Feature: Init stack.nix for homeassistant.

- Move from `home-assistant` to `homeassistant`. - Delete unused Wyze-bridge. - Delete unused README. - Rotate keys in mosquitto.passwd.
2025-02-01 00:02:35 -08:00 · 2025-02-01 00:02:35 -08:00 · 513f278be1
commit 513f278be1
parent 09a4d88e00
9 changed files with 81 additions and 133 deletions
--- a/homelab/stacks/home-assistant/.env
+++ b/homelab/stacks/home-assistant/.env
@ -1 +0,0 @@
-DOCKER_DATA=/mnt/iscsi/barbarian/home-assistant
--- a/homelab/stacks/home-assistant/README.md
+++ b/homelab/stacks/home-assistant/README.md
@ -1,7 +0,0 @@
-# TODO
- Export configuration to code, import to version control.
- Build automation to apply changes to code.
- [X] Integrate Eaton UPS via [NUT](https://networkupstools.org/). [shawly/docker-nut](https://github.com/shawly/docker-nut), [Home Assistant - NUT integration](https://www.home-assistant.io/integrations/nut/).
- [X] Integrate [Wyze bridge](https://github.com/mrlt8/docker-wyze-bridge).
- Integrate [Traccar](https://www.home-assistant.io/integrations/traccar_server/). 
- Integrate [Frigate](https://docs.frigate.video/frigate/installation).
--- a/homelab/stacks/home-assistant/docker-compose.yml
+++ b/homelab/stacks/home-assistant/docker-compose.yml
@ -1,67 +0,0 @@
-services:
-  home-assistant:
-    image: lscr.io/linuxserver/homeassistant:latest
-    container_name: home-assistant_home-assistant
-    environment:
-      PUID: "1001"
-      PGID: "1001"
-      TZ: "America/Los_Angeles"
-    networks:
-      - web
-      - home-assistant
-    volumes:
-      - $DOCKER_DATA/home-assistant:/config
-      - /run/dbus:/run/dbus:ro
-    labels:
-      - traefik.http.routers.home-assistant.rule=Host(`homeassistant.jafner.net`)
-      - traefik.http.routers.home-assistant.tls.certresolver=lets-encrypt
-
-  mosquitto:
-    image: eclipse-mosquitto:latest
-    container_name: home-assistant_mosquitto
-    networks:
-      - home-assistant
-    volumes:
-      - ./mosquitto.conf:/mosquitto/config/mosquitto.conf
-      - ./mosquitto.passwd:/mosquitto/config/mosquitto.passwd
-      - $DOCKER_DATA/mosquitto:/mosquitto/data
-    ports:
-      - 12883:1883
-      - 19001:9001
-
-  wyze-bridge:
-    image: mrlt8/wyze-bridge:latest
-    container_name: home-assistant_wyze-bridge
-    networks:
-      - web
-    environment:
-      WB_IP: "192.168.1.23"
-      WB_RTSP_URL: "rtsp://192.168.1.23:18554/"
-      WB_RTMP_URL: "rtmp://192.168.1.23:11935/"
-      WB_HLS_URL: "http://192.168.1.23:19090/"
-      WB_WEBRTC_URL: "http://192.168.1.23:19091/"
-    env_file:
-      - path: ./wyze-bridge.secrets
-        required: true
-      
-    ports:
