fix(host/faunus-ater): home-assistant container using macvlan
This commit is contained in:
parent
b0f5270a28
commit
1b92a7f876
|
@ -1,23 +1,110 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
virtualisation.oci-containers.containers.home-assistant = {
|
||||
volumes = ["/data/dirty/home-assistant:/config"];
|
||||
volumes = [
|
||||
"/data/dirty/home-assistant:/config"
|
||||
"${config.sops.secrets.power-management-key.path}:/root/.ssh/power-management-key"
|
||||
];
|
||||
environment.TZ = "Europe/Berlin";
|
||||
image = "ghcr.io/home-assistant/home-assistant:2024.10";
|
||||
ports = [
|
||||
"8123:8123"
|
||||
"127.0.0.1:8123:8123"
|
||||
];
|
||||
extraOptions = [
|
||||
# TODO: Fix the path of the zigbee controller using udev
|
||||
"--device=/dev/serial/by-id/usb-Silicon_Labs_Sonoff_Zigbee_3.0_USB_Dongle_Plus_0001-if00-port0"
|
||||
"--device=/dev/ttyUSB0"
|
||||
"--cap-add=CAP_NET_RAW,CAP_NET_BIND_SERVICE"
|
||||
"--network=home-assistant"
|
||||
"--ip=192.168.1.10"
|
||||
"--dns=192.168.1.1"
|
||||
];
|
||||
};
|
||||
|
||||
# Podman network for home-assistant
|
||||
#
|
||||
# Use 192.168.1.8/28 as a subnet, because my router already reserves the first 100 addresses
|
||||
# of 192.168.1.0/24, so 192.168.1.8/28 - 192.168.1.15/28 should be good
|
||||
environment.etc."containers/networks/home-assistant.json" = {
|
||||
source = (pkgs.formats.json {}).generate "home-assistant.json" {
|
||||
dns_enabled = false;
|
||||
driver = "macvlan";
|
||||
id = "0000000000000000000000000000000000000000000000000000000000000001";
|
||||
internal = false;
|
||||
ipam_options = {driver = "host-local";};
|
||||
ipv6_enabled = false;
|
||||
name = "home-assistant";
|
||||
network_interface = "eno1";
|
||||
subnets = [
|
||||
{
|
||||
subnet = "192.168.1.0/24";
|
||||
gateway = "192.168.1.1";
|
||||
"lease_range" = {
|
||||
"start_ip" = "192.168.1.10";
|
||||
"end_ip" = "192.168.1.14";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# TODO: This does not work without manually creating the device using `ip link add ha-shim link eno1 type macvlan mode bridge` from [here](https://blog.oddbit.com/post/2018-03-12-using-docker-macvlan-networks/)
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
netdevs."50-home-assistant-shim" = {
|
||||
enable = true;
|
||||
macvlanConfig.Mode = "bridge";
|
||||
netdevConfig = {
|
||||
Name = "ha-shim";
|
||||
Description = "A shim for communicating with the home-assistant podman network";
|
||||
Kind = "macvlan";
|
||||
};
|
||||
};
|
||||
networks."60-home-assistant-shim" = {
|
||||
enable = true;
|
||||
name = "ha-shim";
|
||||
matchConfig.Name = "ha-shim";
|
||||
networkConfig = {
|
||||
Description = "A shim for communicating with the home-assistant podman network";
|
||||
Address = ["192.168.1.9/28"];
|
||||
DNS = ["192.168.1.1"];
|
||||
};
|
||||
routes = lib.singleton {
|
||||
Destination = "192.168.1.8/28";
|
||||
};
|
||||
linkConfig.RequiredFamilyForOnline = "ipv4";
|
||||
};
|
||||
|
||||
links."60-eno1" = {
|
||||
enable = true;
|
||||
matchConfig.Name = "eno1";
|
||||
# linkConfig seems broken
|
||||
extraConfig = ''
|
||||
[Link]
|
||||
MACVLAN=ha-shim
|
||||
RequiredForOnline=no
|
||||
'';
|
||||
};
|
||||
};
