From 64cd40c9fbed4cee44c6a37677584623ef2da4ca Mon Sep 17 00:00:00 2001
From: Alejandro Angulo <iam@alejandr0angul0.dev>
Date: Sun, 19 Nov 2023 08:27:18 -0800
Subject: [PATCH] Initial setup of home assistant

---
 .../nixos/services/homeassistant/default.nix  | 78 +++++++++++++++++++
 systems/x86_64-linux/node/default.nix         |  4 +
 2 files changed, 82 insertions(+)
 create mode 100644 modules/nixos/services/homeassistant/default.nix

diff --git a/modules/nixos/services/homeassistant/default.nix b/modules/nixos/services/homeassistant/default.nix
new file mode 100644
index 0000000..b9175ec
--- /dev/null
+++ b/modules/nixos/services/homeassistant/default.nix
@@ -0,0 +1,78 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  format,
+  ...
+}:
+with lib; let
+  cfg = config.aa.services.homeassistant;
+  hass_cfg = config.services.home-assistant;
+in {
+  options.aa.services.homeassistant = with types; {
+    enable = mkEnableOption "home assistant";
+    acmeCertName = mkOption {
+      type = str;
+      default = "";
+      description = ''
+        If set to a non-empty string, forces SSL with the supplied acme
+        certificate.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.home-assistant = {
+      enable = true;
+      extraPackages = python3packages:
+        with python3packages; [
+          # postgresql support
+          psycopg2
+
+          # video support
+          ha-ffmpeg
+
+          # tuya needed for default config
+          tuya-iot-py-sdk
+        ];
+      config = {
+        default_config = {};
+        http = {
+          use_x_forwarded_for = true;
+          trusted_proxies = ["127.0.0.1"];
+        };
+
+        recorder.db_url = "postgresql://@/hass";
+      };
+    };
+
+    services.nginx = {
+      enable = true;
+      virtualHosts."hass.kilonull.com" =
+        {
+          locations."/" = {
+            recommendedProxySettings = true;
+            proxyWebsockets = true;
+            proxyPass = "http://127.0.0.1:${toString hass_cfg.config.http.server_port}";
+          };
+        }
+        // lib.optionalAttrs (cfg.acmeCertName != "") {
+          forceSSL = true;
+          useACMEHost = cfg.acmeCertName;
+        };
+    };
+
+    services.postgresql = {
+      ensureDatabases = ["hass"];
+      ensureUsers = [
+        {
+          name = "hass";
+          ensurePermissions = {
+            "DATABASE hass" = "ALL PRIVILEGES";
+          };
+        }
+      ];
+    };
+  };
+}
diff --git a/systems/x86_64-linux/node/default.nix b/systems/x86_64-linux/node/default.nix
index e534829..0fb6c50 100644
--- a/systems/x86_64-linux/node/default.nix
+++ b/systems/x86_64-linux/node/default.nix
@@ -47,6 +47,10 @@
       remoteTargetDatasets = ["tank/backups"];
       remoteTargetPublicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhA+9O2OBMDH1Xnj6isu36df5TOdZG8aEA4JpN2K60e syncoid@gospel"];
     };
+    services.homeassistant = {
+      enable = true;
+      acmeCertName = "kilonull.com";
+    };
 
     security.acme = {
       enable = true;