feat(esphome): add secretsFile option
All checks were successful
Discord / discord commits (push) Has been skipped

This commit is contained in:
matt1432 2024-09-05 22:42:17 -04:00
parent e82b9d5306
commit 9dee168383
5 changed files with 53 additions and 34 deletions

View file

@ -53,4 +53,7 @@
port = 6052; port = 6052;
}; };
}; };
# In case tailscale is down
boot.kernel.sysctl."net.ipv4.ip_nonlocal_bind" = 1;
} }

View file

@ -1,38 +1,42 @@
{...}: { {config, ...}: {
services.esphome.firmwareConfigs = { services.esphome = {
"esp1" = { secretsFile = config.sops.secrets.esphome.path;
packages.remote_package_files = {
url = "https://github.com/esphome/firmware";
files = ["voice-assistant/m5stack-atom-echo.adopted.yaml"];
ref = "0f6fad0860b8bd2c251162abde5064be1ae29546";
};
# Enable Home Assistant API firmwareConfigs = {
api.encryption.key = "!secret api_key"; "esp1" = {
packages.remote_package_files = {
ota = [ url = "https://github.com/esphome/firmware";
{ files = ["voice-assistant/m5stack-atom-echo.adopted.yaml"];
platform = "esphome"; ref = "0f6fad0860b8bd2c251162abde5064be1ae29546";
password = "!secret ota_pass";
}
];
wifi = {
ssid = "!secret wifi_ssid";
password = "!secret wifi_password";
manual_ip = {
# Set this to the IP of the ESP
static_ip = "192.168.0.92";
# Set this to the IP address of the router. Often ends with .1
gateway = "192.168.0.1";
subnet = "255.255.255.0";
}; };
# Enable fallback hotspot (captive portal) in case wifi connection fails # Enable Home Assistant API
ap = { api.encryption.key = "!secret api_key";
ssid = "Esp1 Fallback Hotspot";
password = "!secret ap_fallback"; ota = [
{
platform = "esphome";
password = "!secret ota_pass";
}
];
wifi = {
ssid = "!secret wifi_ssid";
password = "!secret wifi_password";
manual_ip = {
# Set this to the IP of the ESP
static_ip = "192.168.0.92";
# Set this to the IP address of the router. Often ends with .1
gateway = "192.168.0.1";
subnet = "255.255.255.0";
};
# Enable fallback hotspot (captive portal) in case wifi connection fails
ap = {
ssid = "Esp1 Fallback Hotspot";
password = "!secret ap_fallback";
};
}; };
}; };
}; };

Binary file not shown.

View file

@ -37,7 +37,7 @@
in { in {
name = "${name}.yaml"; name = "${name}.yaml";
file = pkgs.runCommandLocal "${name}.yaml" {} '' file = pkgs.runCommandLocal "${name}.yaml" {} ''
cp ${format.generate "${name}.yaml" filteredConfig} $out cp ${format.generate name filteredConfig} $out
sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out
sed -i 's/ {}//g' $out sed -i 's/ {}//g' $out
''; '';
@ -49,6 +49,11 @@ in {
type = with types; attrsOf anything; type = with types; attrsOf anything;
}; };
secretsFile = mkOption {
default = null;
type = types.nullOr types.path;
};
deleteUnmanaged = mkOption { deleteUnmanaged = mkOption {
default = true; default = true;
type = types.bool; type = types.bool;
@ -74,6 +79,8 @@ in {
mkdir -p ${stateDir} mkdir -p ${stateDir}
fi fi
${optionalString (cfg.secretsFile != null) ''cp -f "$(realpath "${cfg.secretsFile}")" ${stateDir}/secrets.yaml''}
${optionalString cfg.deleteUnmanaged ''find ${stateDir} -name "*.yaml" ! -name "secrets.yaml" -delete''} ${optionalString cfg.deleteUnmanaged ''find ${stateDir} -name "*.yaml" ! -name "secrets.yaml" -delete''}
${concatMapStringsSep ${concatMapStringsSep

View file

@ -98,7 +98,12 @@
}; };
# Home-assistant # Home-assistant
homie = mkNixOS {extraModules = [./devices/homie];}; homie = mkNixOS {
extraModules = [
./devices/homie
secrets.nixosModules.homie
];
};
# Cluster # Cluster
thingone = mkNixOS { thingone = mkNixOS {