|
||||
# TODO: Fix for the above
|
||||
# TODO: This might just work with networking.useNetworkd being true..
|
||||
systemd.services.create-ha-shim-netdev = {
|
||||
enable = true;
|
||||
description = "Create the ha-shim device because systemd-networkd fails";
|
||||
wantedBy = ["network.target"];
|
||||
script = ''
|
||||
#!/bin/sh
|
||||
${pkgs.iproute2}/bin/ip link add ha-shim link eno1 type macvlan mode bridge
|
||||
'';
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
};
|
||||
};
|
||||
|
||||
# Configure nginx reverse proxy
|
||||
services.nginx.virtualHosts."config.tammena.me" = {
|
||||
addSSL = true;
|
||||
|
@ -30,7 +117,7 @@
|
|||
];
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8123";
|
||||
proxyPass = "http://192.168.1.10:8123";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
@ -40,4 +127,8 @@
|
|||
owner = config.users.users.nginx.name;
|
||||
mode = "0400";
|
||||
};
|
||||
sops.secrets.power-management-key = {
|
||||
owner = config.users.users.root.name;
|
||||
mode = "0400";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -4,6 +4,7 @@ photoprism-admin-password: ENC[AES256_GCM,data:/qEeUto3e6CUTsfhlbUjCckP4DB17yeP/
|
|||
internal-restic-password: ENC[AES256_GCM,data:TJvbnuPgrCCRznqHAs7R/WYTgZ+hKiNUnpHTqroNgw9p0w==,iv:JtcaM2bCtZzM91IdkYrmbBhWQ/wWdFzX2fxDGuFIWrY=,tag:5HesBXgxu28QOGYS6WjJdg==,type:str]
|
||||
hydra-admin-password: ENC[AES256_GCM,data:VzZdQDAspirq2Ad5cd3KV3+06966aSEHrXTQ6A0=,iv:06fFTSaH1o+q+PioSbEMU/VutYwj+Jin/wXnAWOiV/w=,tag:cjoPs0oUJ437URwBpE5vVA==,type:str]
|
||||
nix-store-signing-key: ENC[AES256_GCM,data:crx32AFBIwM1AS9aBUzocK6YHWfNqoJuY3N6S4NepuVOYwOj+IgcGc2o1V1rFRyrfAFYo/eok2HE0et1VTVMMgkVLvSuCpH6B+Ehv/EIXZNA4EsvSinLaU0POsDZw6LkmGqX,iv:icNWx1l2j6yHRrby1TbVBXNpKrz9vyqwZ//Vlb0sJzI=,tag:zAg7jl6w8pTlwrG/ENFtvQ==,type:str]
|
||||
