From 716e66ada8b912b166924b6aab424939275cebfd Mon Sep 17 00:00:00 2001
From: ibizaman <ibizapeanut@gmail.com>
Date: Thu, 29 Feb 2024 20:34:09 -0800
Subject: [PATCH] update home-assistant demo
---
demo/homeassistant/README.md | 11 +++-------
demo/homeassistant/flake.lock | 38 ++++++++++++++++-----------------
demo/homeassistant/flake.nix | 35 ++++++++++++++++++++++++++++++
demo/homeassistant/secrets.yaml | 10 ++++++---
4 files changed, 64 insertions(+), 30 deletions(-)
diff --git a/demo/homeassistant/README.md b/demo/homeassistant/README.md
index 348f5b1..7b5b835 100644
--- a/demo/homeassistant/README.md
+++ b/demo/homeassistant/README.md
@@ -230,21 +230,16 @@ SOPS_AGE_KEY_FILE=keys.txt nix run --impure nixpkgs#sops -- \
The `secrets.yaml` file must follow the format:
```yaml
-home-assistant: |
- name: "My Instance"
+home-assistant:
country: "US"
- latitude_home: "0.100"
- longitude_home: "-0.100"
+ latitude: "0.100"
+ longitude: "-0.100"
time_zone: "America/Los_Angeles"
- unit_system: "metric"
lldap:
user_password: XXX...
jwt_secret: YYY...
```
-> Important: the value of the `home-assistant` field is a string that looks like yaml. Do _not_
-> remove the pipe (|) sign.
-
You can generate random secrets with:
```bash
diff --git a/demo/homeassistant/flake.lock b/demo/homeassistant/flake.lock
index 6bf946d..fcd21e0 100644
--- a/demo/homeassistant/flake.lock
+++ b/demo/homeassistant/flake.lock
@@ -5,11 +5,11 @@
"systems": "systems"
},
"locked": {
- "lastModified": 1705309234,
- "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+ "lastModified": 1709126324,
+ "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+ "rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
@@ -35,11 +35,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1707092692,
- "narHash": "sha256-ZbHsm+mGk/izkWtT4xwwqz38fdlwu7nUUKXTOmm4SyE=",
+ "lastModified": 1709150264,
+ "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "faf912b086576fd1a15fca610166c98d47bc667e",
+ "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08",
"type": "github"
},
"original": {
@@ -51,27 +51,27 @@
},
"nixpkgs-stable": {
"locked": {
- "lastModified": 1705957679,
- "narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
+ "lastModified": 1708819810,
+ "narHash": "sha256-1KosU+ZFXf31GPeCBNxobZWMgHsSOJcrSFA6F2jhzdE=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
+ "rev": "89a2a12e6c8c6a56c72eb3589982c8e2f89c70ea",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "release-23.05",
+ "ref": "release-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
- "lastModified": 1706925685,
- "narHash": "sha256-hVInjWMmgH4yZgA4ZtbgJM1qEAel72SYhP5nOWX4UIM=",
+ "lastModified": 1708751719,
+ "narHash": "sha256-0uWOKSpXJXmXswOvDM5Vk3blB74apFB6rNGWV5IjoN0=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "79a13f1437e149dc7be2d1290c74d378dad60814",
+ "rev": "f63ce824cd2f036216eb5f637dfef31e1a03ee89",
"type": "github"
},
"original": {
@@ -111,11 +111,11 @@
"sops-nix": "sops-nix"
},
"locked": {
- "lastModified": 1707374005,
- "narHash": "sha256-W3p8hBLUdlHAG7yxT250jImnFmXe83tN119/jRiBYdo=",
+ "lastModified": 1709267447,
+ "narHash": "sha256-5Q467FhpS18L/+5iB3wsWaR9tBqdzNt0fpdkZJNqNxc=",
"owner": "ibizaman",
"repo": "selfhostblocks",
- "rev": "7d0276e9f2509bc6f175358c318374fedfc64422",
+ "rev": "fa206d0e1515fb0e49393e7ada6d7e5c6ec1df58",
"type": "github"
},
"original": {
@@ -130,11 +130,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
- "lastModified": 1707015547,
- "narHash": "sha256-YZr0OrqWPdbwBhxpBu69D32ngJZw8AMgZtJeaJn0e94=",
+ "lastModified": 1708987867,
+ "narHash": "sha256-k2lDaDWNTU5sBVHanYzjDKVDmk29RHIgdbbXu5sdzBA=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "23f61b897c00b66855074db471ba016e0cda20dd",
+ "rev": "a1c8de14f60924fafe13aea66b46157f0150f4cf",
