From 765bc2957c43d1cc0355c8785e48ba417d9cd897 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rapha=C3=ABl=20Numbus?= Date: Sun, 25 Jan 2026 22:13:22 +0100 Subject: [PATCH] Trying to get all services to work. Have to do some more bugfixing --- deploy.sh | 16 +++-- templates/nix-config/configuration.nix | 1 - templates/nix-config/misc/activation.nix | 2 + templates/nix-config/misc/networking.nix | 2 +- templates/nix-config/podman/frigate.nix | 10 +-- templates/nix-config/podman/gitea.nix | 2 +- .../nix-config/podman/home-assistant.nix | 2 +- templates/nix-config/podman/immich.nix | 2 +- templates/nix-config/podman/pi-hole.nix | 4 +- templates/podman-config/frigate/config.yaml | 70 +++++++++++++++++++ .../configuration.yaml | 2 +- .../{hass => home-assistant}/mosquitto.conf | 0 12 files changed, 94 insertions(+), 19 deletions(-) create mode 100644 templates/podman-config/frigate/config.yaml rename templates/podman-config/{hass => home-assistant}/configuration.yaml (90%) rename templates/podman-config/{hass => home-assistant}/mosquitto.conf (100%) diff --git a/deploy.sh b/deploy.sh index 06a1678..bc3726c 100644 --- a/deploy.sh +++ b/deploy.sh @@ -415,12 +415,16 @@ services_generation() { elif [[ "${service}" == "home-assistant" ]]; then if [[ -n "${TARGET_ZIGBEE_DEVICE}" ]]; then local REPLACEMENT="devices:\n - /dev/serial/by-id/${TARGET_ZIGBEE_DEVICE}:/dev/ttyUSB0" - sed -i "s|# --- hass devices --- #|$REPLACEMENT|" final-nix-config/etc/nixos/podman/home-assistant.nix + sed -i "s|# --- home-assistant devices --- #|$REPLACEMENT|" final-nix-config/etc/nixos/podman/home-assistant.nix fi export HOME_ASSISTANT_MQTT_USER="$(xkcdpass -d "-" -n 2)" export HOME_ASSISTANT_MQTT_PASSWORD="$(xkcdpass -d "-")" mkdir -p final-nix-config/mnt/config/mqtt/ - envsubst < templates/podman-config/hass/mosquitto.conf > final-nix-config/mnt/config/mqtt/mosquitto.conf + mkdir -p final-nix-config/mnt/config/home-assistant/ + mkdir -p final-nix-config/mnt/config/frigate/ + envsubst < templates/podman-config/home-assistant/mosquitto.conf > final-nix-config/mnt/config/mqtt/mosquitto.conf + envsubst < templates/podman-config/home-assistant/configuration.yaml > final-nix-config/mnt/config/home-assistant/configuration.yaml + envsubst < templates/podman-config/frigate/config.yaml > final-nix-config/mnt/config/frigate/config.yaml touch final-nix-config/mnt/config/mqtt/password.txt chmod 0700 final-nix-config/mnt/config/mqtt/password.txt mosquitto_passwd -b final-nix-config/mnt/config/mqtt/password.txt "$HOME_ASSISTANT_MQTT_USER" "$HOME_ASSISTANT_MQTT_PASSWORD" @@ -870,14 +874,14 @@ postrun_action() { ssh_to_host 'bash -s' << EOF echo "Enrolling boot disk key to TPM..." if [[ ${#BOOT_DISKS_ID[@]} -eq 1 ]]; then - echo $REMOTE_PASS | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-1 /dev/${BOOT_DISK_1_NAME} + echo ${REMOTE_PASS} | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-1 /dev/${BOOT_DISK_1_NAME} elif [[ ${#BOOT_DISKS_ID[@]} -eq 2 ]]; then - echo $REMOTE_PASS | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-1 /dev/${BOOT_DISK_1_NAME} - echo $REMOTE_PASS | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-2 /dev/${BOOT_DISK_2_NAME} + echo ${REMOTE_PASS} | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-1 /dev/${BOOT_DISK_1_NAME} + echo ${REMOTE_PASS} | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-2 /dev/${BOOT_DISK_2_NAME} fi echo "Getting PCRS 15 hash..." -PCR_HASH=\$(echo $REMOTE_PASS | sudo -S systemd-analyze pcrs 15 --json=short) +PCR_HASH=\$(echo ${REMOTE_PASS} | sudo -S systemd-analyze pcrs 15 --json=short) sed -i "s|# systemIdentity.enable = true;| systemIdentity.enable = true;|" /etc/nixos/configuration.nix sed -i "s|# systemIdentity.pcr15 = "PCR_HASH";| systemIdentity.pcr15 = "PCR_HASH";|" /etc/nixos/configuration.nix diff --git a/templates/nix-config/configuration.nix b/templates/nix-config/configuration.nix index 6130f38..8ed6242 100644 --- a/templates/nix-config/configuration.nix +++ b/templates/nix-config/configuration.nix @@ -122,7 +122,6 @@ # Enable Podman virtualisation.podman.enable = true; - virtualisation.podman.defaultNetwork.settings.dns_enabled = true; # Enable libvirt # virtualisation.libvirtd.enable = true; diff --git a/templates/nix-config/misc/activation.nix b/templates/nix-config/misc/activation.nix index 823bfa8..07623f4 100644 --- a/templates/nix-config/misc/activation.nix +++ b/templates/nix-config/misc/activation.nix @@ -23,6 +23,8 @@ chown -R numbus-admin:users /mnt/data/ chown -R 100032:users /mnt/data/nextcloud/ chown -R numbus-admin:users /home/numbus-admin/.numbus-server/ + chown -R numbus-admin:users /mnt/config/frigate/config.yaml + chmod 644 /mnt/config/frigate/config.yaml touch /home/numbus-admin/.numbus-server/chowned.true ''; diff --git a/templates/nix-config/misc/networking.nix b/templates/nix-config/misc/networking.nix index d43c090..9b3d791 100644 --- a/templates/nix-config/misc/networking.nix +++ b/templates/nix-config/misc/networking.nix @@ -15,7 +15,7 @@ # Bridge configuration for VMs networking.bridges.br0.interfaces = [ "TARGET_INTERFACE" ]; networking.interfaces.br0.useDHCP = false; - networking.nameservers = [ "HOME_SERVER_IP" "9.9.9.9" ]; + networking.nameservers = [ "9.9.9.9" ]; networking.interfaces.br0.ipv4.addresses = [{ address = "HOME_SERVER_IP"; prefixLength = 24; diff --git a/templates/nix-config/podman/frigate.nix b/templates/nix-config/podman/frigate.nix index 7587bc9..4d6e118 100644 --- a/templates/nix-config/podman/frigate.nix +++ b/templates/nix-config/podman/frigate.nix @@ -20,8 +20,8 @@ in container_name: frigate shm_size: "512MB" networks: - hass_frontend: - hass_backend: + home-assistant_frontend: + home-assistant_backend: volumes: - ${config_dir}:/config - ${data_dir}/clips:/media/frigate/clips @@ -47,9 +47,9 @@ in restart: unless-stopped networks: - hass_backend: + home-assistant_backend: external: true - hass_frontend: + home-assistant_frontend: external: true ''; @@ -67,7 +67,7 @@ in # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; # Bring the service up - ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; + ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; # Take it down gracefully ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; diff --git a/templates/nix-config/podman/gitea.nix b/templates/nix-config/podman/gitea.nix index 1c8fb16..e9d434e 100644 --- a/templates/nix-config/podman/gitea.nix +++ b/templates/nix-config/podman/gitea.nix @@ -79,7 +79,7 @@ in # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; # Bring the service up - ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; + ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; # Take it down gracefully ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; diff --git a/templates/nix-config/podman/home-assistant.nix b/templates/nix-config/podman/home-assistant.nix index 4b6ba72..487b11b 100644 --- a/templates/nix-config/podman/home-assistant.nix +++ b/templates/nix-config/podman/home-assistant.nix @@ -66,7 +66,7 @@ in # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; # Bring the service up - ExecStart = "sleep 70 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; + ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; # Take it down gracefully ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; diff --git a/templates/nix-config/podman/immich.nix b/templates/nix-config/podman/immich.nix index 7e4c5f9..55f01b6 100644 --- a/templates/nix-config/podman/immich.nix +++ b/templates/nix-config/podman/immich.nix @@ -103,7 +103,7 @@ in # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; # Bring the service up - ExecStart = "sleep 80 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; + ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; # Take it down gracefully ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; diff --git a/templates/nix-config/podman/pi-hole.nix b/templates/nix-config/podman/pi-hole.nix index 7cdc5a1..f4cea47 100644 --- a/templates/nix-config/podman/pi-hole.nix +++ b/templates/nix-config/podman/pi-hole.nix @@ -15,7 +15,7 @@ in '' services: pihole: - image: pihole/pihole:latest + image: docker.io/pihole/pihole:latest container_name: pi-hole networks: pi-hole_frontend: @@ -80,7 +80,7 @@ in # Pull the latest image before running ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; # Bring the service up - ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; + ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; # Take it down gracefully ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; Restart = "on-failure"; diff --git a/templates/podman-config/frigate/config.yaml b/templates/podman-config/frigate/config.yaml new file mode 100644 index 0000000..75c2365 --- /dev/null +++ b/templates/podman-config/frigate/config.yaml @@ -0,0 +1,70 @@ +# Home-assistant connection settings +mqtt: + host: frigate-mqtt + port: 1883 + user: $HOME_ASSISTANT_MQTT_USER + password: $HOME_ASSISTANT_MQTT_PASSWORD + stats_interval: 60 + +# Ffmpeg configuration +ffmpeg: + hwaccel_args: preset-vaapi + +# Snapshots configuration +snapshots: + enabled: true + clean_copy: true + timestamp: true + bounding_box: true + crop: false + retain: + default: 10 + objects: + person: 10 + +# Recordings configuration +record: + enabled: true + retain: + days: 3 + mode: motion + alerts: + retain: + days: 30 + mode: motion + detections: + retain: + days: 30 + mode: motion + +# Cameras configuration +cameras: + camera-1: + enabled: true + onvif: # Enable if camera supports it + host: ip_address + port: 2020 + user: user + password: password + ffmpeg: + inputs: + - path: rtsp://user:password@ip_address:port/url # Check the camera documentation + roles: + - detect + - record + detect: + enabled: true + width: 1280 + height: 720 + fps: 5 + +# Coral TPU configuration +detectors: + coral: + type: edgetpu + device: usb + +version: 0.16-0 + +tls: + enabled: false \ No newline at end of file diff --git a/templates/podman-config/hass/configuration.yaml b/templates/podman-config/home-assistant/configuration.yaml similarity index 90% rename from templates/podman-config/hass/configuration.yaml rename to templates/podman-config/home-assistant/configuration.yaml index 3d23803..24f8912 100644 --- a/templates/podman-config/hass/configuration.yaml +++ b/templates/podman-config/home-assistant/configuration.yaml @@ -12,6 +12,6 @@ scene: !include scenes.yaml http: use_x_forwarded_for: true - trusted_proxies: 172.16.10.253 + trusted_proxies: 172.16.20.253 zha: \ No newline at end of file diff --git a/templates/podman-config/hass/mosquitto.conf b/templates/podman-config/home-assistant/mosquitto.conf similarity index 100% rename from templates/podman-config/hass/mosquitto.conf rename to templates/podman-config/home-assistant/mosquitto.conf