power-management-key: ENC[AES256_GCM,data:hUkeJLYRYSYGFpFTCn8vZqvAqq/19NKX2KiK/mze12/Gb2AuBq6kICJo83vzAISw6iuVNM9rNtLmQK4YHfOvSbMHO//5dlhXTTpRSrae4GyNVKbyXcqbswvZZgka1+cOzjxnSFtwYi+DZ8EhjyDSmcnS8y0TiI5qrJoO/necRW+BYJE6ZaO4XzG8vJiNSRyLskZQy2WS4pLVGQZn2wMIpLWeNuqyGbsqsUGmjgv/cFOQHrvEtaABTqQgORei98u4XK1mt/Gys3sTCLhJ9qo/0g9XMvzZvT6CYrKILCg0Mv+LfijxOxjHdNVvHCwemcLkLDSsBifqYzFE5HhWaMpTMjx6xfxPHQJPjoRBr9LyWBrFX6kSEaz4zyaMdOeU/fZJoJNqmWUIoe6bF306ttwvbF9iF5OjLv88GzQCMr60Csql4piWpjf7alyQD+6nw8/Q8lmi7sjxMV9l3wjVSsFB51oyhAs1jsNpK4YG6l9ht2HkEyjHxN6ot3tRjgTh0F+TMtVzKqe2d6gMvgxJ1/pbUVQfh6vF98E3idFV,iv:uQ8xESfCo8na9pKQo33Gyw48IMTem79skeoO1qb3qVk=,tag:cnfIlqUoW0tcYOT9WFxW5A==,type:str]
|
||||
hydra-overseer-key: ENC[AES256_GCM,data:x0rp0SMYvQcbivYFz4H2gyEoQbiVm0kCKmeYu8n2ALPMR10Q0ynOkj16UkfJIVAXnI8j8NhGScBjXWiwxi2WUhZI0r5HiAF+BvBFp1mkcWrP+N5/ulLuR2YS71bJpb5OSiJ4q1F4nmO1Kmhv2rylcQWB1BeKj2WLXsxo2W/J+9wOcJ10BU77vgfpdgE+7W2kVPbaX6C2F85t1wu4mVy9gdSp2U4r7j/+T5ZZ8DFAiHUAhZ8OoVSDuwHj1Ud8siEHff07ACsnQlSO0Xt+1m0hq03gY26LnepzdkFkncb/D9K7NlbWZzVO659fW4262wQ2dJHO7+dIMy4tK4/KdYv5UX3kTK734UEYruRRHRcRcWzLjFq1MpQBAdratCmDHxfuyFa3nkPhO8twqN4b51w0J7stp0uTAD/YF/dmuv0vUFPqbPzH+grGEhfs/qp1vnrDz0G5kj/78jp6IdQP52I2ukEMZ29pz81o9WA6AWrALwgaHG+UPyskSLFNBuY/Mux+kXCZ+rZtsLqiEp1PIt1vxGUMtKhVIN6knLOcOahVuja39KINczNytB20nsxL8H3pTsIQV3XXRPFz7bikBLWoqA74zq6IxT5wCZtTwoYmE5PiPLCCDUETwPEHJqW1tpDOLEBpn+3bnQbX35vwz+w0qAad0ndXYOiVIZK4vBbkjH3AEYWCCfm+KuduqdVU01E8kZakB15oK5IGHSMeNrz9iEv4hpG54FK5lh6eqS2iVeqj4uKN0jEUzVSjTBoI3iZbgZKEjxD+Xz1napErAtuZu1iCt5cW6HCeKBOVJQk8WsMpmgrB6wT4pOFvY5zPfRv+4cs8Cm8jD+i59G+S5J+TD+rlRSSPLPUSka1pPNeUXieP53TTkoB5LV3sSfn88+SBkNFbOIoy2Nce6eNzkYvE2auGZ91GcHqbH1OEnzutQqBqdZUmDmLlHqtfKWA4oaGCv0yTOxouzqDfokeMklsXBnWRs7UsfCkR+1qrG9IaFJxOYFEKR7yAsqnmkLlVgmH3GYhgAOwNugRXwNzD3UaQ16b9xlE8Oe7DZZdDliOLZbCUpjvg6Ud/EwbYudH1nNGidKrgz+6dY4zfw4MQm/Gl9XHg7euTJRSVTZQxbw3DyPIykXA50HmnPZi9B4AFvUI6sZtu3e2ZgWo1D+SasAh44fiQYGwVPWLvONiWO/3EIwiL1wO6kGxCARhcUmyYGazwwgjVVr1NuSgmri6hSeuJLXbat/S2p69zIKx3NBTFUZ5xiVLxiB+XCPttcoAckauTghubmT0HvINwaZmec7ABZxEUP6rJUTfhuZihOywDopTp8KoAlHXJjNm9+f2EJzxphOyG2Ke1MBIR0IU4551dERmwdQTrQdMTMEIooRMT4IDbW6b+JUYgQvV3WLujQ6YLuHDuwQ/tivIcegIkwsc+ZUOYiZ+naoTIkgjSQsXrsgOjULKZDgFcnMwY+fJ2lAcm3pu3wse9qYDKyhxpf6/fZJ1JD/9hvEyJaH+h69TKsRRkJo+PlFGb2DjaYUi3j9lujjDvNNX0MLidguQw9Mi9jYXCo6o4MwQXKMizjtTXEVRg8RSi28BsHijanLXnXhSwgFnAo3Usb67xzP11rKBG9af8kJBNvXaVR0pjhC6un+JI0LuJxiu3dVBnZMB18z5C+rqX3RJsyGIL/RLN/xhSG9i4R5hdzaO08G1qdcLtzK1ym6j5oDwXQVchPAeY//BxNtgIo3oqHSDpPJqnXg2rjK62WIMBZxya/0QSyjTHu06L7z0rjSLv/YI/vsbIn1OxsVw4fu1lDG/o5CnQKr/9FDEsZd/PHBJSAhjmg5fVl6n0E38pXuiXNIU8Rr9SVimvER3muJXc6yIU7uXpnMwkH/ZEwWMnT0o6p+SlaxzU10e67PGbW1ovGGCUemz3yg0qjAnIxwnYxtDPTwFVl8BhEIXcN6MzMC7Ncq5JlNr2rjqrbwYO8LeagfDiq8KWygGKP+sZZL7eVkPIJB8cK1NIS22uXNzvsVXKSeksh14jRs/QAAiRM0hfm3CFIdULu5k8DNSmGgjxLf9gNjS8Ej3x9/V828aPyGrBrwZm3Tri66eufuxnNNteBAuzTjU5Pzf/hEai737PZTeRq8sizAn501ZiBUvslalsOw1VB2c+MukgCKzCKga3TUqnSx7HIkWv0C9TXJeXRuPs+czu/9/0SidA1p4mv6woK66+EHXJiTLXbb78DT390e3EHs/5rTkP5udVOpLLP7b4fjGVU959fIQLH5MOTIdINfj8XCQ1Ujts63Jor1RZeNErWADOVBcdnqjT03uh63G0d3A3RUBS+fUu6evx0ChEntbX3QbkDwV0P2rBtDhipccE1rW6tWPJhv278HysTPiwwsQadmdkLGMrJm4XQsYvAaTDtKnNzJUuVSKlnUilzEHEpBfiH4kKBgoXz06ZMEL8ameDfYFEyQwVU+NgRHtJtYE8lZErGYz0a+JJCgHPUiR13VGiNsO5eGBK04Wu4QjxCz4Wu347NOY0bR4Dj/d9td+TMeBPjfID1Ru5txZkuNzhee/qzU7Nqdw7BoOnOxf3QPWNv89vgnpQawsDPfGV6oIPs9hddlsxiNWFaQ4r+a6KdVBYw45XaHZ1MVdHUaV4SfIm30oRWkHWwiFjnlvi1VMxfXvpTu1CxkCSbtyWBRIcVDsypdv+QECsYwYY2KDFZETTm8Vva4SgGJohpprOlgUNuINSA31vHERg48Qbi4XrZeyi61B3I/1GWTOQ4WGAQ/HNnI9VnxTgcC9IcincadoRadhk7qHAtnZA8W52vxbjydJRQxnP+lxWkayxYhxXwAEn0eYP0t1qvhF6V6iaD69s9ZEqhhQkKpjwDrtKnJgPvv31YOCr6lLYmkzp+oqIYSeDzpf3Z0DimNFzL/URtPzeFt2VSAw56eXPze6lHe3+I5RbL7AIDhKwlqeUC3qOZvYm810vAeCmU74IIZ7C11tgIIK16Cwq8CF1CPRlthEfFI+76Q+3/4Hot6ev4naBFVxjqfays6CwoGaA7IYKkYX8yZvCZhi3y/lnO70yt8KFrVQKOgAUTaxdv6Y80uGvburcuHH3N7XmVljJFz8htbD0/qv6O7hfdm69g01V2dIuHXosUuqUT/RQgV+IeLJniMrKLxN1m1PHMncumA6nF9af6a4ua2H1thNjt0OwIBzx0mifWl511YyoUFZYmypVvdqHmo3ljns7GEA0RycAZxpeiVwwiQO6h9WbgbtVwAJnh1t1H37JkNNX+tSAd7n032ZWpczDQUpjxgM6wGPbiZYl7T6tR6ecEV8w+kGUaV+u7AV97p45tG7KMeqYFSItE7kJE1yoAaK4C8hcct7pK6ehdyyy4zjMtOzAKaql5z1oVrjC0OkQ/WI8BmOk39GKOGlrJFVbS1XKrOXRKZP+vet0IRPUhwQ2l90r7O30MmtWgNuPorIUgeY+D7/PJIGehx20azEIOBclJbwxG9UalUhorZiREMakgvocSw54NUXcZcMAVVYB45j+yXSuLVI/zGaMn8IzC13tAf+E3LKrUgeDa5nFPq5GNprqEKnjj3+fl5CwZb9vZYXNeLq7FY5/3deWwiPsJG1e4M8H4a0bPFbyQscj93bD1QiL8eauy2NtoGpopXnEteWtjOiMXV2oJ0soHsDPhEu0xiIlSS9QloDdNfYeJLRuQOHy8DCNLCaRp491998truKk8zMUOpQPFKEi1o8CcoIUvADF7i+EcNPMBhdy5+HgVZHus82mPv/e0+GYi/wQ+MIc93BT2R5KslAfBpSKw+VCv4dKP3TXkkH3krsbu2V6k15bhyEB22UCWQ854drhqFL0JtLOx1IzNElHi7r/jZg6Gd+XSrKll3it3BRyY2XKDEsvfaDTpn47y2ae2htzF8adIe9YNPVzcqVyAfY1+xjmXdiNRRVtq3L2+hNLIedtsG6vbnWXmqUWLeptTbshUckQ77O/hw4wfkqMDa0yxRDFMZUbRiGyFLwz1GmhI5TZ2b2cL3HCO4p1vQeLdKFWsCKFrjeJ6BzYRBn6Ba1U4cb4ZNknxtuJ33J5YzE2WiT7uV8VcAYLxwdAhGktfu1LDMIgztCamkZGlpqkzT9VcHT4QWLi0/WL/7ff0ukL3QwL3O0H9NDXciCTR2HQsPPXq7fzv4D9oE0wAibmJbsI0P0cwnfgeTlJLY0ffN7+ZPs1SzWz7YpaBoxKm4g5rRClh23JCXqtPD65VPtZijaoB7gafGvkBWNy7ryyqSJc1TeCJ5qa8bRHajkaDv9PuEIA9AJ/SODVIdRxyJj8wbXMQuGohXLESLZxPcJE/JBKWfrVAcl0ctkRNXWrbFeQo89NgdT8MWMYiWMfNE3EJqBP5h16FkRagrDUq8HlOpHtFG3EU1VSNaNGlRPmirgDTdQHOvj8kSpnGdyXOrptiWSdMgYWqhqlXRaK8yTMyb0Aot8wg6NuuICsuHZ3rhzi55jcCC9htT3lionJ2qh8eD705mF/c5j9,iv:hQyOucsZMBQoWJXDWs18C9pzcBtk69RaHjD4vZFqzCk=,tag:ncYl3yfCOgUsFTBdoCVypg==,type:str]
|
||||
certificate-key-foto-tammena-me: ENC[AES256_GCM,data:BNabWgck7TKuH9lRdmdqiBrN4nFHXNsWey1B+o3sIFRbKZGzNDxsfOBm0WH3W8m0IGq/pls/dZhfoWegZdxcKoSjv/41XOP6+feB7XONGkQI3a8Hn88JttoY5OV0VoLP93kDFqWQchFDpsd5JR3g7Mpci5YB8YXJPSLyZnsTmDH97I6yoXTw40fwy5IfjnXhPWTzPKMNkfUFEZqDUiMBRs1+/mYeaNMu0LVObutjY4YgUi9jN1CPhyhOdpqQwOQ/jhvxmyqyNmWikmlyTi+BiySz3baQggIW43Ef9Zc6a+d5RE9Qo9zw7C7jNce0hR0R4yJ5lOt7C4bXpZPYYYGrsgyCTRaeF3P5PX+9OgvJJY7a7x+mCROeRxGdP9Rj/3qaO9B6fsDM5O1gpBIXBYw=,iv:DPOKS7NTqkXDhGaJt34CPlhw+wkjg9jh4ABe2153Trc=,tag:M6GLgUBosz9YcuFDeRogYg==,type:str]
