Trying to get all services to work. Have to do some more bugfixing

deploy.sh

@@ -415,12 +415,16 @@ services_generation() {
     elif [[ "${service}" == "home-assistant" ]]; then
       if [[ -n "${TARGET_ZIGBEE_DEVICE}" ]]; then
         local REPLACEMENT="devices:\n              - /dev/serial/by-id/${TARGET_ZIGBEE_DEVICE}:/dev/ttyUSB0"
-        sed -i "s|# --- hass devices --- #|$REPLACEMENT|" final-nix-config/etc/nixos/podman/home-assistant.nix
+        sed -i "s|# --- home-assistant devices --- #|$REPLACEMENT|" final-nix-config/etc/nixos/podman/home-assistant.nix
       fi
       export HOME_ASSISTANT_MQTT_USER="$(xkcdpass -d "-" -n 2)"
       export HOME_ASSISTANT_MQTT_PASSWORD="$(xkcdpass -d "-")"
       mkdir -p final-nix-config/mnt/config/mqtt/
-      envsubst < templates/podman-config/hass/mosquitto.conf > final-nix-config/mnt/config/mqtt/mosquitto.conf
+      mkdir -p final-nix-config/mnt/config/home-assistant/
+      mkdir -p final-nix-config/mnt/config/frigate/
+      envsubst < templates/podman-config/home-assistant/mosquitto.conf > final-nix-config/mnt/config/mqtt/mosquitto.conf
+      envsubst < templates/podman-config/home-assistant/configuration.yaml > final-nix-config/mnt/config/home-assistant/configuration.yaml
+      envsubst < templates/podman-config/frigate/config.yaml > final-nix-config/mnt/config/frigate/config.yaml
       touch final-nix-config/mnt/config/mqtt/password.txt
       chmod 0700 final-nix-config/mnt/config/mqtt/password.txt
       mosquitto_passwd -b final-nix-config/mnt/config/mqtt/password.txt "$HOME_ASSISTANT_MQTT_USER" "$HOME_ASSISTANT_MQTT_PASSWORD"
@@ -870,14 +874,14 @@ postrun_action() {
   ssh_to_host 'bash -s' << EOF
 echo "Enrolling boot disk key to TPM..."
 if [[ ${#BOOT_DISKS_ID[@]} -eq 1 ]]; then
-  echo $REMOTE_PASS | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-1 /dev/${BOOT_DISK_1_NAME}
+  echo ${REMOTE_PASS} | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-1 /dev/${BOOT_DISK_1_NAME}
 elif [[ ${#BOOT_DISKS_ID[@]} -eq 2 ]]; then
-  echo $REMOTE_PASS | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-1 /dev/${BOOT_DISK_1_NAME}
-  echo $REMOTE_PASS | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-2 /dev/${BOOT_DISK_2_NAME}
+  echo ${REMOTE_PASS} | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-1 /dev/${BOOT_DISK_1_NAME}
+  echo ${REMOTE_PASS} | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-2 /dev/${BOOT_DISK_2_NAME}
 fi
 
 echo "Getting PCRS 15 hash..."
-PCR_HASH=\$(echo $REMOTE_PASS | sudo -S systemd-analyze pcrs 15 --json=short)
+PCR_HASH=\$(echo ${REMOTE_PASS} | sudo -S systemd-analyze pcrs 15 --json=short)
 
 sed -i "s|#  systemIdentity.enable = true;|  systemIdentity.enable = true;|" /etc/nixos/configuration.nix
 sed -i "s|#  systemIdentity.pcr15 = "PCR_HASH";|  systemIdentity.pcr15 = "PCR_HASH";|" /etc/nixos/configuration.nix

templates/nix-config/configuration.nix

@@ -122,7 +122,6 @@
 
   # Enable Podman
   virtualisation.podman.enable = true;
-  virtualisation.podman.defaultNetwork.settings.dns_enabled = true;
 
