feat(esphome): add secretsFile option

devices/homie/modules/home-assistant/assist.nix

@@ -53,4 +53,7 @@
       port = 6052;
     };
   };
+
+  # In case tailscale is down
+  boot.kernel.sysctl."net.ipv4.ip_nonlocal_bind" = 1;
 }

devices/homie/modules/home-assistant/firmware.nix

@@ -1,5 +1,8 @@
-{...}: {
-  services.esphome.firmwareConfigs = {
+{config, ...}: {
+  services.esphome = {
+    secretsFile = config.sops.secrets.esphome.path;
+
+    firmwareConfigs = {
       "esp1" = {
         packages.remote_package_files = {
           url = "https://github.com/esphome/firmware";
@@ -37,4 +40,5 @@
         };
       };
     };
+  };
 }

nixosModules/esphome-plus/default.nix

@@ -37,7 +37,7 @@
   in {
     name = "${name}.yaml";
     file = pkgs.runCommandLocal "${name}.yaml" {} ''
-      cp ${format.generate "${name}.yaml" filteredConfig} $out
+      cp ${format.generate name filteredConfig} $out
       sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out
       sed -i 's/ {}//g' $out
     '';
@@ -49,6 +49,11 @@ in {
       type = with types; attrsOf anything;
     };
 
+    secretsFile = mkOption {
+      default = null;
+      type = types.nullOr types.path;
+    };
+
     deleteUnmanaged = mkOption {
       default = true;
       type = types.bool;
@@ -74,6 +79,8 @@ in {
                   mkdir -p ${stateDir}
               fi
 
+              ${optionalString (cfg.secretsFile != null) ''cp -f "$(realpath "${cfg.secretsFile}")" ${stateDir}/secrets.yaml''}
+
               ${optionalString cfg.deleteUnmanaged ''find ${stateDir} -name "*.yaml" ! -name "secrets.yaml" -delete''}
 
               ${concatMapStringsSep

outputs.nix

@@ -98,7 +98,12 @@
       };
 
       # Home-assistant
-      homie = mkNixOS {extraModules = [./devices/homie];};
+      homie = mkNixOS {
+          extraModules = [
+            ./devices/homie
+            secrets.nixosModules.homie
+          ];
+        };
 
       # Cluster
       thingone = mkNixOS {