-      - 11935:1935 # RTMP
-      - 18554:8554 # RTSP
-      - 19090:8888 # HLS
-      - 19091:8889 # WebRTC
-      - 19092:8189/udp # WebRTC/ICE
-    volumes:
-      - type: tmpfs
-        target: /tmp/docker-wyze
-        tmpfs:
-          size: 4000000000
-    labels:
-      - traefik.http.routers.wyze-bridge.rule=Host(`wyze.homeassistant.jafner.net`)
-      - traefik.http.routers.wyze-bridge.tls.certresolver=lets-encrypt
-      - traefik.http.routers.wyze-bridge.middlewares=lan-only@file
-      - traefik.http.services.wyze-bridge.loadbalancer.server.port=5000
-
-networks:
-  web:
-    external: true
-  home-assistant:
--- a/homelab/stacks/home-assistant/mosquitto.passwd
+++ b/homelab/stacks/home-assistant/mosquitto.passwd
@ -1,58 +0,0 @@
-{
-	"data": "ENC[AES256_GCM,data:I/sy8/aq6y5FvQbeunSzvHtl6MxLbr0UA5RtYGVnyF5piev8bg8BhnZQT4uBgefwQfhCeTkH+1vSLvlT4zBhXGAfIcM1zcWJQIoaWcIa9AI2df7r6XDzcWypRr6179ZSE5GzQoUKZO/l70jl1ATfRlWEhhLevA==,iv:CiP8d2E/Bj74jD7trdUDyzCvSipVtBZDepnbaam9kCE=,tag:b6KgsaTYXut4HckXoMpPlg==,type:str]",
-	"sops": {
-		"shamir_threshold": 2,
-		"key_groups": [
-			{
-				"hc_vault": null,
-				"age": [
-					{
-						"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWb3hkQjlCeW1JS1ZHYi9I\nbDdFbDc1bnhsUzVISnMxZ0RVeXQ3WEhYOEdrCnIvVHRhcDIxSk5qc1ZiYVBoeCt0\nQ2NyQzEwMzlVL3R2dHg3c1ZsZXdXYUkKLS0tIEY4UTZLelNZT3VLOENMcjVzQnVy\nZVdlSVdRRnBiaS9FS2p5WEV1QU0ySWsKt55YSWLyfW/WiDOhQO51PhJNCUMeOpNa\n1YCKBpDfjSuSReJglSA/OALgt13M+hbvs1YdC8pSe7jzw+lhdrmKfJA=\n-----END AGE ENCRYPTED FILE-----\n"
-					}
-				]
-			},
-			{
-				"hc_vault": null,
-				"age": [
-					{
-						"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAycFNBSXA2NjFwNWQ1N3lx\ndDEzTzNHV1JXVldQcWZlaEsxd2kvdnRzWnlRCnNENGRpTGpCOTdpbU9pL1F6eXZG\nRDFKRzVOWENVL0hXNGRjc2I2VjFLdDAKLS0tIEZqZ2ZuMk5SY0x4cExxeTFhSzFu\namNDclRlV3JnMmNIQW0yKzM4eDdUQ3cKK5CpNx5YTDNc9uHTIFcOVGa5uiDU0vWL\njTwUqnPr6F3X4pAccR8P3iuZ0klpUA4gaRm6Jto8q8mAA6gA0eMIMvI=\n-----END AGE ENCRYPTED FILE-----\n"
-					}
-				]
-			},
-			{
-				"hc_vault": null,
-				"age": [
-					{
-						"recipient": "age193t908fjxl8ekl77p5xqnpj4xmw3y0khvyzlrw22hdzjduk6l53q05spq3",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXWEMvRjVrTWlqOFY4dVp2\ncFN3cDU1NVovTU5WMnJGTTh2VER3MEl5NlJJCk4xUTFNL2ExYUpPWE1Ea0QrdERX\nVnhtS2l6VlozRmhMZzB0OXNGMU4zOEEKLS0tIE1TOFlSNW1CMTdqZVN4Y2tuUWNZ\nSzZnT0hGT05VZnp4OFFQUDFibnBmakEKopJt6tPxXAfKMVCG9IwJx3iOnkNNp4jL\nWXiOccneF6oFHGe+Kjtz9nvYFjD0WyFf7lSRzVoa8Pmq0GVpJC3WgzI=\n-----END AGE ENCRYPTED FILE-----\n"
-					}
-				]
-			},
-			{
-				"hc_vault": null,
-				"age": [
-					{
-						"recipient": "age13prhyye2jy3ysa6ltnjgkrqtxrxgs0035d86jyn4ltgk3wxtqgrqgav855",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOVzlralpVSVJDQU4waFlm\nSk5oZTIwY3E2MWtyaCtoYVcxRVpqai9kT0Y4CjQxKzE2b2xUMFRadjByUVJGS3hn\nWHJBMFpnN2ZZSnlra0gxVFp0QzNtQ28KLS0tIHhOSGN2em44ZTFrVCtLaU4xRWZy\nbVhsOWlaVkNWdXBFeGlJRG9BOTF0ZkUKsctx03J5DoJPuU61Upc/lHF7wRQSIaug\nY1Z15Lniqt147qByCIoKky7KJPT/UykNjnw+D/36BTI7iJbOAvuDBz0=\n-----END AGE ENCRYPTED FILE-----\n"
-					},
-					{
-						"recipient": "age1n20krynrj75jqfy2muvhrygvzd4ee8ngamljqavsrk033zwx0ses2tdtfe",
-						"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKVE4yMVJubEYzU25Gam1V\nY1JSc3pCSEpHK3dvUHh2TXlGS2FKY0lZRlU0CmpSVmE0a2lFUENBUE9nZUFpTVpp\nQUgrYmIzTWl6c2VuZ1dpVXkrNFp6VG8KLS0tIExFS3FyVmxaUFYraEw2MzNKcDZo\nNFRnYnMrUWZTdzdaNXBkSVlhVDduMncKpqF9A5++9Kz5EqVbftagrSq27/O5Re4i\nIWENGjdWtEsoEz74qpJBns5egGkdgz+PgwxzpAZ3V6T2Urk5la3qp84=\n-----END AGE ENCRYPTED FILE-----\n"
-					}
-				]
-			}
-		],
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
-		"age": null,
-		"lastmodified": "2024-10-08T18:50:29Z",
-		"mac": "ENC[AES256_GCM,data:nqLhMVANaNfLN/cZaZizFDb7JCCF5mc4xBy58AT2nzS7qhxIee7teYRThd7kDJd1l4sG/ir+JeCUZMIAMHG2PrjKBK4+RwJW2NLxBTGx5xXJpyBUcKHZcrKCXGN7+SJjfOjIH3TDednmmCk3NEBBO6CSVWAlPZQHyqhkuPbIuDE=,iv:dW5i9GyAExrsxHUzB/hzEx8ZxnkOBSOncZc/DSKl1I4=,tag:iXJcYFZRpp92qemsLfOJog==,type:str]",
-		"pgp": null,
-		"unencrypted_suffix": "_unencrypted",
-		"version": "3.9.0"
-	}
-}
--- a/homelab/stacks/home-assistant/BLUETOOTH.md
+++ b/homelab/stacks/home-assistant/BLUETOOTH.md
--- a/homelab/stacks/homeassistant/docker-compose.yml
+++ b/homelab/stacks/homeassistant/docker-compose.yml
@ -0,0 +1,35 @@
+services:
+  homeassistant:
+    image: lscr.io/linuxserver/homeassistant:latest
+    container_name: homeassistant_homeassistant
+    environment:
+      PUID: "1001"
+      PGID: "1001"
+      TZ: "America/Los_Angeles"
+    networks:
+      - web
+      - homeassistant
+    volumes:
+      - $APPDATA/homeassistant:/config
+      - /run/dbus:/run/dbus:ro
+    labels:
+      - traefik.http.routers.homeassistant.rule=Host(`homeassistant.jafner.net`)
+      - traefik.http.routers.homeassistant.tls.certresolver=lets-encrypt
+
+  mosquitto:
+    image: eclipse-mosquitto:latest
+    container_name: homeassistant_mosquitto
+    networks:
+      - homeassistant
+    volumes:
+      - ./mosquitto.conf:/mosquitto/config/mosquitto.conf
+      - /run/secrets/homeassistant/mosquitto:/mosquitto/config/mosquitto.passwd
+      - $APPDATA/mosquitto:/mosquitto/data
+    ports:
+      - 12883:1883
+      - 19001:9001
+
+networks:
+  web:
+    external: true
+  homeassistant:
--- a/homelab/stacks/home-assistant/mosquitto.conf
+++ b/homelab/stacks/home-assistant/mosquitto.conf
