matt1432/nixos-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(esphome): add secretsFile option
All checks were successful
Discord / discord commits (push) Has been skipped
Details

Browse source
This commit is contained in:
matt1432 2024-09-05 22:42:17 -04:00
parent e82b9d5306
commit 9dee168383
5 changed files with 57 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
devices/homie/modules/home-assistant/assist.nix
View file

@ -53,4 +53,7 @@
port = 6052; port = 6052;
}; };
}; };
# In case tailscale is down
boot.kernel.sysctl."net.ipv4.ip_nonlocal_bind" = 1;
} }

68
devices/homie/modules/home-assistant/firmware.nix
View file

@ -1,38 +1,42 @@
{...}: { {config, ...}: {
services.esphome.firmwareConfigs = { services.esphome = {
"esp1" = { secretsFile = config.sops.secrets.esphome.path;
packages.remote_package_files = {
url = "https://github.com/esphome/firmware";
files = ["voice-assistant/m5stack-atom-echo.adopted.yaml"];
ref = "0f6fad0860b8bd2c251162abde5064be1ae29546";
};
# Enable Home Assistant API firmwareConfigs = {
api.encryption.key = "!secret api_key"; "esp1" = {
packages.remote_package_files = {
ota = [ url = "https://github.com/esphome/firmware";
{ files = ["voice-assistant/m5stack-atom-echo.adopted.yaml"];
platform = "esphome"; ref = "0f6fad0860b8bd2c251162abde5064be1ae29546";
password = "!secret ota_pass";
}
];
wifi = {
ssid = "!secret wifi_ssid";
password = "!secret wifi_password";
manual_ip = {
# Set this to the IP of the ESP
static_ip = "192.168.0.92";
# Set this to the IP address of the router. Often ends with .1
gateway = "192.168.0.1";
subnet = "255.255.255.0";
}; };
# Enable fallback hotspot (captive portal) in case wifi connection fails # Enable Home Assistant API
ap = { api.encryption.key = "!secret api_key";
ssid = "Esp1 Fallback Hotspot";
password = "!secret ap_fallback"; ota = [
{
platform = "esphome";
password = "!secret ota_pass";
}
];
wifi = {
ssid = "!secret wifi_ssid";
password = "!secret wifi_password";
manual_ip = {
# Set this to the IP of the ESP
static_ip = "192.168.0.92";
# Set this to the IP address of the router. Often ends with .1
gateway = "192.168.0.1";
subnet = "255.255.255.0";
};
# Enable fallback hotspot (captive portal) in case wifi connection fails
ap = {
ssid = "Esp1 Fallback Hotspot";
password = "!secret ap_fallback";
};
}; };
}; };
}; };

8
flake.lock
View file

@ -1757,11 +1757,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1723480554, "lastModified": 1725588406,
"narHash": "sha256-2giqpDLWpVYy5GV87x20GzRAxORGToeaKsWjEOyFB8o=", "narHash": "sha256-yX3/SKEP/AB4IJiV8X008tnOepTla0XeJ9m2d6VoQAQ=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "205779bc5f06840e30e0a90d97baa61e42b6a76a", "rev": "fe8958ac8792da69e7071e69482bc488a65f926f",
"revCount": 73, "revCount": 76,
"type": "git", "type": "git",
"url": "ssh://git@git.nelim.org/matt1432/nixos-secrets" "url": "ssh://git@git.nelim.org/matt1432/nixos-secrets"
}, },

9
nixosModules/esphome-plus/default.nix
View file

@ -37,7 +37,7 @@
in { in {
name = "${name}.yaml"; name = "${name}.yaml";
file = pkgs.runCommandLocal "${name}.yaml" {} '' file = pkgs.runCommandLocal "${name}.yaml" {} ''
cp ${format.generate "${name}.yaml" filteredConfig} $out cp ${format.generate name filteredConfig} $out
sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out
sed -i 's/ {}//g' $out sed -i 's/ {}//g' $out
''; '';
@ -49,6 +49,11 @@ in {
type = with types; attrsOf anything; type = with types; attrsOf anything;
}; };
secretsFile = mkOption {
default = null;
type = types.nullOr types.path;
};
deleteUnmanaged = mkOption { deleteUnmanaged = mkOption {
default = true; default = true;
type = types.bool; type = types.bool;
@ -74,6 +79,8 @@ in {
mkdir -p ${stateDir} mkdir -p ${stateDir}
fi fi
${optionalString (cfg.secretsFile != null) ''cp -f "$(realpath "${cfg.secretsFile}")" ${stateDir}/secrets.yaml''}
${optionalString cfg.deleteUnmanaged ''find ${stateDir} -name "*.yaml" ! -name "secrets.yaml" -delete''} ${optionalString cfg.deleteUnmanaged ''find ${stateDir} -name "*.yaml" ! -name "secrets.yaml" -delete''}
${concatMapStringsSep ${concatMapStringsSep

7
outputs.nix
View file

@ -98,7 +98,12 @@
}; };
# Home-assistant # Home-assistant
homie = mkNixOS {extraModules = [./devices/homie];}; homie = mkNixOS {
extraModules = [
./devices/homie
secrets.nixosModules.homie
];
};
# Cluster # Cluster
thingone = mkNixOS { thingone = mkNixOS {