   # Enable libvirt
 #  virtualisation.libvirtd.enable = true;

templates/nix-config/misc/activation.nix

@@ -23,6 +23,8 @@
       chown -R numbus-admin:users /mnt/data/
       chown -R 100032:users /mnt/data/nextcloud/
       chown -R numbus-admin:users /home/numbus-admin/.numbus-server/
+      chown -R numbus-admin:users /mnt/config/frigate/config.yaml
+      chmod 644 /mnt/config/frigate/config.yaml
 
       touch /home/numbus-admin/.numbus-server/chowned.true
     '';

templates/nix-config/misc/networking.nix

@@ -15,7 +15,7 @@
   # Bridge configuration for VMs
   networking.bridges.br0.interfaces = [ "TARGET_INTERFACE" ];
   networking.interfaces.br0.useDHCP = false;
-  networking.nameservers = [ "HOME_SERVER_IP" "9.9.9.9" ];
+  networking.nameservers = [ "9.9.9.9" ];
   networking.interfaces.br0.ipv4.addresses = [{
     address = "HOME_SERVER_IP";
     prefixLength = 24;

templates/nix-config/podman/frigate.nix

@@ -20,8 +20,8 @@ in
             container_name: frigate
             shm_size: "512MB"
             networks:
-              hass_frontend:
-              hass_backend:
+              home-assistant_frontend:
+              home-assistant_backend:
             volumes:
               - ${config_dir}:/config
               - ${data_dir}/clips:/media/frigate/clips
@@ -47,9 +47,9 @@ in
             restart: unless-stopped
 
         networks:
-          hass_backend:
+          home-assistant_backend:
             external: true
-          hass_frontend:
+          home-assistant_frontend:
             external: true
       '';
 
@@ -67,7 +67,7 @@ in
         # Pull the latest image before running
         ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
         # Bring the service up
-        ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
+        ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
         # Take it down gracefully
         ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
         Restart = "on-failure";

templates/nix-config/podman/gitea.nix

@@ -79,7 +79,7 @@ in
         # Pull the latest image before running
         ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
         # Bring the service up
-        ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
+        ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
         # Take it down gracefully
         ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
         Restart = "on-failure";

templates/nix-config/podman/home-assistant.nix

@@ -66,7 +66,7 @@ in
         # Pull the latest image before running
         ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
         # Bring the service up
-        ExecStart = "sleep 70 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
+        ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
         # Take it down gracefully
         ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
         Restart = "on-failure";

templates/nix-config/podman/immich.nix

@@ -103,7 +103,7 @@ in
         # Pull the latest image before running
         ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
         # Bring the service up
-        ExecStart = "sleep 80 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
+        ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
         # Take it down gracefully
         ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
         Restart = "on-failure";

templates/nix-config/podman/pi-hole.nix

@@ -15,7 +15,7 @@ in
       ''
         services:
           pihole:
-            image: pihole/pihole:latest
+            image: docker.io/pihole/pihole:latest
             container_name: pi-hole
             networks:
               pi-hole_frontend:
@@ -80,7 +80,7 @@ in
         # Pull the latest image before running
         ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
         # Bring the service up
-        ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
+        ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
         # Take it down gracefully
         ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
         Restart = "on-failure";

templates/podman-config/frigate/config.yaml

@@ -0,0 +1,70 @@
+# Home-assistant connection settings
+mqtt:
+  host: frigate-mqtt
+  port: 1883
+  user: $HOME_ASSISTANT_MQTT_USER
+  password: $HOME_ASSISTANT_MQTT_PASSWORD
+  stats_interval: 60
+
+# Ffmpeg configuration
+ffmpeg:
+  hwaccel_args: preset-vaapi
+
+# Snapshots configuration
+snapshots:
+  enabled: true
+  clean_copy: true
+  timestamp: true
+  bounding_box: true
+  crop: false
+  retain:
+    default: 10
+    objects:
+      person: 10
+
+# Recordings configuration
+record:
+  enabled: true
+  retain:
+    days: 3
+    mode: motion
+  alerts:
+    retain:
+      days: 30
+      mode: motion
+  detections:
+    retain:
+      days: 30
+      mode: motion
+
+# Cameras configuration
+cameras:
+  camera-1:
+    enabled: true
+    onvif: # Enable if camera supports it
+      host: ip_address
+      port: 2020
+      user: user
+      password: password
+    ffmpeg:
+      inputs:
+        - path: rtsp://user:password@ip_address:port/url # Check the camera documentation
+          roles:
+            - detect
+            - record
+    detect:
+      enabled: true
+      width: 1280
+      height: 720
+      fps: 5
+
+# Coral TPU configuration
+detectors:
+  coral:
+    type: edgetpu
+    device: usb
+
+version: 0.16-0
+
+tls:
+  enabled: false

templates/podman-config/home-assistant/configuration.yaml

@@ -12,6 +12,6 @@ scene: !include scenes.yaml
 
 http:
   use_x_forwarded_for: true
-  trusted_proxies: 172.16.10.253
+  trusted_proxies: 172.16.20.253
 
 zha: