Feature: Init stack.nix for homeassistant.

- Move from `home-assistant` to `homeassistant`. - Delete unused Wyze-bridge. - Delete unused README. - Rotate keys in mosquitto.passwd.
2025-02-01 00:02:35 -08:00 · 2025-02-01 00:02:35 -08:00 · 513f278be1
commit 513f278be1
parent 09a4d88e00
9 changed files with 81 additions and 133 deletions
--- a/homelab/stacks/home-assistant/.env
+++ b/homelab/stacks/home-assistant/.env
@ -1 +0,0 @@
 DOCKER_DATA=/mnt/iscsi/barbarian/home-assistant
--- a/homelab/stacks/home-assistant/README.md
+++ b/homelab/stacks/home-assistant/README.md
@ -1,7 +0,0 @@
 # TODO
 - Export configuration to code, import to version control.
 - Build automation to apply changes to code.
 - [X] Integrate Eaton UPS via [NUT](https://networkupstools.org/). [shawly/docker-nut](https://github.com/shawly/docker-nut), [Home Assistant - NUT integration](https://www.home-assistant.io/integrations/nut/).
 - [X] Integrate [Wyze bridge](https://github.com/mrlt8/docker-wyze-bridge).
 - Integrate [Traccar](https://www.home-assistant.io/integrations/traccar_server/). 
 - Integrate [Frigate](https://docs.frigate.video/frigate/installation).
--- a/homelab/stacks/home-assistant/docker-compose.yml
+++ b/homelab/stacks/home-assistant/docker-compose.yml
@ -1,67 +0,0 @@
 services:
  home-assistant:
    image: lscr.io/linuxserver/homeassistant:latest
    container_name: home-assistant_home-assistant
    environment:
      PUID: "1001"
      PGID: "1001"
      TZ: "America/Los_Angeles"
    networks:
      - web
      - home-assistant
    volumes:
      - $DOCKER_DATA/home-assistant:/config
      - /run/dbus:/run/dbus:ro
    labels:
      - traefik.http.routers.home-assistant.rule=Host(`homeassistant.jafner.net`)
      - traefik.http.routers.home-assistant.tls.certresolver=lets-encrypt
  mosquitto:
    image: eclipse-mosquitto:latest
    container_name: home-assistant_mosquitto
    networks:
      - home-assistant
    volumes:
      - ./mosquitto.conf:/mosquitto/config/mosquitto.conf
      - ./mosquitto.passwd:/mosquitto/config/mosquitto.passwd
      - $DOCKER_DATA/mosquitto:/mosquitto/data
    ports:
      - 12883:1883
      - 19001:9001
  wyze-bridge:
    image: mrlt8/wyze-bridge:latest
    container_name: home-assistant_wyze-bridge
    networks:
      - web
    environment:
      WB_IP: "192.168.1.23"
      WB_RTSP_URL: "rtsp://192.168.1.23:18554/"
      WB_RTMP_URL: "rtmp://192.168.1.23:11935/"
      WB_HLS_URL: "http://192.168.1.23:19090/"
      WB_WEBRTC_URL: "http://192.168.1.23:19091/"
    env_file:
      - path: ./wyze-bridge.secrets
        required: true
    ports:
