mirror of
https://git.sr.ht/~magic_rb/dotfiles
synced 2024-12-04 22:14:58 +01:00
4a29b6d8d3
Signed-off-by: magic_rb <magic_rb@redalder.org>
330 lines
6.5 KiB
HCL
330 lines
6.5 KiB
HCL
variable "flake_ref" {
|
|
type = string
|
|
}
|
|
|
|
variable "flake_sha" {
|
|
type = string
|
|
}
|
|
|
|
variable "store_path" {
|
|
type = object({
|
|
mosquitto = string
|
|
postgresql = string
|
|
homeAssistant = string
|
|
zigbee2mqtt = string
|
|
})
|
|
}
|
|
|
|
job "home-assistant" {
|
|
datacenters = [ "homelab-1" ]
|
|
type = "service"
|
|
|
|
constraint {
|
|
attribute = "${attr.unique.hostname}"
|
|
value = "blowhole"
|
|
}
|
|
|
|
group "zigbee2mqtt" {
|
|
count = 1
|
|
|
|
restart {
|
|
attempts = 5
|
|
delay = "5s"
|
|
}
|
|
|
|
network {
|
|
mode = "bridge"
|
|
|
|
port "http" {
|
|
static = 8456
|
|
to = 8456
|
|
}
|
|
}
|
|
|
|
volume "home-assistant_zigbee2mqtt" {
|
|
type = "csi"
|
|
source = "home-assistant_zigbee2mqtt"
|
|
read_only = false
|
|
|
|
attachment_mode = "file-system"
|
|
access_mode = "single-node-writer"
|
|
}
|
|
|
|
service {
|
|
name = "zigbee2mqtt"
|
|
port = "8456"
|
|
|
|
connect {
|
|
sidecar_service {
|
|
proxy {
|
|
upstreams {
|
|
destination_name = "mqtt"
|
|
local_bind_port = 1883
|
|
datacenter = "homelab-1"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
task "zigbee2mqtt" {
|
|
driver = "docker"
|
|
|
|
vault {
|
|
policies = ["zigbee2mqtt-policy"]
|
|
}
|
|
|
|
config {
|
|
nix_flake_ref = "${var.flake_ref}#nixngConfigurations.zigbee2mqtt.config.system.build.toplevel"
|
|
nix_flake_sha = var.flake_sha
|
|
nix_flake_store_path = var.store_path.zigbee2mqtt
|
|
entrypoint = [ "init" ]
|
|
|
|
devices = [
|
|
{
|
|
host_path = "/dev/ttyZigbee" #"serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_4c004e9c53c9eb118a9f8b4f1d69213e-if00-port0"
|
|
container_path = "/dev/ttyUSB0"
|
|
}
|
|
]
|
|
}
|
|
|
|
resources {
|
|
cpu = 128
|
|
memory = 256
|
|
memory_max = 512
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "home-assistant_zigbee2mqtt"
|
|
destination = "/var/zigbee2mqtt"
|
|
read_only = false
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
{{ with secret "kv/data/cluster/zigbee2mqtt" }}
|
|
XIAOMI_HUB_ADDRESS={{ .Data.data.xiaomi_hub_address }}
|
|
{{ end }}
|
|
{{ with secret "kv/data/cluster/mqtt" }}
|
|
MQTT_PASSWORD={{ .Data.data.password }}
|
|
MQTT_USER={{ .Data.data.user }}
|
|
{{ end }}
|
|
EOF
|
|
destination = "secrets/environment"
|
|
env = true
|
|
perms = "444"
|
|
}
|
|
}
|
|
}
|
|
|
|
group "mosquitto" {
|
|
count = 1
|
|
|
|
restart {
|
|
attempts = 5
|
|
delay = "5s"
|
|
}
|
|
|
|
network {
|
|
mode = "bridge"
|
|
}
|
|
|
|
volume "home-assistant_mosquitto" {
|
|
type = "csi"
|
|
source = "home-assistant_mosquitto"
|
|
read_only = false
|
|
|
|
attachment_mode = "file-system"
|
|
access_mode = "single-node-writer"
|
|
}
|
|
|
|
service {
|
|
name = "mqtt"
|
|
port = "1883"
|
|
|
|
connect {
|
|
sidecar_service {}
|
|
}
|
|
}
|
|
|
|
task "mosquitto" {
|
|
driver = "docker"
|
|
|
|
vault {
|
|
policies = ["mosquitto-policy"]
|
|
}
|
|
|
|
config {
|
|
nix_flake_ref = "${var.flake_ref}#nixngConfigurations.mosquitto.config.system.build.toplevel"
|
|
nix_flake_sha = var.flake_sha
|
|
nix_flake_store_path = var.store_path.mosquitto
|
|
entrypoint = [ "init" ]
|
|
}
|
|
|
|
resources {
|
|
cpu = 128
|
