From 44d9ae0faf04f41a1f3b74333e6939deadf9311a Mon Sep 17 00:00:00 2001 From: soraefir Date: Mon, 18 May 2026 21:30:32 +0200 Subject: [PATCH] add hass & handbrake --- modules/server/containers/apps/handbrake.nix | 78 ++++++++++++++++++- .../server/containers/apps/homeassistant.nix | 65 ++++++++++++---- 2 files changed, 125 insertions(+), 18 deletions(-) diff --git a/modules/server/containers/apps/handbrake.nix b/modules/server/containers/apps/handbrake.nix index d174df1..0b811c5 100644 --- a/modules/server/containers/apps/handbrake.nix +++ b/modules/server/containers/apps/handbrake.nix @@ -1,6 +1,76 @@ -{...}:{ +{ config, containerCfg, pkgs, lib, builder, name,... }: +let + serverCfg = config.syscfg.server; + image = pkgs.dockerTools.streamLayeredImage { + name = pkgs.handbrake.name; + tag = pkgs.handbrake.version; + #contents = [ pkgs.coreutils ]; + + config = { + Entrypoint = [ "${pkgs.handbrake}/bin/HandBrakeCLI" ]; + WorkingDir = "/storage"; + Env = [ "PATH=${lib.makeBinPath [ pkgs.handbrake ]}"]; + }; + }; +in { + sops = false; # Enabled to manage potential API keys or secure paths + db = false; + + paths = [{ + path = "${serverCfg.configPath}/handbrake/config"; + mode = "0755"; + } { + path = "${serverCfg.dataPath}/handbrake/"; + mode = "0755"; + }]; + + containers = { + server = builder.mkContainer { + subdomain = containerCfg.subdomain; + imageStream = image; + port = 5800; + + extraEnv = { + TZ = "UTC"; + USER_ID = "1000"; + GROUP_ID = "1000"; + AUTOMATED_CONVERSION_PRESET = "Very Fast 1080p30"; + AUTOMATED_CONVERSION_FORMAT = "mp4"; + AUTOMATED_CONVERSION_OUTPUT_DIR = "/output"; + AUTOMATED_CONVERSION_WATCH_DIR = "AUTO"; + AUTOMATED_CONVERSION_KEEP_SOURCE = "1"; + AUTOMATED_CONVERSION_OVERWRITE_OUTPUT = "0"; + AUTOMATED_CONVERSION_VIDEO_FILE_EXTENSIONS = ""; + AUTOMATED_CONVERSION_NON_VIDEO_FILE_ACTION = "ignore"; + AUTOMATED_CONVERSION_NON_VIDEO_FILE_EXTENSIONS = "jpg jpeg bmp png gif txt nfo"; + AUTOMATED_CONVERSION_MAX_WATCH_FOLDERS = "5"; + AUTOMATED_CONVERSION_CHECK_INTERVAL = "5"; + AUTOMATED_CONVERSION_HANDBRAKE_CUSTOM_ARGS = ""; + AUTOMATED_CONVERSION_NO_GUI_PROGRESS = "0"; + AUTOMATED_CONVERSION_USE_TRASH = "0"; + HANDBRAKE_GUI = "1"; + }; + extraLabels = { } // (if serverCfg.containers ? authentik then { + "traefik.http.routers.${containerCfg.subdomain}.middlewares" = "authentik"; + } else {}); + + overrides = { + volumes = [ + "${serverCfg.configPath}/handbrake/config:/config:rw" + "${serverCfg.dataPath}/handbrake/watch:/watch:rw" + "${serverCfg.dataPath}/handbrake/output:/output:rw" + ]; + }; + }; + }; + + + setup = { + trigger = "server"; + script = pkgs.writeShellScript "setup" '' + mkdir -p ${serverCfg.dataPath}/handbrake/{watch,output} + + ''; + }; - # extraLabels = { } // (if serverCfg.containers ? authentik then { - # "traefik.http.routers.