      - 11935:1935 # RTMP
      - 18554:8554 # RTSP
      - 19090:8888 # HLS
      - 19091:8889 # WebRTC
      - 19092:8189/udp # WebRTC/ICE
    volumes:
      - type: tmpfs
        target: /tmp/docker-wyze
        tmpfs:
          size: 4000000000
    labels:
      - traefik.http.routers.wyze-bridge.rule=Host(`wyze.homeassistant.jafner.net`)
      - traefik.http.routers.wyze-bridge.tls.certresolver=lets-encrypt
      - traefik.http.routers.wyze-bridge.middlewares=lan-only@file
      - traefik.http.services.wyze-bridge.loadbalancer.server.port=5000
 networks:
  web:
    external: true
  home-assistant:
--- a/homelab/stacks/home-assistant/mosquitto.passwd
+++ b/homelab/stacks/home-assistant/mosquitto.passwd
@ -1,58 +0,0 @@
 {
 	"data": "ENC[AES256_GCM,data:I/sy8/aq6y5FvQbeunSzvHtl6MxLbr0UA5RtYGVnyF5piev8bg8BhnZQT4uBgefwQfhCeTkH+1vSLvlT4zBhXGAfIcM1zcWJQIoaWcIa9AI2df7r6XDzcWypRr6179ZSE5GzQoUKZO/l70jl1ATfRlWEhhLevA==,iv:CiP8d2E/Bj74jD7trdUDyzCvSipVtBZDepnbaam9kCE=,tag:b6KgsaTYXut4HckXoMpPlg==,type:str]",
 	"sops": {
 		"shamir_threshold": 2,
 		"key_groups": [
 			{
 				"hc_vault": null,
 				"age": [
 					{
 						"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
 						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWb3hkQjlCeW1JS1ZHYi9I\nbDdFbDc1bnhsUzVISnMxZ0RVeXQ3WEhYOEdrCnIvVHRhcDIxSk5qc1ZiYVBoeCt0\nQ2NyQzEwMzlVL3R2dHg3c1ZsZXdXYUkKLS0tIEY4UTZLelNZT3VLOENMcjVzQnVy\nZVdlSVdRRnBiaS9FS2p5WEV1QU0ySWsKt55YSWLyfW/WiDOhQO51PhJNCUMeOpNa\n1YCKBpDfjSuSReJglSA/OALgt13M+hbvs1YdC8pSe7jzw+lhdrmKfJA=\n-----END AGE ENCRYPTED FILE-----\n"
 					}
 				]
 			},
 			{
 				"hc_vault": null,
 				"age": [
 					{
 						"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
 						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAycFNBSXA2NjFwNWQ1N3lx\ndDEzTzNHV1JXVldQcWZlaEsxd2kvdnRzWnlRCnNENGRpTGpCOTdpbU9pL1F6eXZG\nRDFKRzVOWENVL0hXNGRjc2I2VjFLdDAKLS0tIEZqZ2ZuMk5SY0x4cExxeTFhSzFu\namNDclRlV3JnMmNIQW0yKzM4eDdUQ3cKK5CpNx5YTDNc9uHTIFcOVGa5uiDU0vWL\njTwUqnPr6F3X4pAccR8P3iuZ0klpUA4gaRm6Jto8q8mAA6gA0eMIMvI=\n-----END AGE ENCRYPTED FILE-----\n"
 					}
 				]
 			},
 			{
 				"hc_vault": null,
 				"age": [
 					{
 						"recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3",
 						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWEMvRjVrTWlqOFY4dVp2\ncFN3cDU1NVovTU5WMnJGTTh2VER3MEl5NlJJCk4xUTFNL2ExYUpPWE1Ea0QrdERX\nVnhtS2l6VlozRmhMZzB0OXNGMU4zOEEKLS0tIE1TOFlSNW1CMTdqZVN4Y2tuUWNZ\nSzZnT0hGT05VZnp4OFFQUDFibnBmakEKopJt6tPxXAfKMVCG9IwJx3iOnkNNp4jL\nWXiOccneF6oFHGe+Kjtz9nvYFjD0WyFf7lSRzVoa8Pmq0GVpJC3WgzI=\n-----END AGE ENCRYPTED FILE-----\n"
 					}
 				]
 			},
 			{
 				"hc_vault": null,
