From 43486ea6d8f2784a36616313675bd06ce433ccc1 Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 6 Jun 2022 21:16:30 +0200 Subject: ma bureautomation: home-assistant is now user-controlled --- makefu/2configs/bureautomation/comic-updater.nix | 5 +- makefu/2configs/bureautomation/default.nix | 320 ++++++++++++----------- makefu/2configs/gui/wbob-kiosk.nix | 12 +- 3 files changed, 181 insertions(+), 156 deletions(-) diff --git a/makefu/2configs/bureautomation/comic-updater.nix b/makefu/2configs/bureautomation/comic-updater.nix index 1e244093..5804d66d 100644 --- a/makefu/2configs/bureautomation/comic-updater.nix +++ b/makefu/2configs/bureautomation/comic-updater.nix @@ -11,8 +11,9 @@ in { path = with pkgs; [ wget xmlstarlet ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { - User = "hass"; - WorkingDirectory = config.services.home-assistant.configDir; + # User = "hass"; + #WorkingDirectory = config.services.home-assistant.configDir; + WorkingDirectory = "/var/lib/homeassistant-docker"; ExecStart = pkgs.writeDash "update-comics" '' set -euf mkdir -p www/ diff --git a/makefu/2configs/bureautomation/default.nix b/makefu/2configs/bureautomation/default.nix index 46bf0596..44690271 100644 --- a/makefu/2configs/bureautomation/default.nix +++ b/makefu/2configs/bureautomation/default.nix @@ -2,6 +2,7 @@ let kodi-host = "192.168.8.11"; unstable = import {}; + confdir = "/var/lib/homeassistant-docker"; in { imports = [ ./ota.nix @@ -13,169 +14,188 @@ in { # hass config ## complex configs # ./multi/daily-standup.nix - ./multi/aramark.nix - ./multi/matrix.nix - ./multi/frosch.nix - ./multi/mittagessen.nix - ./multi/10h_timers.nix + #./multi/aramark.nix + #./multi/matrix.nix + #./multi/frosch.nix + #./multi/mittagessen.nix + #./multi/10h_timers.nix - ./switch/tasmota_switch.nix - ./switch/rfbridge.nix + #./switch/tasmota_switch.nix + #./switch/rfbridge.nix - ./light/statuslight.nix - ./light/buzzer.nix + #./light/statuslight.nix + #./light/buzzer.nix - ./script/multi_blink.nix + #./script/multi_blink.nix - ./binary_sensor/buttons.nix - ./binary_sensor/motion.nix + #./binary_sensor/buttons.nix + #./binary_sensor/motion.nix - # ./sensor/pollen.nix requires dwd_pollen - ./sensor/espeasy.nix - ./sensor/airquality.nix - ./sensor/outside.nix - ./sensor/tasmota_firmware.nix + ## ./sensor/pollen.nix requires dwd_pollen + #./sensor/espeasy.nix + #./sensor/airquality.nix + #./sensor/outside.nix + #./sensor/tasmota_firmware.nix - ./camera/verkehrskamera.nix - ./camera/comic.nix - ./camera/stuttgart.nix - ./automation/bureau-shutdown.nix - ./automation/nachtlicht.nix - ./automation/schlechteluft.nix - ./automation/philosophische-tuer.nix - ./automation/hass-restart.nix - ./device_tracker/openwrt.nix - ./person/team.nix + #./camera/verkehrskamera.nix + #./camera/comic.nix + #./camera/stuttgart.nix + #./automation/bureau-shutdown.nix + #./automation/nachtlicht.nix + #./automation/schlechteluft.nix + #./automation/philosophische-tuer.nix + #./automation/hass-restart.nix + #./device_tracker/openwrt.nix + #./person/team.nix ]; networking.firewall.allowedTCPPorts = [ 8123 ]; state = [ "/var/lib/hass/known_devices.yaml" ]; - - services.home-assistant = { - enable = true; - package = (unstable.home-assistant.overrideAttrs (old: { - doInstallCheck = false; - })).override { - extraPackages = p: [ - # TODO: put somewhere else - (p.callPackage {}) - # (p.callPackage {}) - p.APScheduler ]; + virtualisation.oci-containers.containers.hass = { + image = "homeassistant/home-assistant:latest"; + #user = "${toString config.users.users.kiosk.uid}:${toString config.users.groups.kiosk.gid}"; + #user = "${toString config.users.users.kiosk.uid}:root"; + environment = { + TZ = "Europe/Berlin"; + PUID = toString config.users.users.kiosk.uid; + PGID = toString config.users.groups.kiosk.gid; + UMASK = "007"; }; - autoExtraComponents = true; - config = { - config = {}; - discovery = {}; - homeassistant = { - name = "Bureautomation"; - time_zone = "Europe/Berlin"; - latitude = "48.8265"; - longitude = "9.0676"; - elevation = 303; - auth_providers = [ - { type = "homeassistant";} - { type = "legacy_api_password"; - api_password = "sistemas"; - } - { type = "trusted_networks"; - trusted_networks = [ - "127.0.0.1/32" - "192.168.8.0/24" - "::1/128" - "fd00::/8" - ]; - # allow_bypass_login = true; - } - ]; - }; - # https://www.home-assistant.io/components/influxdb/ - influxdb = { - database = "hass"; - tags = { - instance = "wbob"; - source = "hass"; - }; - }; - mqtt = { - discovery = true; - discovery_prefix = "homeassistant"; - broker = "localhost"; - port = 1883; - client_id = "home-assistant"; - keepalive = 60; - protocol = 3.1; - birth_message = { - topic = "/bam/hass/tele/LWT"; - payload = "Online"; - qos = 1; - retain = true; - }; - will_message = { - topic = "/bam/hass/tele/LWT"; - payload = "Offline"; - qos = 1; - retain = true; - }; - }; - notify = [ - { - platform = "kodi"; - name = "wbob-kodi"; - host = kodi-host; - } - #{ - # platform = "telegram"; - # name = "telegrambot"; - # chat_id = builtins.elemAt - # (builtins.fromJSON (builtins.readFile - # )).allowed_chat_ids 0; - #} - ]; - media_player = [ - { platform = "kodi"; - host = kodi-host; - } - { platform = "mpd"; - host = "127.0.0.1"; - } - ]; + extraOptions = ["--net=host" ]; + volumes = [ + "${confdir}:/config" + #"${confdir}/docker-run:/etc/services.d/home-assistant/run:" + ]; + }; + systemd.tmpfiles.rules = [ + #"f ${confdir}/docker-run 0770 kiosk kiosk - -" + "d ${confdir} 0770 kiosk kiosk - -" + ]; + #services.home-assistant = { + # enable = true; + # package = (unstable.home-assistant.overrideAttrs (old: { + # doInstallCheck = false; + # })).override { + # extraPackages = p: [ + # # TODO: put somewhere else + # (p.callPackage {}) + # # (p.callPackage {}) + # p.APScheduler ]; + # }; + # autoExtraComponents = true; + # config = { + # config = {}; + # discovery = {}; + # homeassistant = { + # name = "Bureautomation"; + # time_zone = "Europe/Berlin"; + # latitude = "48.8265"; + # longitude = "9.0676"; + # elevation = 303; + # auth_providers = [ + # { type = "homeassistant";} + # { type = "legacy_api_password"; + # api_password = "sistemas"; + # } + # { type = "trusted_networks"; + # trusted_networks = [ + # "127.0.0.1/32" + # "192.168.8.0/24" + # "::1/128" + # "fd00::/8" + # ]; + # # allow_bypass_login = true; + # } + # ]; + # }; + # # https://www.home-assistant.io/components/influxdb/ + # influxdb = { + # database = "hass"; + # tags = { + # instance = "wbob"; + # source = "hass"; + # }; + # }; + # mqtt = { + # discovery = true; + # discovery_prefix = "homeassistant"; + # broker = "localhost"; + # port = 1883; + # client_id = "home-assistant"; + # keepalive = 60; + # protocol = 3.1; + # birth_message = { + # topic = "/bam/hass/tele/LWT"; + # payload = "Online"; + # qos = 1; + # retain = true; + # }; + # will_message = { + # topic = "/bam/hass/tele/LWT"; + # payload = "Offline"; + # qos = 1; + # retain = true; + # }; + # }; + # notify = [ + # { + # platform = "kodi"; + # name = "wbob-kodi"; + # host = kodi-host; + # } + # #{ + # # platform = "telegram"; + # # name = "telegrambot"; + # # chat_id = builtins.elemAt + # # (builtins.fromJSON (builtins.readFile + # # )).allowed_chat_ids 0; + # #} + # ]; + # media_player = [ + # { platform = "kodi"; + # host = kodi-host; + # } + # { platform = "mpd"; + # host = "127.0.0.1"; + # } + # ]; - # sensor = [{ platform = "version"; }]; # pyhaversion + # # sensor = [{ platform = "version"; }]; # pyhaversion - frontend = { }; - http = { - # TODO: https://github.com/home-assistant/home-assistant/issues/16149 - # base_url = "http://192.168.8.11:8123"; - }; - conversation = {}; - history = {}; - logbook = {}; - tts = [ - { platform = "google_translate"; - language = "de"; - time_memory = 57600; - service_name = "google_say"; - } - { platform = "voicerss"; - api_key = builtins.readFile ; - language = "de-de"; - } - #{ platform = "picotts"; - # language = "de-DE"; - #} - ]; - recorder = {}; - sun = {}; - #telegram_bot = [ - # (builtins.fromJSON - # (builtins.readFile )) - #]; - # only for automation - # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; - # we don't use imports because the expressions do not merge in - # home-assistant - }; - }; + # frontend = { }; + # http = { + # # TODO: https://github.com/home-assistant/home-assistant/issues/16149 + # # base_url = "http://192.168.8.11:8123"; + # }; + # conversation = {}; + # history = {}; + # logbook = {}; + # tts = [ + # { platform = "google_translate"; + # language = "de"; + # time_memory = 57600; + # service_name = "google_say"; + # } + # { platform = "voicerss"; + # api_key = builtins.readFile ; + # language = "de-de"; + # } + # #{ platform = "picotts"; + # # language = "de-DE"; + # #} + # ]; + # recorder = {}; + # sun = {}; + # #telegram_bot = [ + # # (builtins.fromJSON + # # (builtins.readFile )) + # #]; + # # only for automation + # # feedreader.urls = [ "http://www.heise.de/security/rss/news-atom.xml" ]; + # # we don't use imports because the expressions do not merge in + # # home-assistant + # }; + #}; } diff --git a/makefu/2configs/gui/wbob-kiosk.nix b/makefu/2configs/gui/wbob-kiosk.nix index dc28cf4d..55df2364 100644 --- a/makefu/2configs/gui/wbob-kiosk.nix +++ b/makefu/2configs/gui/wbob-kiosk.nix @@ -4,17 +4,21 @@ imports = [ ./base.nix ]; - users.users.makefu = { - packages = [ pkgs.chromium ]; - extraGroups = [ "audio" "pulse" ]; + users.users.kiosk = { + packages = [ pkgs.chromium pkgs.vscode ]; + group = "kiosk"; + isNormalUser = true; + uid = 1003; + extraGroups = [ "wheel" "audio" "pulse" ]; }; + users.groups.kiosk.gid = 989 ; services.xserver = { windowManager = lib.mkForce { awesome.enable = false; }; displayManager.gdm.enable = true; displayManager.autoLogin = { enable = true; - user = "makefu"; + user = lib.mkForce "kiosk"; }; displayManager.defaultSession = "gnome"; desktopManager.gnome.enable = true; -- cgit v1.2.3