|
memory = 128
|
|
memory_max = 256
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "home-assistant_mosquitto"
|
|
destination = "/var/mosquitto"
|
|
read_only = false
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
{{ with secret "kv/data/cluster/mqtt" }}
|
|
{{ .Data.data.user}}:{{ .Data.data.hash }}
|
|
{{ end }}
|
|
EOF
|
|
destination = "secrets/mqtt_password"
|
|
perms = "444"
|
|
}
|
|
}
|
|
}
|
|
|
|
group "home-assistant" {
|
|
count = 1
|
|
|
|
restart {
|
|
attempts = 5
|
|
delay = "5s"
|
|
}
|
|
|
|
network {
|
|
mode = "bridge"
|
|
|
|
port "http" {
|
|
static = 8123
|
|
to = 8123
|
|
}
|
|
}
|
|
|
|
volume "home-assistant_hass" {
|
|
type = "csi"
|
|
source = "home-assistant_hass"
|
|
read_only = false
|
|
|
|
attachment_mode = "file-system"
|
|
access_mode = "single-node-writer"
|
|
}
|
|
|
|
volume "home-assistant_db" {
|
|
type = "csi"
|
|
source = "home-assistant_db"
|
|
read_only = false
|
|
|
|
attachment_mode = "file-system"
|
|
access_mode = "single-node-writer"
|
|
}
|
|
|
|
volume "cctv" {
|
|
type = "host"
|
|
read_only = false
|
|
source = "cctv"
|
|
}
|
|
|
|
service {
|
|
name = "home-assistant"
|
|
port = "8123"
|
|
|
|
connect {
|
|
sidecar_service {
|
|
proxy {
|
|
upstreams {
|
|
destination_name = "mqtt"
|
|
local_bind_port = 1883
|
|
datacenter = "homelab-1"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
task "postgresql" {
|
|
driver = "docker"
|
|
|
|
volume_mount {
|
|
volume = "home-assistant_db"
|
|
destination = "/var/lib/postgresql"
|
|
read_only = false
|
|
}
|
|
|
|
config {
|
|
nix_flake_ref = "${var.flake_ref}#nixngConfigurations.homeAssistantPostgresql.config.system.build.toplevel"
|
|
nix_flake_sha = var.flake_sha
|
|
nix_flake_store_path = var.store_path.postgresql
|
|
entrypoint = [ "init" ]
|
|
}
|
|
|
|
resources {
|
|
cpu = 500
|
|
memory = 128
|
|
memory_max = 256
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
alter user hass with password '{{ with secret "kv/data/cluster/home-assistant" }}{{ .Data.data.pgpass }}{{ end }}';
|
|
EOF
|
|
destination = "secrets/init.sql"
|
|
}
|
|
|
|
vault {
|
|
policies = ["home-assistant-policy"]
|
|
}
|
|
}
|
|
|
|
task "home-assistant" {
|
|
driver = "docker"
|
|
|
|
vault {
|
|
policies = ["home-assistant-policy"]
|
|
}
|
|
|
|
config {
|
|
nix_flake_ref = "${var.flake_ref}#nixngConfigurations.homeAssistant.config.system.build.toplevel"
|
|
nix_flake_sha = var.flake_sha
|
|
nix_flake_store_path = var.store_path.homeAssistant
|
|
entrypoint = [ "init" ]
|
|
}
|
|
|
|
resources {
|
|
cpu = 512
|
|
memory = 1024
|
|
memory_max = 1024
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "home-assistant_hass"
|
|
destination = "/var/home-assistant"
|
|
read_only = false
|
|
}
|
|
|
|
volume_mount {
|
|
volume = "cctv"
|
|
destination = "/mnt/cctv"
|
|
read_only = false
|
|
}
|
|
|
|
template {
|
|
data = <<EOF
|
|
{{ with secret "kv/data/cluster/home-assistant" }}
|
|
PSQL_PASSWORD={{ .Data.data.pgpass }}
|
|
LATITUDE={{ .Data.data.latitude }}
|
|
LONGTITUDE={{ .Data.data.longtitude }}
|
|
ELEVATION={{ .Data.data.elevation }}
|
|
TIME_ZONE={{ .Data.data.time_zone }}
|
|
ALARM_CODE={{ .Data.data.alarm_code }}
|
|
COUNTRY={{ .Data.data.country }}
|
|
{{ end }}
|
|
EOF
|
|
destination = "secrets/environment"
|
|
env = true
|
|
perms = "400"
|
|
}
|
|
}
|
|
}
|
|
}
|