--- a/homelab/stacks/homeassistant/mosquitto.passwd
+++ b/homelab/stacks/homeassistant/mosquitto.passwd
@ -0,0 +1,25 @@
+{
+	"data": "ENC[AES256_GCM,data:I/sy8/aq6y5FvQbeunSzvHtl6MxLbr0UA5RtYGVnyF5piev8bg8BhnZQT4uBgefwQfhCeTkH+1vSLvlT4zBhXGAfIcM1zcWJQIoaWcIa9AI2df7r6XDzcWypRr6179ZSE5GzQoUKZO/l70jl1ATfRlWEhhLevA==,iv:CiP8d2E/Bj74jD7trdUDyzCvSipVtBZDepnbaam9kCE=,tag:b6KgsaTYXut4HckXoMpPlg==,type:str]",
+	"sops": {
+		"shamir_threshold": 1,
+		"kms": null,
+		"gcp_kms": null,
+		"azure_kv": null,
+		"hc_vault": null,
+		"age": [
+			{
+				"recipient": "age1v5wy7epv5mm8ddf3cfv8m0e9w4s693dw7djpuytz9td8ycha5f0sv2se9n",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4T2RJT0JzT3ZaUCtwMlpT\nWndnSHF2cWV3QlZ6OE5RbURTNTJiUHUyY0g0Cjd3RVh4LzQzTkEwc0FBQXkvZjF0\na1EvenlDZ3V5b2RwQUpRMVRQVFZTeG8KLS0tIHIzUjYvZ0NQUlczaHRKVW1QaWtV\nbFV2WUtOeVdoV1ErTGlVcFM3cVpKUVEKvn3CclsonL34kiG+TY0ajtPeZ+oMwfls\n87LC/+0nFTnLjAHcjAdx1xi6HrM94HAMNiEgglba5cr5S1Ag67PkWQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			},
+			{
+				"recipient": "age1zswcq6t5wl8spr3g2wpxhxukjklngcav0vw8py0jnfkqd2jm2ypq53ga00",
+				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkUnJ5YmErTzdNaDNIcFpQ\nWlYrS3A2ZXRhTUdoVXVWajloM3dJeElkbGswCkRkRXVPSGpNcmJaV0l3N2hoYmNm\nVnhPT3BUN0Z3Y1YvcUl3dC9DQlJESmMKLS0tIEhJblRZYm4xa1pLWmFXQjEzZjA2\nWlVuQmxGTGN3S2pRaHpZVVZsYy9zN3MKncdkMfI4J5vTPPnBMM9kKRHHpJ3PJ6/F\nTiw/lVi5M01mk/2PxKRQ83FziZWOGtylpub54KbZbQPQ1YosodmTrQ==\n-----END AGE ENCRYPTED FILE-----\n"
+			}
+		],
+		"lastmodified": "2024-10-08T18:50:29Z",
+		"mac": "ENC[AES256_GCM,data:nqLhMVANaNfLN/cZaZizFDb7JCCF5mc4xBy58AT2nzS7qhxIee7teYRThd7kDJd1l4sG/ir+JeCUZMIAMHG2PrjKBK4+RwJW2NLxBTGx5xXJpyBUcKHZcrKCXGN7+SJjfOjIH3TDednmmCk3NEBBO6CSVWAlPZQHyqhkuPbIuDE=,iv:dW5i9GyAExrsxHUzB/hzEx8ZxnkOBSOncZc/DSKl1I4=,tag:iXJcYFZRpp92qemsLfOJog==,type:str]",
+		"pgp": null,
+		"unencrypted_suffix": "_unencrypted",
+		"version": "3.9.0"
+	}
+}
--- a/homelab/stacks/homeassistant/stack.nix
+++ b/homelab/stacks/homeassistant/stack.nix
@ -0,0 +1,21 @@
+{ sys, ... }: let stack = "homeassistant"; in {
+  home-manager.users."${sys.username}".home.file = {
+    "${stack}" = {
+      enable = true;
+      recursive = true;
+      source = ./.;
+      target = "stacks/${stack}/";
+    };
+    "${stack}/.env" = {
+      enable = true;
+      text = ''APPDATA=${sys.dataDirs.appdata}/${stack}'';
+      target = "stacks/${stack}/.env";
+    };
+  };
+  sops.secrets."${stack}/mosquitto" = { 
+    sopsFile = ./mosquitto.passwd;
+    key = "";
+    mode = "0440";
+    owner = sys.username;
+  };
+}
				`@ -1 +0,0 @@`
				`DOCKER_DATA=/mnt/iscsi/barbarian/home-assistant`