 				"age": [
 					{
 						"recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855",
 						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVzlralpVSVJDQU4waFlm\nSk5oZTIwY3E2MWtyaCtoYVcxRVpqai9kT0Y4CjQxKzE2b2xUMFRadjByUVJGS3hn\nWHJBMFpnN2ZZSnlra0gxVFp0QzNtQ28KLS0tIHhOSGN2em44ZTFrVCtLaU4xRWZy\nbVhsOWlaVkNWdXBFeGlJRG9BOTF0ZkUKsctx03J5DoJPuU61Upc/lHF7wRQSIaug\nY1Z15Lniqt147qByCIoKky7KJPT/UykNjnw+D/36BTI7iJbOAvuDBz0=\n-----END AGE ENCRYPTED FILE-----\n"
 					},
 					{
 						"recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe",
 						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKVE4yMVJubEYzU25Gam1V\nY1JSc3pCSEpHK3dvUHh2TXlGS2FKY0lZRlU0CmpSVmE0a2lFUENBUE9nZUFpTVpp\nQUgrYmIzTWl6c2VuZ1dpVXkrNFp6VG8KLS0tIExFS3FyVmxaUFYraEw2MzNKcDZo\nNFRnYnMrUWZTdzdaNXBkSVlhVDduMncKpqF9A5++9Kz5EqVbftagrSq27/O5Re4i\nIWENGjdWtEsoEz74qpJBns5egGkdgz+PgwxzpAZ3V6T2Urk5la3qp84=\n-----END AGE ENCRYPTED FILE-----\n"
 					}
 				]
 			}
 		],
 		"kms": null,
 		"gcp_kms": null,
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": null,
 		"lastmodified": "2024-10-08T18:50:29Z",
 		"mac": "ENC[AES256_GCM,data:nqLhMVANaNfLN/cZaZizFDb7JCCF5mc4xBy58AT2nzS7qhxIee7teYRThd7kDJd1l4sG/ir+JeCUZMIAMHG2PrjKBK4+RwJW2NLxBTGx5xXJpyBUcKHZcrKCXGN7+SJjfOjIH3TDednmmCk3NEBBO6CSVWAlPZQHyqhkuPbIuDE=,iv:dW5i9GyAExrsxHUzB/hzEx8ZxnkOBSOncZc/DSKl1I4=,tag:iXJcYFZRpp92qemsLfOJog==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.9.0"
 	}
 }
--- a/homelab/stacks/home-assistant/BLUETOOTH.md
+++ b/homelab/stacks/home-assistant/BLUETOOTH.md
--- a/homelab/stacks/homeassistant/docker-compose.yml
+++ b/homelab/stacks/homeassistant/docker-compose.yml
@ -0,0 +1,35 @@
 services:
  homeassistant:
    image: lscr.io/linuxserver/homeassistant:latest
    container_name: homeassistant_homeassistant
    environment:
      PUID: "1001"
      PGID: "1001"
      TZ: "America/Los_Angeles"
    networks:
      - web
      - homeassistant
    volumes:
      - $APPDATA/homeassistant:/config
      - /run/dbus:/run/dbus:ro
    labels:
      - traefik.http.routers.homeassistant.rule=Host(`homeassistant.jafner.net`)
      - traefik.http.routers.homeassistant.tls.certresolver=lets-encrypt
  mosquitto:
    image: eclipse-mosquitto:latest
    container_name: homeassistant_mosquitto
    networks:
      - homeassistant
    volumes:
      - ./mosquitto.conf:/mosquitto/config/mosquitto.conf
      - /run/secrets/homeassistant/mosquitto:/mosquitto/config/mosquitto.passwd
      - $APPDATA/mosquitto:/mosquitto/data
    ports:
      - 12883:1883
      - 19001:9001
 networks:
  web:
    external: true
  homeassistant:
