modules/server/home-assistant.nix at main · kitten.sh/system

kitten.sh / system
Personal Nix setup
system / modules / server / home-assistant.nix
at main 2.4 kB view raw
 1{ lib, config, pkgs, helpers, ... }:
 2
 3with lib;
 4let
 5  inherit (pkgs) stdenv;
 6
 7  cfgRoot = config.modules.server;
 8  cfg = config.modules.server.home-assistant;
 9
10  containerImage = if stdenv.isAarch64
11    then "ghcr.io/home-assistant/aarch64-homeassistant:${cfg.revision}"
12    else "ghcr.io/home-assistant/home-assistant:${cfg.revision}";
13in helpers.linuxAttrs {
14  options.modules.server.home-assistant = {
15    enable = mkOption {
16      default = false;
17      example = true;
18      description = "Whether to enable Home Assistant.";
19      type = types.bool;
20    };
21
22    revision = mkOption {
23      default = "2024.9.2";
24      example = "2024.9.2";
25      description = "Home Assistant Revision";
26      type = types.str;
27    };
28
29    extraOptions = mkOption {
30      default = [];
31      description = "Extra podman options";
32      type = types.listOf types.str;
33    };
34  };
35
36  config = mkIf (cfg.enable && cfgRoot.enable) {
37    modules.server.podman.enable = mkDefault true;
38
39    users = {
40      groups.hass.gid = config.ids.gids.hass;
41      users.hass = {
42        uid = config.ids.uids.hass;
43        group = "hass";
44      };
45    };
46
47    system.activationScripts.makeHomeAssistantFolder = lib.stringAfter [ "var" ] ''
48      mkdir -p /var/lib/home-assistant
49    '';
50
51    virtualisation.oci-containers = {
52      containers.hass = rec {
53        autoStart = true;
54        volumes = [
55          "/var/lib/home-assistant:/config"
56          "/etc/localtime:/etc/localtime:ro"
57          "/sys:/sys:ro"
58        ];
59        user = "${environment.PUID}:${environment.PGID}";
60        environment = {
61          TZ = "Europe/London";
62          PUID = "${toString config.ids.uids.hass}";
63          PGID = "${toString config.ids.gids.hass}";
64          UMASK = "007";
65        };
66        image = containerImage;
67        extraOptions = [
68          "--cap-drop=ALL"
69          "--cap-add=CHOWN"
70          "--cap-add=DAC_OVERRIDE"
71          "--cap-add=FSETID"
72          "--cap-add=FOWNER"
73          "--cap-add=SETGID"
74          "--cap-add=SETUID"
75          "--cap-add=SYS_CHROOT"
76          "--cap-add=KILL"
77          "--cap-add=NET_RAW"
78          "--cap-add=NET_ADMIN"
79          "--security-opt=no-new-privileges"
80          "--userns=keep-id"
81          "--hostuser=hass"
82          "--runtime=runc"
83          "--network=host"
84        ] ++ cfg.extraOptions;
85      };
86    };
87  };
88}