"type": "github"
},
"original": {
diff --git a/demo/homeassistant/flake.nix b/demo/homeassistant/flake.nix
index bc20515..e8d5eba 100644
--- a/demo/homeassistant/flake.nix
+++ b/demo/homeassistant/flake.nix
@@ -18,7 +18,42 @@
enable = true;
domain = "example.com";
subdomain = "ha";
+ config = {
+ name = "SHB Home Assistant";
+ country.source = config.sops.secrets."home-assistant/country".path;
+ latitude.source = config.sops.secrets."home-assistant/latitude".path;
+ longitude.source = config.sops.secrets."home-assistant/longitude".path;
+ time_zone.source = config.sops.secrets."home-assistant/time_zone".path;
+ unit_system = "metric";
+ };
+ };
+ sops.secrets."home-assistant/country" = {
sopsFile = ./secrets.yaml;
+ mode = "0440";
+ owner = "hass";
+ group = "hass";
+ restartUnits = [ "home-assistant.service" ];
+ };
+ sops.secrets."home-assistant/latitude" = {
+ sopsFile = ./secrets.yaml;
+ mode = "0440";
+ owner = "hass";
+ group = "hass";
+ restartUnits = [ "home-assistant.service" ];
+ };
+ sops.secrets."home-assistant/longitude" = {
+ sopsFile = ./secrets.yaml;
+ mode = "0440";
+ owner = "hass";
+ group = "hass";
+ restartUnits = [ "home-assistant.service" ];
+ };
+ sops.secrets."home-assistant/time_zone" = {
+ sopsFile = ./secrets.yaml;
+ mode = "0440";
+ owner = "hass";
+ group = "hass";
+ restartUnits = [ "home-assistant.service" ];
};
nixpkgs.config.permittedInsecurePackages = [
diff --git a/demo/homeassistant/secrets.yaml b/demo/homeassistant/secrets.yaml
index e0e488c..5b1900d 100644
--- a/demo/homeassistant/secrets.yaml
+++ b/demo/homeassistant/secrets.yaml
@@ -1,4 +1,8 @@
-home-assistant: ENC[AES256_GCM,data:acEXqx3bdQp0zB5FnHCBsic/kgu2L8Q6h/fsfrLmdk7SOfzEibPpPLCCv8eYmh4D5VuIAsq/PeJ3k+uqWGbTrJt7EIcxt0kYTLRuWZRG8YJH1+HCxoKcO/mx9bwbRd3LtXiVscgP9zIZLoLPK2XieFKOeg==,iv:dJ7FUkquMI4g4K2Nnv3kFFQk/va2QgwfgGoWif5f2tU=,tag:6LIBt9whdRPVsoF1RY3Pew==,type:str]
+home-assistant:
+ country: ENC[AES256_GCM,data:2Ng=,iv:/VMB6yi3e8piAx8DzLGGhLsozxWUWX2R7NcmACFng8Q=,tag:Tx0Iy1AnLmPrnYu7XtbesA==,type:str]
+ latitude: ENC[AES256_GCM,data:p/O1HW4=,iv:CRgL4wcM3gMNu/OAHVoQuLcRD9J3SbkxsjvobiabQ0g=,tag:uIo5Rv7geOtVcarp4Qkqww==,type:str]
+ longitude: ENC[AES256_GCM,data:sVyww6F7,iv:9EZYXSkv+rhD77lqmC+c8i+wf46KPYloVoK+ok3bWYY=,tag:c+lmtcGvULtMdu9ZTDewjA==,type:str]
+ time_zone: ENC[AES256_GCM,data:JKXdsQZrtB1B77klxuemw1tZbg==,iv:nItJfpwp2XWmBHbohrjNMWQ8TpL2Xsv22UujZRgDscw=,tag:wrHbA1yycutUUn79F9wy6Q==,type:str]
lldap:
user_password: ENC[AES256_GCM,data:JrFraqFSqAhRVjB5fagIoB864aejt24q+qqWeu8ySC0=,iv:RS7VS+9tsSknn9SwpfyYVi41m3lN4SkZ4CSwrzH/Eso=,tag:5L7fx6/KhDtjHPruwac/sw==,type:str]
jwt_secret: ENC[AES256_GCM,data:W1T/QoxuzMD+2AL7sP5KkMcC+GvFdd4kfd70rHLnQD+jWNs9G0igkC/BxxgbIfnSASwtSnBaaiU6/pxLFOcUVh0Nyd0Zmb/KTbagpUvSl//AZnTt/WKF9Q/8sqKzsGv0QdMyZKWi4cxiEILcTbxOsgwriFGgOJ1k5N8JEif15ig=,iv:rHlRt6nWMz8rVmU0aKH6VWWVXunOfJcDvZOxgWbK1FI=,tag:qC6N61rE8CfPSXrsEqFoIQ==,type:str]
@@ -26,8 +30,8 @@ sops:
VlJpS1BYd2UrZU1mZTEwU1BYODhqM2sKvQnFV8xsy1tEmYZu4izBYb7XQqTPOLTL
bRkU6n17uiyXNbiXDAbX0Png/XmVG96/+Zl38BBXPQvARX8c2tzq6w==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-01-23T00:46:58Z"
- mac: ENC[AES256_GCM,data:kBkUCStabQ32JK/UDPATgOz3HoI/dVkNLsl6uEhHk8ODbF+ZBg6BDEaxtMFFh0bV+71klAmF0KsL/kHKiHlbNuoNWOxwbsANGeL8xtV6JCU58zTF0nfgAP/3KJYveridgylRRZS5hYl5Mg+z6Zdgw+43r3Iiizf86BZVc5OaDyY=,iv:ZXWLXQUrVIwYCCVnXI0jTf5paOWNuujG/Pw+Nf/M34A=,tag:+P/UJqBI3prcxEUO4Zqu/A==,type:str]
+ lastmodified: "2024-02-12T05:07:51Z"
+ mac: ENC[AES256_GCM,data:MOmvK0g6Wj+fND154QUhmXujsDOKMO5CRRckru+eDRPeHcJZUnI/jjolcI8y+LEdhUVf0Ln8E38GSxZT/8EW3CfCNkOUikGFdfxuQ2uzNp/1wMvNaF988lrXMBfQ7Il18AiYVK0QhGReGXJa6wBVUb2Qfrg41WC65UvQtMOByqI=,iv:Rscvq1l7YgNapC0NkabQHBzirzsPEr8ykAQqx+qGoi0=,tag:ud+K72bnUV1hnsjcewNrsw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1