numbus/numbus-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Trying to get all services to work. Have to do some more bugfixing

Browse Source
This commit is contained in:
Raphaël Numbus
2026-01-25 22:13:22 +01:00
parent bf47ad445c
commit 765bc2957c
12 changed files with 94 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy.sh
+10 -6
View File
@@ -415,12 +415,16 @@ services_generation() {
elif [[ "${service}" == "home-assistant" ]]; then elif [[ "${service}" == "home-assistant" ]]; then
if [[ -n "${TARGET_ZIGBEE_DEVICE}" ]]; then if [[ -n "${TARGET_ZIGBEE_DEVICE}" ]]; then
local REPLACEMENT="devices:\n - /dev/serial/by-id/${TARGET_ZIGBEE_DEVICE}:/dev/ttyUSB0" local REPLACEMENT="devices:\n - /dev/serial/by-id/${TARGET_ZIGBEE_DEVICE}:/dev/ttyUSB0"
sed -i "s|# --- hass devices --- #|$REPLACEMENT|" final-nix-config/etc/nixos/podman/home-assistant.nix sed -i "s|# --- home-assistant devices --- #|$REPLACEMENT|" final-nix-config/etc/nixos/podman/home-assistant.nix
fi fi
export HOME_ASSISTANT_MQTT_USER="$(xkcdpass -d "-" -n 2)" export HOME_ASSISTANT_MQTT_USER="$(xkcdpass -d "-" -n 2)"
export HOME_ASSISTANT_MQTT_PASSWORD="$(xkcdpass -d "-")" export HOME_ASSISTANT_MQTT_PASSWORD="$(xkcdpass -d "-")"
mkdir -p final-nix-config/mnt/config/mqtt/ mkdir -p final-nix-config/mnt/config/mqtt/
envsubst < templates/podman-config/hass/mosquitto.conf > final-nix-config/mnt/config/mqtt/mosquitto.conf mkdir -p final-nix-config/mnt/config/home-assistant/
mkdir -p final-nix-config/mnt/config/frigate/
envsubst < templates/podman-config/home-assistant/mosquitto.conf > final-nix-config/mnt/config/mqtt/mosquitto.conf
envsubst < templates/podman-config/home-assistant/configuration.yaml > final-nix-config/mnt/config/home-assistant/configuration.yaml
envsubst < templates/podman-config/frigate/config.yaml > final-nix-config/mnt/config/frigate/config.yaml
touch final-nix-config/mnt/config/mqtt/password.txt touch final-nix-config/mnt/config/mqtt/password.txt
chmod 0700 final-nix-config/mnt/config/mqtt/password.txt chmod 0700 final-nix-config/mnt/config/mqtt/password.txt
mosquitto_passwd -b final-nix-config/mnt/config/mqtt/password.txt "$HOME_ASSISTANT_MQTT_USER" "$HOME_ASSISTANT_MQTT_PASSWORD" mosquitto_passwd -b final-nix-config/mnt/config/mqtt/password.txt "$HOME_ASSISTANT_MQTT_USER" "$HOME_ASSISTANT_MQTT_PASSWORD"
@@ -870,14 +874,14 @@ postrun_action() {
ssh_to_host 'bash -s' << EOF ssh_to_host 'bash -s' << EOF
echo "Enrolling boot disk key to TPM..." echo "Enrolling boot disk key to TPM..."
if [[ ${#BOOT_DISKS_ID[@]} -eq 1 ]]; then if [[ ${#BOOT_DISKS_ID[@]} -eq 1 ]]; then
echo $REMOTE_PASS | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-1 /dev/${BOOT_DISK_1_NAME} echo ${REMOTE_PASS} | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-1 /dev/${BOOT_DISK_1_NAME}
elif [[ ${#BOOT_DISKS_ID[@]} -eq 2 ]]; then elif [[ ${#BOOT_DISKS_ID[@]} -eq 2 ]]; then
echo $REMOTE_PASS | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-1 /dev/${BOOT_DISK_1_NAME} echo ${REMOTE_PASS} | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-1 /dev/${BOOT_DISK_1_NAME}
echo $REMOTE_PASS | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-2 /dev/${BOOT_DISK_2_NAME} echo ${REMOTE_PASS} | sudo -S systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --unlock-key-file=/etc/secrets/disks/boot-2 /dev/${BOOT_DISK_2_NAME}
fi fi
echo "Getting PCRS 15 hash..." echo "Getting PCRS 15 hash..."
