add hass & handbrake

2026-05-18 21:30:32 +02:00
parent d5cedb017e
commit 44d9ae0faf
2 changed files with 125 additions and 18 deletions
--- a/modules/server/containers/apps/handbrake.nix
+++ b/modules/server/containers/apps/handbrake.nix
@@ -1,6 +1,76 @@
-{...}:{
+{ config, containerCfg, pkgs, lib, builder, name,... }:
+let 
+  serverCfg = config.syscfg.server;
+  image = pkgs.dockerTools.streamLayeredImage {
+    name = pkgs.handbrake.name;
+    tag = pkgs.handbrake.version;
+    #contents = [ pkgs.coreutils ];
+    
+    config = {
+      Entrypoint = [ "${pkgs.handbrake}/bin/HandBrakeCLI" ];
+      WorkingDir = "/storage";
+      Env = [ "PATH=${lib.makeBinPath [ pkgs.handbrake ]}"];
+    };
+  };
+in {
+  sops = false; # Enabled to manage potential API keys or secure paths
+  db = false;
+  
+  paths = [{
+    path = "${serverCfg.configPath}/handbrake/config";
+    mode = "0755";
+  } {
+    path = "${serverCfg.dataPath}/handbrake/";
+    mode = "0755";
+  }];
+
+  containers = {
+    server = builder.mkContainer {
+      subdomain = containerCfg.subdomain;
+      imageStream = image;
+      port = 5800;
+      
+      extraEnv = {
+        TZ = "UTC";
+        USER_ID = "1000";
+        GROUP_ID = "1000";
+        AUTOMATED_CONVERSION_PRESET = "Very Fast 1080p30";
+        AUTOMATED_CONVERSION_FORMAT = "mp4";
+        AUTOMATED_CONVERSION_OUTPUT_DIR = "/output";
+        AUTOMATED_CONVERSION_WATCH_DIR = "AUTO";
+        AUTOMATED_CONVERSION_KEEP_SOURCE = "1";
+        AUTOMATED_CONVERSION_OVERWRITE_OUTPUT = "0";
+        AUTOMATED_CONVERSION_VIDEO_FILE_EXTENSIONS = "";
+        AUTOMATED_CONVERSION_NON_VIDEO_FILE_ACTION = "ignore";
+        AUTOMATED_CONVERSION_NON_VIDEO_FILE_EXTENSIONS = "jpg jpeg bmp png gif txt nfo";
+        AUTOMATED_CONVERSION_MAX_WATCH_FOLDERS = "5";
+        AUTOMATED_CONVERSION_CHECK_INTERVAL = "5";
+        AUTOMATED_CONVERSION_HANDBRAKE_CUSTOM_ARGS = "";
+        AUTOMATED_CONVERSION_NO_GUI_PROGRESS = "0";
+        AUTOMATED_CONVERSION_USE_TRASH = "0";
+        HANDBRAKE_GUI = "1";
+      };
+      extraLabels = { } // (if serverCfg.containers ? authentik then {
+        "traefik.http.routers.${containerCfg.subdomain}.middlewares" = "authentik";
+      } else {});
+      
+      overrides = {
+        volumes = [
+          "${serverCfg.configPath}/handbrake/config:/config:rw"
+          "${serverCfg.dataPath}/handbrake/watch:/watch:rw"
+          "${serverCfg.dataPath}/handbrake/output:/output:rw"
+        ];
+       };
+    };
+  };
+
+  
+  setup = {
+    trigger = "server";
+    script = pkgs.writeShellScript "setup" ''
+        mkdir -p ${serverCfg.dataPath}/handbrake/{watch,output}
+
+    '';
+  };
    