--- a/homelab/stacks/home-assistant/mosquitto.conf
+++ b/homelab/stacks/home-assistant/mosquitto.conf
--- a/homelab/stacks/homeassistant/mosquitto.passwd
+++ b/homelab/stacks/homeassistant/mosquitto.passwd
@ -0,0 +1,25 @@
 {
 	"data": "ENC[AES256_GCM,data:I/sy8/aq6y5FvQbeunSzvHtl6MxLbr0UA5RtYGVnyF5piev8bg8BhnZQT4uBgefwQfhCeTkH+1vSLvlT4zBhXGAfIcM1zcWJQIoaWcIa9AI2df7r6XDzcWypRr6179ZSE5GzQoUKZO/l70jl1ATfRlWEhhLevA==,iv:CiP8d2E/Bj74jD7trdUDyzCvSipVtBZDepnbaam9kCE=,tag:b6KgsaTYXut4HckXoMpPlg==,type:str]",
 	"sops": {
 		"shamir_threshold": 1,
 		"kms": null,
 		"gcp_kms": null,
 		"azure_kv": null,
 		"hc_vault": null,
 		"age": [
 			{
 				"recipient": "age1v5wy7epv5mm8ddf3cfv8m0e9w4s693dw7djpuytz9td8ycha5f0sv2se9n",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4T2RJT0JzT3ZaUCtwMlpT\nWndnSHF2cWV3QlZ6OE5RbURTNTJiUHUyY0g0Cjd3RVh4LzQzTkEwc0FBQXkvZjF0\na1EvenlDZ3V5b2RwQUpRMVRQVFZTeG8KLS0tIHIzUjYvZ0NQUlczaHRKVW1QaWtV\nbFV2WUtOeVdoV1ErTGlVcFM3cVpKUVEKvn3CclsonL34kiG+TY0ajtPeZ+oMwfls\n87LC/+0nFTnLjAHcjAdx1xi6HrM94HAMNiEgglba5cr5S1Ag67PkWQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			},
 			{
 				"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkUnJ5YmErTzdNaDNIcFpQ\nWlYrS3A2ZXRhTUdoVXVWajloM3dJeElkbGswCkRkRXVPSGpNcmJaV0l3N2hoYmNm\nVnhPT3BUN0Z3Y1YvcUl3dC9DQlJESmMKLS0tIEhJblRZYm4xa1pLWmFXQjEzZjA2\nWlVuQmxGTGN3S2pRaHpZVVZsYy9zN3MKncdkMfI4J5vTPPnBMM9kKRHHpJ3PJ6/F\nTiw/lVi5M01mk/2PxKRQ83FziZWOGtylpub54KbZbQPQ1YosodmTrQ==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
 		"lastmodified": "2024-10-08T18:50:29Z",
 		"mac": "ENC[AES256_GCM,data:nqLhMVANaNfLN/cZaZizFDb7JCCF5mc4xBy58AT2nzS7qhxIee7teYRThd7kDJd1l4sG/ir+JeCUZMIAMHG2PrjKBK4+RwJW2NLxBTGx5xXJpyBUcKHZcrKCXGN7+SJjfOjIH3TDednmmCk3NEBBO6CSVWAlPZQHyqhkuPbIuDE=,iv:dW5i9GyAExrsxHUzB/hzEx8ZxnkOBSOncZc/DSKl1I4=,tag:iXJcYFZRpp92qemsLfOJog==,type:str]",
 		"pgp": null,
 		"unencrypted_suffix": "_unencrypted",
 		"version": "3.9.0"
 	}
 }
--- a/homelab/stacks/homeassistant/stack.nix
+++ b/homelab/stacks/homeassistant/stack.nix
@ -0,0 +1,21 @@
 { sys, ... }: let stack = "homeassistant"; in {
  home-manager.users."${sys.username}".home.file = {
    "${stack}" = {
      enable = true;
      recursive = true;
      source = ./.;
      target = "stacks/${stack}/";
    };
    "${stack}/.env" = {
      enable = true;
      text = ''APPDATA=${sys.dataDirs.appdata}/${stack}'';
      target = "stacks/${stack}/.env";
    };
  };
  sops.secrets."${stack}/mosquitto" = { 
    sopsFile = ./mosquitto.passwd;
    key = "";
    mode = "0440";
    owner = sys.username;
  };
 }
		`@ -1 +0,0 @@`
			`DOCKER_DATA=/mnt/iscsi/barbarian/home-assistant`