mosquitto"
destination = "/var/mosquitto"
read_only = false
}
template {
data = <<EOF
{{ with secret "kv/data/cluster/mqtt" }}
{{ .Data.data.user}}:{{ .Data.data.hash }}
{{ end }}
EOF
destination = "secrets/mqtt_password"
perms = "444"
}
}
}
group "home-assistant" {
count = 1
restart {
attempts = 5
delay = "5s"
}
network {
mode = "bridge"
port "http" {
static = 8123
to = 8123
}
}
volume "home-assistant_hass" {
type = "csi"
source = "home-assistant_hass"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
volume "home-assistant_db" {
type = "csi"
source = "home-assistant_db"
read_only = false
attachment_mode = "file-system"
access_mode = "single-node-writer"
}
volume "cctv" {
type = "host"
read_only = false
source = "cctv"
}
service {
name = "home-assistant"
port = "8123"
connect {
sidecar_service {
proxy {
upstreams {
destination_name = "mqtt"
local_bind_port = 1883
datacenter = "homelab-1"
}
}
}
}
}
task "postgresql" {
driver = "docker"
volume_mount {
volume = "home-assistant_db"
destination = "/var/lib/postgresql"
read_only = false
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.home-assistantPostgresql.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
resources {
cpu = 500
memory = 128
memory_max = 256
}
template {
data = <<EOF
alter user hass with password '{{ with secret "kv/data/cluster/home-assistant" }}{{ .Data.data.pgpass }}{{ end }}';
EOF
destination = "secrets/init.sql"
}
vault {
policies = ["home-assistant-policy"]
}
}
task "home-assistant" {
driver = "docker"
vault {
policies = ["home-assistant-policy"]
}
config {
nix_flake_ref = "${var.flake_ref}#nixngSystems.home-assistant.config.system.build.toplevel"
nix_flake_sha = var.flake_sha
entrypoint = [ "init" ]
}
resources {
cpu = 512
memory = 1024
memory_max = 1024
}
volume_mount {
volume = "home-assistant_hass"
destination = "/var/home-assistant"
read_only = false
}
volume_mount {
volume = "cctv"
destination = "/mnt/cctv"
read_only = false
}
template {
data = <<EOF
{{ with secret "kv/data/cluster/home-assistant" }}
PSQL_PASSWORD={{ .Data.data.pgpass }}
LATITUDE={{ .Data.data.latitude }}
LONGTITUDE={{ .Data.data.longtitude }}
ELEVATION={{ .Data.data.elevation }}
TIME_ZONE={{ .Data.data.time_zone }}
ALARM_CODE={{ .Data.data.alarm_code }}
COUNTRY={{ .Data.data.country }}
{{ end }}
EOF
destination = "secrets/environment"
env = true
perms = "400"
}
}
}
}