hosting/selfhostblocks
1
0
Fork 0
Code Issues Activity

make home-assistant service work without ldap integration

Browse source
This commit is contained in:
ibizaman 2024-01-07 14:42:07 -08:00 committed by Pierre Penninckx
parent 719ec6c62e
commit a5e9af27b5
1 changed files with 78 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

73
modules/services/home-assistant.nix
View file

@ -33,10 +33,54 @@ in
example = "mydomain.com"; example = "mydomain.com";
}; };
ldapEndpoint = lib.mkOption { ldap = lib.mkOption {
description = ''
LDAP Integration App. [Manual](https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/user_auth_ldap.html)
Enabling this app will create a new LDAP configuration or update one that exists with
the given host.
'';
default = {};
type = lib.types.submodule {
options = {
enable = lib.mkEnableOption "LDAP app.";
host = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "host serving the LDAP server"; description = ''
example = "http://127.0.0.1:389"; Host serving the LDAP server.
If set, the Home Assistant auth will be disabled. To keep it, set
`keepDefaultAuth` to `true`.
'';
default = "127.0.0.1";
};
port = lib.mkOption {
type = lib.types.port;
description = ''
Port of the service serving the LDAP server.
'';
default = 389;
};
userGroup = lib.mkOption {
type = lib.types.str;
description = "Group users must belong to to be able to login to Nextcloud.";
default = "homeassistant_user";
};
keepDefaultAuth = lib.mkOption {
type = lib.types.bool;
description = ''
Keep Home Assistant auth active, even if LDAP is configured. Usually, you want to enable
this to transfer existing users to LDAP and then you can disabled it.
'';
default = false;
};
};
};
}; };
sopsFile = lib.mkOption { sopsFile = lib.mkOption {
@ -100,17 +144,20 @@ in
longitude = "!secret longitude_home"; longitude = "!secret longitude_home";
time_zone = "!secret time_zone"; time_zone = "!secret time_zone";
unit_system = "metric"; unit_system = "metric";
auth_providers = [ auth_providers =
# Ensure you have the homeassistant provider enabled if you want to continue using your existing accounts (lib.optionals (!cfg.ldap.enable || cfg.ldap.keepDefaultAuth) [
# { type = "homeassistant"; } {
{ type = "command_line"; type = "homeassistant";
}
])
++ (lib.optionals cfg.ldap.enable [
{
type = "command_line";
command = ldap_auth_script + "/bin/ldap_auth.sh"; command = ldap_auth_script + "/bin/ldap_auth.sh";
# Only allow users in the 'homeassistant_user' group to login. args = [ "http://${cfg.ldap.host}:${toString cfg.ldap.port}" cfg.ldap.userGroup ];
# Change to ["https://lldap.example.com"] to allow all users
args = [ cfg.ldapEndpoint "homeassistant_user" ];
meta = true; meta = true;
} }
]; ]);
}; };
"automation ui" = "!include automations.yaml"; "automation ui" = "!include automations.yaml";
"scene ui" = "!include scenes.yaml"; "scene ui" = "!include scenes.yaml";
@ -159,7 +206,7 @@ in
}; };
}; };
systemd.services.home-assistant.preStart = systemd.services.home-assistant.preStart = lib.mkIf cfg.ldap.enable (
let let
onboarding = pkgs.writeText "onboarding" '' onboarding = pkgs.writeText "onboarding" ''
{ {
@ -181,7 +228,7 @@ in
if ! -f ${file}; then if ! -f ${file}; then
mkdir -p ${storage} && cp ${onboarding} ${file} mkdir -p ${storage} && cp ${onboarding} ${file}
fi fi
''; '');
sops.secrets."home-assistant" = { sops.secrets."home-assistant" = {
inherit (cfg) sopsFile; inherit (cfg) sopsFile;