${containerCfg.subdomain}.middlewares" = "authentik"; - # } else {}); } \ No newline at end of file diff --git a/modules/server/containers/apps/homeassistant.nix b/modules/server/containers/apps/homeassistant.nix index ec10eba..567d4d9 100644 --- a/modules/server/containers/apps/homeassistant.nix +++ b/modules/server/containers/apps/homeassistant.nix @@ -1,17 +1,8 @@ { config, containerCfg, pkgs, lib, builder, name, ... }: let + version = "latest"; serverCfg = config.syscfg.server; - image = pkgs.dockerTools.streamLayeredImage { - name = pkgs.home-assistant.name; - tag = pkgs.home-assistant.version; - contents = [ ]; - config = { - Entrypoint = [ "${pkgs.home-assistant}/bin/hass" ]; - ExposedPorts = { - "8123/tcp" = {}; - }; - }; - }; + in { sops = true; db = false; @@ -24,20 +15,66 @@ in { containers = { server = builder.mkContainer { subdomain = containerCfg.subdomain; - imageStream = image; + image = "ghcr.io/home-assistant/home-assistant:${version}"; port = 8123; secret = name; extraEnv = { TZ = config.time.timeZone or "UTC"; }; + extraOptions = [ + "--network=host" # Shares host IP: fixes timeouts & MDNS discovery + "--cap-add=NET_ADMIN" # Grants administrative network rights to fix DHCP packets + "--cap-add=NET_RAW" # Allows raw socket parsing needed for network sniffing + ]; overrides = { - cmd = [ "--config" "/config" ]; volumes = [ "${serverCfg.configPath}/homeassistant/:/config" - "/run/dbus:/run/dbus:ro" # Required for Bluetooth/mDNS service discovery + "/run/dbus:/run/dbus:ro" ]; }; }; }; + setup = { + trigger = "server"; + envFile = config.sops.secrets."CUSTOM".path; + script = pkgs.writeShellScript "setup" '' + + HASS_URL="https://${containerCfg.subdomain}.${serverCfg.domain}" + until [[ "$(${pkgs.curl}/bin/curl -s -o /dev/null -w "%{http_code}" "$HASS_URL/manifest.json")" =~ (200|301|302) ]]; do + sleep 5 + done + sleep 5 + + ONBOARDING_STATUS=$(${pkgs.curl}/bin/curl -s -o /dev/null -w "%{http_code}" "$HASS_URL/api/onboarding" 2>/dev/null || echo "000") + + if [ "$ONBOARDING_STATUS" = "200" ]; then + AUTH_CODE=$( ${pkgs.curl}/bin/curl -s -X POST "$HASS_URL/api/onboarding/users" \ + -H "Content-Type: application/json" \ + -d '{"client_id":"'"$HASS_URL"'","name":"'"$DEFAULT_ADMIN_USERNAME"'","username":"'"$DEFAULT_ADMIN_USERNAME"'","password":"'"$DEFAULT_ADMIN_PASSWORD"'","language":"en"}' \ + | ${pkgs.jq}/bin/jq -r '.auth_code' ) + + ACCESS_TOKEN=$(${pkgs.curl}/bin/curl -s -X POST "$HASS_URL/auth/token" \ + -H "Content-Type: application/x-www-form-urlencoded" \ + -d "grant_type=authorization_code&code=$AUTH_CODE&client_id=$HASS_URL" \ + | ${pkgs.jq}/bin/jq -r '.access_token' ) + + ${pkgs.curl} -s -X POST "$HASS_URL/api/onboarding/core_config" \ + -H "Authorization: Bearer $ACCESS_TOKEN" \ + -H "Content-Type: application/json" \ + -d '{"time_zone":"${config.time.timeZone}"}' > /dev/null 2>&1 || true + + ${pkgs.curl} -s -X POST "$HASS_URL/api/onboarding/analytics" \ + -H "Authorization: Bearer $ACCESS_TOKEN" \ + -H "Content-Type: application/json" -d '{}' > /dev/null 2>&1 || true + + ${pkgs.curl} -s -X POST "$HA_URL/api/onboarding/integration" \ + -H "Authorization: Bearer $ACCESS_TOKEN" \ + -H "Content-Type: application/json" \ + -d '{"client_id":"'"$HASS_URL"'","redirect_uri":"'"$HASS_URL"'/?auth_callback=1"}' > /dev/null 2>&1 || true + + fi + ''; + }; + } \ No newline at end of file