feat(esphome): add secretsFile option
All checks were successful
Discord / discord commits (push) Has been skipped
All checks were successful
Discord / discord commits (push) Has been skipped
This commit is contained in:
parent
e82b9d5306
commit
9dee168383
5 changed files with 53 additions and 34 deletions
|
@ -53,4 +53,7 @@
|
||||||
port = 6052;
|
port = 6052;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# In case tailscale is down
|
||||||
|
boot.kernel.sysctl."net.ipv4.ip_nonlocal_bind" = 1;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,38 +1,42 @@
|
||||||
{...}: {
|
{config, ...}: {
|
||||||
services.esphome.firmwareConfigs = {
|
services.esphome = {
|
||||||
"esp1" = {
|
secretsFile = config.sops.secrets.esphome.path;
|
||||||
packages.remote_package_files = {
|
|
||||||
url = "https://github.com/esphome/firmware";
|
|
||||||
files = ["voice-assistant/m5stack-atom-echo.adopted.yaml"];
|
|
||||||
ref = "0f6fad0860b8bd2c251162abde5064be1ae29546";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Enable Home Assistant API
|
firmwareConfigs = {
|
||||||
api.encryption.key = "!secret api_key";
|
"esp1" = {
|
||||||
|
packages.remote_package_files = {
|
||||||
ota = [
|
url = "https://github.com/esphome/firmware";
|
||||||
{
|
files = ["voice-assistant/m5stack-atom-echo.adopted.yaml"];
|
||||||
platform = "esphome";
|
ref = "0f6fad0860b8bd2c251162abde5064be1ae29546";
|
||||||
password = "!secret ota_pass";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
wifi = {
|
|
||||||
ssid = "!secret wifi_ssid";
|
|
||||||
password = "!secret wifi_password";
|
|
||||||
|
|
||||||
manual_ip = {
|
|
||||||
# Set this to the IP of the ESP
|
|
||||||
static_ip = "192.168.0.92";
|
|
||||||
# Set this to the IP address of the router. Often ends with .1
|
|
||||||
gateway = "192.168.0.1";
|
|
||||||
subnet = "255.255.255.0";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable fallback hotspot (captive portal) in case wifi connection fails
|
# Enable Home Assistant API
|
||||||
ap = {
|
api.encryption.key = "!secret api_key";
|
||||||
ssid = "Esp1 Fallback Hotspot";
|
|
||||||
password = "!secret ap_fallback";
|
ota = [
|
||||||
|
{
|
||||||
|
platform = "esphome";
|
||||||
|
password = "!secret ota_pass";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
wifi = {
|
||||||
|
ssid = "!secret wifi_ssid";
|
||||||
|
password = "!secret wifi_password";
|
||||||
|
|
||||||
|
manual_ip = {
|
||||||
|
# Set this to the IP of the ESP
|
||||||
|
static_ip = "192.168.0.92";
|
||||||
|
# Set this to the IP address of the router. Often ends with .1
|
||||||
|
gateway = "192.168.0.1";
|
||||||
|
subnet = "255.255.255.0";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Enable fallback hotspot (captive portal) in case wifi connection fails
|
||||||
|
ap = {
|
||||||
|
ssid = "Esp1 Fallback Hotspot";
|
||||||
|
password = "!secret ap_fallback";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
BIN
flake.lock
BIN
flake.lock
Binary file not shown.
|
@ -37,7 +37,7 @@
|
||||||
in {
|
in {
|
||||||
name = "${name}.yaml";
|
name = "${name}.yaml";
|
||||||
file = pkgs.runCommandLocal "${name}.yaml" {} ''
|
file = pkgs.runCommandLocal "${name}.yaml" {} ''
|
||||||
cp ${format.generate "${name}.yaml" filteredConfig} $out
|
cp ${format.generate name filteredConfig} $out
|
||||||
sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out
|
sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out
|
||||||
sed -i 's/ {}//g' $out
|
sed -i 's/ {}//g' $out
|
||||||
'';
|
'';
|
||||||
|
@ -49,6 +49,11 @@ in {
|
||||||
type = with types; attrsOf anything;
|
type = with types; attrsOf anything;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
secretsFile = mkOption {
|
||||||
|
default = null;
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
};
|
||||||
|
|
||||||
deleteUnmanaged = mkOption {
|
deleteUnmanaged = mkOption {
|
||||||
default = true;
|
default = true;
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
|
@ -74,6 +79,8 @@ in {
|
||||||
mkdir -p ${stateDir}
|
mkdir -p ${stateDir}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
${optionalString (cfg.secretsFile != null) ''cp -f "$(realpath "${cfg.secretsFile}")" ${stateDir}/secrets.yaml''}
|
||||||
|
|
||||||
${optionalString cfg.deleteUnmanaged ''find ${stateDir} -name "*.yaml" ! -name "secrets.yaml" -delete''}
|
${optionalString cfg.deleteUnmanaged ''find ${stateDir} -name "*.yaml" ! -name "secrets.yaml" -delete''}
|
||||||
|
|
||||||
${concatMapStringsSep
|
${concatMapStringsSep
|
||||||
|
|
|
@ -98,7 +98,12 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
# Home-assistant
|
# Home-assistant
|
||||||
homie = mkNixOS {extraModules = [./devices/homie];};
|
homie = mkNixOS {
|
||||||
|
extraModules = [
|
||||||
|
./devices/homie
|
||||||
|
secrets.nixosModules.homie
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
# Cluster
|
# Cluster
|
||||||
thingone = mkNixOS {
|
thingone = mkNixOS {
|
||||||
|
|
Loading…
Reference in a new issue