add hass & handbrake

2026-05-18 21:30:32 +02:00
parent d5cedb017e
commit 44d9ae0faf
2 changed files with 125 additions and 18 deletions
--- a/modules/server/containers/apps/homeassistant.nix
+++ b/modules/server/containers/apps/homeassistant.nix
@@ -1,17 +1,8 @@
 { config, containerCfg, pkgs, lib, builder, name, ... }:
 let 
+  version = "latest";
  serverCfg = config.syscfg.server;
-  image = pkgs.dockerTools.streamLayeredImage {
-    name = pkgs.home-assistant.name;
-    tag = pkgs.home-assistant.version;
-    contents = [  ];
-    config = {
-      Entrypoint = [ "${pkgs.home-assistant}/bin/hass" ];
-      ExposedPorts = {
-        "8123/tcp" = {};
-      };
-    };
-  };
+  
 in {
  sops = true;
  db = false;
@@ -24,20 +15,66 @@ in {
  containers = {
    server = builder.mkContainer {
      subdomain = containerCfg.subdomain;
-      imageStream = image;
+      image = "ghcr.io/home-assistant/home-assistant:${version}";
      port = 8123;
      secret = name;
      extraEnv = {
        TZ = config.time.timeZone or "UTC";
      };
+      extraOptions = [
+        "--network=host"         # Shares host IP: fixes timeouts & MDNS discovery
+        "--cap-add=NET_ADMIN"    # Grants administrative network rights to fix DHCP packets
+        "--cap-add=NET_RAW"      # Allows raw socket parsing needed for network sniffing
+      ];
      overrides = {
-        cmd = [ "--config" "/config" ];
        volumes = [
          "${serverCfg.configPath}/homeassistant/:/config"
-          "/run/dbus:/run/dbus:ro" # Required for Bluetooth/mDNS service discovery
+          "/run/dbus:/run/dbus:ro"
        ];
      };
    };
  };

+  setup = {
+    trigger = "server";
+    envFile = config.sops.secrets."CUSTOM".path;
+    script = pkgs.writeShellScript "setup" ''
+
+    HASS_URL="https://${containerCfg.subdomain}.${serverCfg.domain}"
+    until [[ "$(${pkgs.curl}/bin/curl -s -o /dev/null -w "%{http_code}" "$HASS_URL/manifest.json")" =~ (200|301|302) ]]; do
+      sleep 5
+    done
+    sleep 5
+
+    ONBOARDING_STATUS=$(${pkgs.curl}/bin/curl -s -o /dev/null -w "%{http_code}" "$HASS_URL/api/onboarding" 2>/dev/null || echo "000")
+
+    if [ "$ONBOARDING_STATUS" = "200" ]; then
+      AUTH_CODE=$( ${pkgs.curl}/bin/curl -s -X POST "$HASS_URL/api/onboarding/users" \
+        -H "Content-Type: application/json" \
+        -d '{"client_id":"'"$HASS_URL"'","name":"'"$DEFAULT_ADMIN_USERNAME"'","username":"'"$DEFAULT_ADMIN_USERNAME"'","password":"'"$DEFAULT_ADMIN_PASSWORD"'","language":"en"}' \
+        | ${pkgs.jq}/bin/jq -r '.auth_code' )
+
+      ACCESS_TOKEN=$(${pkgs.curl}/bin/curl -s -X POST "$HASS_URL/auth/token" \
+          -H "Content-Type: application/x-www-form-urlencoded" \
+          -d "grant_type=authorization_code&code=$AUTH_CODE&client_id=$HASS_URL" \
+      | ${pkgs.jq}/bin/jq -r '.access_token' )    
+
+      ${pkgs.curl} -s -X POST "$HASS_URL/api/onboarding/core_config" \
+          -H "Authorization: Bearer $ACCESS_TOKEN" \
+          -H "Content-Type: application/json" \
+          -d '{"time_zone":"${config.time.timeZone}"}' > /dev/null 2>&1 || true
+
+      ${pkgs.curl} -s -X POST "$HASS_URL/api/onboarding/analytics" \
+          -H "Authorization: Bearer $ACCESS_TOKEN" \
+          -H "Content-Type: application/json" -d '{}' > /dev/null 2>&1 || true
+
+      ${pkgs.curl} -s -X POST "$HA_URL/api/onboarding/integration" \
+          -H "Authorization: Bearer $ACCESS_TOKEN" \
+          -H "Content-Type: application/json" \
+          -d '{"client_id":"'"$HASS_URL"'","redirect_uri":"'"$HASS_URL"'/?auth_callback=1"}' > /dev/null 2>&1 || true
+
+    fi
+    '';
+  };
+
 }