|
||||
certificate-key-config-tammena-me: ENC[AES256_GCM,data:0+iGC4CzS9iYSXyk9IU5Wz7W3LSrzM0lbaMIUNZ90dV4/njlXkUVXaolouRK0taMgIS8OT4QmRaOD6LlHQfyy512oKoWw6y6So599Qj3jlZiRLGVrrJ8MlRJ4Fnl0tZa9YPOEKquNo1VBpoPhazk743YUqVIySxOOynl+P9qv5f4bDXCG6Nj78cWj75QcB4to3Zzkx+yVeTc2jKwWtLxSxdCGgJtxgCokkVZW/bU78g8Th+zdICXYweZsmj0MuSD1+j4akauHJykyvjt5Lu74laR6vwDQ0EC/ThJr7OiaBKzihYcfAO7zh4EkF7gBTZfiDEcBoxEcLwB6A8NXxFqdg7lTvkhyloVLN0yTOAh3nnkBaVmLAO8n19qOuPLRfhf9FFYJmAR48XZCHT20kM=,iv:kT9DEeX5yDpA4UpPHnrd1vFOD3QvXKrYetO0Ssz62tQ=,tag:49P+3XqjlwZT54KHyJjKQg==,type:str]
|
||||
|
@ -43,8 +44,8 @@ sops:
|
|||
ZzFxdmlXaTRCY2tUZndBSDlNeUVROVUKH1CxbcdwHR3ELn9YlGvO6YbGGg++wGZv
|
||||
97ez/ErXEOq/6IF6HzV3I9BsVV4WCJI2VTP8Lbiwt59qg5riH7CGJQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-17T15:29:44Z"
|
||||
mac: ENC[AES256_GCM,data:iQCnc/f+fOPbhHxxxnaFf8Tz6GuEaebYR1ROzin1XbC9J0WO0G3yK3atOsamQlaUwkZqt1/eQCVtUWs2D8xOpwNK6tPJc1rrKIo5AyKqwWXt5OCvL1KD2VWWnDmq8ZVl2CMgZpsLeQM8Om0EMXzo9fFRZSJEZ8qt/1E3GFOn6jM=,iv:1oF0lcymgPVq69tb4KpnhFU9l5LMsUDi/4B12dAGdoQ=,tag:zFYdalBtRxC0rf1puWdnSQ==,type:str]
|
||||
lastmodified: "2024-11-08T09:36:13Z"
|
||||
mac: ENC[AES256_GCM,data:KNx+WYUoyNeVOXuvCrqPebLztUEc+kxD40eqa4qftq/RCE+EBB4zvweepnozBmhHfcbZFuu4Hge8ZDRuydk5QQppslhsyAJEW77lnPTiJmCZwIIqkqW8hOfQaR1x3Hm8TuE8iL16sla1KFx98o/5yquxhBC2Ny+n0Npi0xl8bUg=,iv:sLzfQg+6soqLLxjMyurmYRbH7mU1L5N8Ryupbeq6TR0=,tag:r0RuDBH/ZtFcuLbgzCbZNg==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-11-06T16:58:30Z"
|
||||
enc: |
|
||||
|
@ -78,4 +79,4 @@ sops:
|
|||
-----END PGP MESSAGE-----
|
||||
fp: D5FEA546C06B3AEC97EB7F5A437B3369EAE401C4
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.9.1
|
||||
|
|
Loading…
Reference in a new issue