feat(esphome): add secretsFile option

devices/homie/modules/home-assistant/assist.nix

@@ -53,4 +53,7 @@
       port = 6052;
     };
   };
+
+  # In case tailscale is down
+  boot.kernel.sysctl."net.ipv4.ip_nonlocal_bind" = 1;
 }

devices/homie/modules/home-assistant/firmware.nix

@@ -1,38 +1,42 @@
-{...}: {
-  services.esphome.firmwareConfigs = {
-    "esp1" = {
-      packages.remote_package_files = {
-        url = "https://github.com/esphome/firmware";
-        files = ["voice-assistant/m5stack-atom-echo.adopted.yaml"];
-        ref = "0f6fad0860b8bd2c251162abde5064be1ae29546";
-      };
+{config, ...}: {
+  services.esphome = {
+    secretsFile = config.sops.secrets.esphome.path;
 
-      # Enable Home Assistant API
-      api.encryption.key = "!secret api_key";
-
-      ota = [
-        {
-          platform = "esphome";
-          password = "!secret ota_pass";
-        }
-      ];
-
-      wifi = {
-        ssid = "!secret wifi_ssid";
-        password = "!secret wifi_password";
-
-        manual_ip = {
-          # Set this to the IP of the ESP
-          static_ip = "192.168.0.92";
-          # Set this to the IP address of the router. Often ends with .1
-          gateway = "192.168.0.1";
-          subnet = "255.255.255.0";
+    firmwareConfigs = {
+      "esp1" = {
+        packages.remote_package_files = {
+          url = "https://github.com/esphome/firmware";
+          files = ["voice-assistant/m5stack-atom-echo.adopted.yaml"];
+          ref = "0f6fad0860b8bd2c251162abde5064be1ae29546";
         };
 
-        # Enable fallback hotspot (captive portal) in case wifi connection fails
-        ap = {
-          ssid = "Esp1 Fallback Hotspot";
-          password = "!secret ap_fallback";
+        # Enable Home Assistant API
+        api.encryption.key = "!secret api_key";
+
+        ota = [
+          {
+            platform = "esphome";
+            password = "!secret ota_pass";
+          }
+        ];
+
+        wifi = {
+          ssid = "!secret wifi_ssid";
+          password = "!secret wifi_password";
+
+          manual_ip = {
+            # Set this to the IP of the ESP
+            static_ip = "192.168.0.92";
+            # Set this to the IP address of the router. Often ends with .1
+            gateway = "192.168.0.1";
+            subnet = "255.255.255.0";
+          };
+
+          # Enable fallback hotspot (captive portal) in case wifi connection fails
+          ap = {
+            ssid = "Esp1 Fallback Hotspot";
+            password = "!secret ap_fallback";
+          };
         };
       };
     };

nixosModules/esphome-plus/default.nix

@@ -37,7 +37,7 @@
   in {
     name = "${name}.yaml";
     file = pkgs.runCommandLocal "${name}.yaml" {} ''
-      cp ${format.generate "${name}.yaml" filteredConfig} $out
+      cp ${format.generate name filteredConfig} $out
       sed -i -e "s/'\!\([a-z_]\+\) \(.*\)'/\!\1 \2/;s/^\!\!/\!/;" $out
       sed -i 's/ {}//g' $out
     '';
@@ -49,6 +49,11 @@ in {
       type = with types; attrsOf anything;
     };
 
+    secretsFile = mkOption {
+      default = null;
+      type = types.nullOr types.path;
+    };
+
     deleteUnmanaged = mkOption {
       default = true;
       type = types.bool;
@@ -74,6 +79,8 @@ in {
                   mkdir -p ${stateDir}
               fi
 
+              ${optionalString (cfg.secretsFile != null) ''cp -f "$(realpath "${cfg.secretsFile}")" ${stateDir}/secrets.yaml''}
+
               ${optionalString cfg.deleteUnmanaged ''find ${stateDir} -name "*.yaml" ! -name "secrets.yaml" -delete''}
 
               ${concatMapStringsSep

outputs.nix

@@ -98,7 +98,12 @@
       };
 
       # Home-assistant
-      homie = mkNixOS {extraModules = [./devices/homie];};
+      homie = mkNixOS {
+          extraModules = [
+            ./devices/homie
+            secrets.nixosModules.homie
+          ];
+        };
 
       # Cluster
       thingone = mkNixOS {