1
0
Fork 0
selfhostblocks/demo/homeassistant/flake.nix

76 lines
2.2 KiB
Nix
Raw Normal View History

2023-07-01 18:46:19 +02:00
{
description = "Home Assistant example for Self Host Blocks";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
sops-nix.url = "github:Mic92/sops-nix";
2023-12-09 19:16:41 +01:00
selfhostblocks.url = "github:ibizaman/selfhostblocks";
2023-07-01 18:46:19 +02:00
selfhostblocks.inputs.nixpkgs.follows = "nixpkgs";
selfhostblocks.inputs.sops-nix.follows = "sops-nix";
};
outputs = inputs@{ self, nixpkgs, sops-nix, selfhostblocks, ... }: {
colmena = {
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
};
specialArgs = inputs;
};
myserver = { config, ... }: {
2023-07-01 18:46:19 +02:00
imports = [
./configuration.nix
sops-nix.nixosModules.default
selfhostblocks.nixosModules.x86_64-linux.default
2023-07-01 18:46:19 +02:00
];
# Used by colmena to know which target host to deploy to.
deployment = {
targetHost = "example";
targetUser = "nixos";
targetPort = 2222;
};
shb.ldap = {
enable = true;
domain = "example.com";
subdomain = "ldap";
ldapPort = 3890;
2023-12-09 19:16:41 +01:00
webUIListenPort = 17170;
dcdomain = "dc=example,dc=com";
2023-12-09 19:16:41 +01:00
ldapUserPasswordFile = config.sops.secrets."lldap/user_password".path;
jwtSecretFile = config.sops.secrets."lldap/jwt_secret".path;
};
sops.secrets."lldap/user_password" = {
sopsFile = ./secrets.yaml;
mode = "0440";
owner = "lldap";
group = "lldap";
restartUnits = [ "lldap.service" ];
};
sops.secrets."lldap/jwt_secret" = {
sopsFile = ./secrets.yaml;
2023-12-09 19:16:41 +01:00
mode = "0440";
owner = "lldap";
group = "lldap";
restartUnits = [ "lldap.service" ];
};
2023-07-01 18:46:19 +02:00
shb.home-assistant = {
enable = true;
domain = "example.com";
2023-12-09 19:16:41 +01:00
ldapEndpoint = "http://127.0.0.1:${builtins.toString config.shb.ldap.webUIListenPort}";
2023-07-01 18:46:19 +02:00
subdomain = "ha";
sopsFile = ./secrets.yaml;
};
2023-11-20 08:11:03 +01:00
# Set to true for more debug info with `journalctl -f -u nginx`.
shb.nginx.accessLog = false;
shb.nginx.debugLog = false;
2023-07-01 18:46:19 +02:00
};
};
};
}