diff --git a/hosts/Hevana/default.nix b/hosts/Hevana/default.nix index 37bc4a8..3010a95 100644 --- a/hosts/Hevana/default.nix +++ b/hosts/Hevana/default.nix @@ -21,12 +21,13 @@ let }; # List of subdomains to add to the TLS certificate - subdomains = [ - config.secrets.services.deluge.url - config.secrets.services.forgejo.url - config.secrets.services.gremlin-lab.url - config.secrets.services.jellyfin.url - config.secrets.services.netdata.url + subdomains = with config.secrets.services; [ + deluge.url + forgejo.url + gremlin-lab.url + home-assistant.url + jellyfin.url + netdata.url ]; in { diff --git a/modules/services/home-assistant.nix b/modules/services/home-assistant.nix index 8060e90..0298995 100644 --- a/modules/services/home-assistant.nix +++ b/modules/services/home-assistant.nix @@ -1,4 +1,9 @@ -{ config, lib, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.aux.system.services.home-assistant; @@ -32,13 +37,14 @@ in config = lib.mkIf cfg.enable { services = { home-assistant = { + enable = true; # opt-out from declarative configuration management - config = null; lovelaceConfig = null; # configure the path to your config directory configDir = cfg.home; # specify list of components required by your configuration extraComponents = [ + "default_config" "esphome" "eufy" "govee_light_local" @@ -46,12 +52,18 @@ in "radio_browser" "tplink" ]; + extraPackages = python3Packages: with python3Packages; [ numpy ]; + config.http = { + server_host = "::1"; + trusted_proxies = [ "::1" ]; + use_x_forwarded_for = true; + }; }; nginx.virtualHosts."${cfg.url}" = { useACMEHost = cfg.domain; forceSSL = true; locations."/" = { - proxyPass = "http://127.0.0.1:8123"; + proxyPass = "http://[::1]:8123"; proxyWebsockets = true; extraConfig = '' # Security / XSS Mitigation Headers