-    #   extraLabels = { } // (if serverCfg.containers ? authentik then {
-    #     "traefik.http.routers.${containerCfg.subdomain}.middlewares" = "authentik";
-    #   } else {});
 }
--- a/modules/server/containers/apps/homeassistant.nix
+++ b/modules/server/containers/apps/homeassistant.nix
@@ -1,17 +1,8 @@
 { config, containerCfg, pkgs, lib, builder, name, ... }:
 let 
+  version = "latest";
  serverCfg = config.syscfg.server;
-  image = pkgs.dockerTools.streamLayeredImage {
-    name = pkgs.home-assistant.name;
-    tag = pkgs.home-assistant.version;
-    contents = [  ];
-    config = {
-      Entrypoint = [ "${pkgs.home-assistant}/bin/hass" ];
-      ExposedPorts = {
-        "8123/tcp" = {};
-      };
-    };
-  };
+  
 in {
  sops = true;
  db = false;
@@ -24,20 +15,66 @@ in {
  containers = {
    server = builder.mkContainer {
      subdomain = containerCfg.subdomain;
-      imageStream = image;
+      image = "ghcr.io/home-assistant/home-assistant:${version}";
      port = 8123;
      secret = name;
      extraEnv = {
        TZ = config.time.timeZone or "UTC";
      };
+      extraOptions = [
+        "--network=host"         # Shares host IP: fixes timeouts & MDNS discovery
+        "--cap-add=NET_ADMIN"    # Grants administrative network rights to fix DHCP packets
+        "--cap-add=NET_RAW"      # Allows raw socket parsing needed for network sniffing
+      ];
      overrides = {
-        cmd = [ "--config" "/config" ];
        volumes = [
          "${serverCfg.configPath}/homeassistant/:/config"
-          "/run/dbus:/run/dbus:ro" # Required for Bluetooth/mDNS service discovery
+          "/run/dbus:/run/dbus:ro"
        ];
      };
    };
  };

+  setup = {
+    trigger = "server";
+    envFile = config.sops.secrets."CUSTOM".path;
+    script = pkgs.writeShellScript "setup" ''
+
+    HASS_URL="https://${containerCfg.subdomain}.${serverCfg.domain}"
+    until [[ "$(${pkgs.curl}/bin/curl -s -o /dev/null -w "%{http_code}" "$HASS_URL/manifest.json")" =~ (200|301|302) ]]; do
+      sleep 5
+    done
+    sleep 5
+
+    ONBOARDING_STATUS=$(${pkgs.curl}/bin/curl -s -o /dev/null -w "%{http_code}" "$HASS_URL/api/onboarding" 2>/dev/null || echo "000")
+
+    if [ "$ONBOARDING_STATUS" = "200" ]; then
+      AUTH_CODE=$( ${pkgs.curl}/bin/curl -s -X POST "$HASS_URL/api/onboarding/users" \
+        -H "Content-Type: application/json" \
+        -d '{"client_id":"'"$HASS_URL"'","name":"'"$DEFAULT_ADMIN_USERNAME"'","username":"'"$DEFAULT_ADMIN_USERNAME"'","password":"'"$DEFAULT_ADMIN_PASSWORD"'","language":"en"}' \
+        | ${pkgs.jq}/bin/jq -r '.auth_code' )
+
+      ACCESS_TOKEN=$(${pkgs.curl}/bin/curl -s -X POST "$HASS_URL/auth/token" \
+          -H "Content-Type: application/x-www-form-urlencoded" \
+          -d "grant_type=authorization_code&code=$AUTH_CODE&client_id=$HASS_URL" \
+      | ${pkgs.jq}/bin/jq -r '.access_token' )    
+
+      ${pkgs.curl} -s -X POST "$HASS_URL/api/onboarding/core_config" \
+          -H "Authorization: Bearer $ACCESS_TOKEN" \
+          -H "Content-Type: application/json" \
+          -d '{"time_zone":"${config.time.timeZone}"}' > /dev/null 2>&1 || true
+
+      ${pkgs.curl} -s -X POST "$HASS_URL/api/onboarding/analytics" \
+          -H "Authorization: Bearer $ACCESS_TOKEN" \
+          -H "Content-Type: application/json" -d '{}' > /dev/null 2>&1 || true
+
+      ${pkgs.curl} -s -X POST "$HA_URL/api/onboarding/integration" \
+          -H "Authorization: Bearer $ACCESS_TOKEN" \
+          -H "Content-Type: application/json" \
+          -d '{"client_id":"'"$HASS_URL"'","redirect_uri":"'"$HASS_URL"'/?auth_callback=1"}' > /dev/null 2>&1 || true
+
+    fi
+    '';
+  };
+
 }