Misc updates (lockfile, zigbee2mqtt)

2025-10-22 17:44:51 -07:00 · 2025-10-22 17:44:51 -07:00 · b385cf3bee
commit b385cf3bee
parent b77e23bdf3
12 changed files with 175 additions and 62 deletions
--- a/modules/home/tools/git/default.nix
+++ b/modules/home/tools/git/default.nix
@ -36,35 +36,48 @@ in
    };

    catppuccin.delta.enable = true;
-    programs.git = {
-      delta = {
-        enable = true;
-        options = {
-          line-numbers = true;
-          navigate = true;
-        };
-      };
-
+    programs.delta = {
      enable = true;
-      userName = cfg.userName;
-      userEmail = cfg.userEmail;
+      enableGitIntegration = true;
+      options = {
+        line-numbers = true;
+        navigate = true;
+      };
+    };

-      aliases = {
-        # Prettier log
-        lol = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
-        # Find log and grab its hash
-        lof = ''
-          !${pkgs.git}/bin/git log --pretty=oneline \
-          | ${pkgs.fzf}/bin/fzf --scheme history \
-          | ${pkgs.gawk}/bin/awk '{print $1}'
-        '';
-        # Push up a new branch with the same as local
-        pushup = "push -u origin HEAD";
+    programs.git = {
+      enable = true;
+      settings = {
+        alias = {
+          # Prettier log
+          lol = "log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit --date=relative";
+          # Find log and grab its hash
+          lof = ''
+            !${pkgs.git}/bin/git log --pretty=oneline \
+            | ${pkgs.fzf}/bin/fzf --scheme history \
+            | ${pkgs.gawk}/bin/awk '{print $1}'
+          '';
+          # Push up a new branch with the same as local
+          pushup = "push -u origin HEAD";
+        };
+
+        user = {
+          name = cfg.userName;
+          email = cfg.userEmail;
+        };
+
+        init = {
+          defaultBranch = "main";
+        };
+
+        pull = {
+          rebase = true;
+        };
      };

      signing = {
        key = cfg.signingKey;
-        signByDefault = mkDefault true;
+        signByDefault = mkDefault false;
      };

      ignores = [
@ -83,16 +96,6 @@ in
        ".envrc"
        ".direnv"
      ];
-
-      extraConfig = {
-        init = {
-          defaultBranch = "main";
-        };
-
-        pull = {
-          rebase = true;
-        };
-      };
    };

    catppuccin.lazygit.enable = true;
--- a/modules/nixos/nix/default.nix
+++ b/modules/nixos/nix/default.nix
@ -20,7 +20,7 @@ in
    enable = mkEnableOption "manage nix configuration.";
    package = mkOption {
      type = types.package;
-      default = pkgs.nixVersions.latest;
+      default = pkgs.nixVersions.nix_2_31;
      description = "Which nix package to use.";
    };

--- a/modules/nixos/services/mosquitto/default.nix
+++ b/modules/nixos/services/mosquitto/default.nix
@ -15,6 +15,7 @@ in
      hass_mqtt.file = ../../../../secrets/hass_mqtt.age;
      theengs_ble_mqtt.file = ../../../../secrets/theengs_ble_mqtt.age;
      teslamate_mqtt.file = ../../../../secrets/teslamate_mqtt.age;
+      zigbee2mqtt_mqtt.file = ../../../../secrets/zigbee2mqtt_mqtt.age;
    };

    services.mosquitto = {
@ -41,6 +42,13 @@ in
              acl = [ "readwrite teslamate/#" ];
              passwordFile = config.age.secrets.teslamate_mqtt.path;
            };
+            zigbee2mqtt = {
+              acl = [
+                "readwrite zigbee2mqtt/#"
+                "readwrite homeassistant/#"
+              ];
+              passwordFile = config.age.secrets.zigbee2mqtt_mqtt.path;
+            };
          };
        }
      ];
--- a/modules/nixos/services/zigbee2mqtt/default.nix
+++ b/modules/nixos/services/zigbee2mqtt/default.nix
@ -0,0 +1,75 @@
+{
+  config,
+  lib,
+  namespace,
+  ...
+}:
+let
+  cfg = config.${namespace}.services.zigbee2mqtt;
+in
+{
+  options.${namespace}.services.zigbee2mqtt = {
+    enable = lib.mkEnableOption "zigbee2mqtt";
+    acmeCertName = lib.mkOption {
+      type = lib.types.str;
+      default = "";
+      description = ''
+        If set to a non-empty string, forces SSL with the supplied acme
+        certificate.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    age.secrets.zigbee2mqtt_creds = {
+      file = ../../../../secrets/zigbee2mqtt_creds.age;
+      path = "/var/lib/zigbee2mqtt/secret.yaml";
+      owner = "zigbee2mqtt";
+      group = "zigbee2mqtt";
+      mode = "0400";
+    };
+
+    services.zigbee2mqtt = {
+      enable = true;
+      settings = {
+        version = 4;
+        mqtt = {
+          base_topic = "zigbee2mqtt";
+          server = "mqtt://192.168.113.13:1833";
+          # TODO: Write secret.yaml file
+          user = "!secret.yaml user";
+          password = "!secret.yaml password";
+        };
+        serial = {
+          port = "tcp://192.168.113.130:6638";
+          adapter = "zstack";
+        };
+        advanced = {
+          channel = 11;
+          network_key = "GENERATE";
+          pan_id = "GENERATE";
+          ext_pan_id = "GENERATE";
+        };
+        frontend = {
+          enabled = true;
+          port = 8080;
+        };
+        homeassistant = {
+          enabled = true;
+        };
+      };
+    };
+
+    services.nginx = {
+      enable = true;
+      recommendedProxySettings = true;
+      virtualHosts."zigbee2mqtt.kilonull.com" = {
+        locations."/".proxyPass = "http://127.0.0.1:8080";
+      }
+      // lib.optionalAttrs (cfg.acmeCertName != "") {
+        forceSSL = true;
+        useACMEHost = cfg.acmeCertName;
+      };
+    };
+  };
+}