PCR_HASH=\$(echo $REMOTE_PASS | sudo -S systemd-analyze pcrs 15 --json=short) PCR_HASH=\$(echo ${REMOTE_PASS} | sudo -S systemd-analyze pcrs 15 --json=short)
sed -i "s|# systemIdentity.enable = true;| systemIdentity.enable = true;|" /etc/nixos/configuration.nix sed -i "s|# systemIdentity.enable = true;| systemIdentity.enable = true;|" /etc/nixos/configuration.nix
sed -i "s|# systemIdentity.pcr15 = "PCR_HASH";| systemIdentity.pcr15 = "PCR_HASH";|" /etc/nixos/configuration.nix sed -i "s|# systemIdentity.pcr15 = "PCR_HASH";| systemIdentity.pcr15 = "PCR_HASH";|" /etc/nixos/configuration.nix
templates/nix-config/configuration.nix
-1
View File
@@ -122,7 +122,6 @@
# Enable Podman # Enable Podman
virtualisation.podman.enable = true; virtualisation.podman.enable = true;
virtualisation.podman.defaultNetwork.settings.dns_enabled = true;
# Enable libvirt # Enable libvirt
# virtualisation.libvirtd.enable = true; # virtualisation.libvirtd.enable = true;
templates/nix-config/misc/activation.nix
+2
View File
@@ -23,6 +23,8 @@
chown -R numbus-admin:users /mnt/data/ chown -R numbus-admin:users /mnt/data/
chown -R 100032:users /mnt/data/nextcloud/ chown -R 100032:users /mnt/data/nextcloud/
chown -R numbus-admin:users /home/numbus-admin/.numbus-server/ chown -R numbus-admin:users /home/numbus-admin/.numbus-server/
chown -R numbus-admin:users /mnt/config/frigate/config.yaml
chmod 644 /mnt/config/frigate/config.yaml
touch /home/numbus-admin/.numbus-server/chowned.true touch /home/numbus-admin/.numbus-server/chowned.true
''; '';
templates/nix-config/misc/networking.nix
+1 -1
View File
@@ -15,7 +15,7 @@
# Bridge configuration for VMs # Bridge configuration for VMs
networking.bridges.br0.interfaces = [ "TARGET_INTERFACE" ]; networking.bridges.br0.interfaces = [ "TARGET_INTERFACE" ];
networking.interfaces.br0.useDHCP = false; networking.interfaces.br0.useDHCP = false;
networking.nameservers = [ "HOME_SERVER_IP" "9.9.9.9" ]; networking.nameservers = [ "9.9.9.9" ];
networking.interfaces.br0.ipv4.addresses = [{ networking.interfaces.br0.ipv4.addresses = [{
address = "HOME_SERVER_IP"; address = "HOME_SERVER_IP";
prefixLength = 24; prefixLength = 24;
templates/nix-config/podman/frigate.nix
+5 -5
View File
@@ -20,8 +20,8 @@ in
container_name: frigate container_name: frigate
shm_size: "512MB" shm_size: "512MB"
networks: networks:
hass_frontend: home-assistant_frontend:
hass_backend: home-assistant_backend:
volumes: volumes:
- ${config_dir}:/config - ${config_dir}:/config
- ${data_dir}/clips:/media/frigate/clips - ${data_dir}/clips:/media/frigate/clips
@@ -47,9 +47,9 @@ in
restart: unless-stopped restart: unless-stopped
networks: networks:
hass_backend: home-assistant_backend:
external: true external: true
hass_frontend: home-assistant_frontend:
external: true external: true
''; '';
@@ -67,7 +67,7 @@ in
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
# Bring the service up # Bring the service up
ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
# Take it down gracefully # Take it down gracefully
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
Restart = "on-failure"; Restart = "on-failure";
templates/nix-config/podman/gitea.nix
+1 -1
View File
@@ -79,7 +79,7 @@ in
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
# Bring the service up # Bring the service up
ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
# Take it down gracefully # Take it down gracefully
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
Restart = "on-failure"; Restart = "on-failure";
templates/nix-config/podman/home-assistant.nix
+1 -1
View File
@@ -66,7 +66,7 @@ in
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
# Bring the service up # Bring the service up
ExecStart = "sleep 70 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
# Take it down gracefully # Take it down gracefully
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
Restart = "on-failure"; Restart = "on-failure";
templates/nix-config/podman/immich.nix
+1 -1
View File
@@ -103,7 +103,7 @@ in
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
# Bring the service up # Bring the service up
ExecStart = "sleep 80 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
# Take it down gracefully # Take it down gracefully
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
Restart = "on-failure"; Restart = "on-failure";
templates/nix-config/podman/pi-hole.nix
+2 -2
View File
@@ -15,7 +15,7 @@ in
'' ''
services: services:
pihole: pihole:
image: pihole/pihole:latest image: docker.io/pihole/pihole:latest
container_name: pi-hole container_name: pi-hole
networks: networks:
pi-hole_frontend: pi-hole_frontend:
@@ -80,7 +80,7 @@ in
# Pull the latest image before running # Pull the latest image before running
ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull"; ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
# Bring the service up # Bring the service up
ExecStart = "sleep 60 && ${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans"; ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
# Take it down gracefully # Take it down gracefully
ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down"; ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";
Restart = "on-failure"; Restart = "on-failure";
templates/podman-config/frigate/config.yaml
+70
View File
@@ -0,0 +1,70 @@
# Home-assistant connection settings
mqtt:
host: frigate-mqtt
port: 1883
user: $HOME_ASSISTANT_MQTT_USER
password: $HOME_ASSISTANT_MQTT_PASSWORD
stats_interval: 60
# Ffmpeg configuration
ffmpeg:
hwaccel_args: preset-vaapi
# Snapshots configuration
snapshots:
enabled: true
clean_copy: true
timestamp: true
bounding_box: true
crop: false
retain:
default: 10
objects:
person: 10
# Recordings configuration
record:
enabled: true
retain:
days: 3
mode: motion
alerts:
retain:
days: 30
mode: motion
detections:
retain:
days: 30
mode: motion
# Cameras configuration
cameras:
camera-1:
enabled: true
onvif: # Enable if camera supports it
host: ip_address
port: 2020
user: user
password: password
ffmpeg:
inputs:
- path: rtsp://user:password@ip_address:port/url # Check the camera documentation
roles:
- detect
- record
detect:
enabled: true
width: 1280
height: 720
fps: 5
# Coral TPU configuration
detectors:
coral:
type: edgetpu
device: usb
version: 0.16-0
tls:
enabled: false
templates/podman-config/hass/configuration.yaml → templates/podman-config/home-assistant/configuration.yaml
+1 -1
View File
@@ -12,6 +12,6 @@ scene: !include scenes.yaml
http: http:
use_x_forwarded_for: true use_x_forwarded_for: true
trusted_proxies: 172.16.10.253 trusted_proxies: 172.16.20.253
zha: zha:
templates/podman-config/hass/mosquitto.conf → templates/podman-config/home-assistant/mosquitto.conf
View File