wip

modules/server/containers/apps/homeassistant.nix

@@ -4,36 +4,60 @@ let
   serverCfg = config.syscfg.server;
   
 in {
-  sops = true;
-  db = false;
-  
-  paths = [{
-    path = "${serverCfg.configPath}/homeassistant/";
-    mode = "0755"; 
-  }];
+  vm = {
+    portForward = [ 8123 ];
+    cfg = {cfg,...}:{ 
+      services.home-assistant = {
+        enable = true;
+        openFirewall = true;
+        
+        extraComponents = [
+          "matter" "thread" "cast" "zha"
+          "default_config" "met" "esphome" "radio_browser"
+          "telegram_bot" "swiss_public_transport" "nextcloud" "jellyfin" 
+        ]  ++ (if containerCfg.extra ? components then containerCfg.extra.components else []);
+        
 
-  containers = {
-    server = builder.mkContainer {
-      subdomain = containerCfg.subdomain;
-      image = "ghcr.io/home-assistant/home-assistant:${version}";
-      port = 8123;
-      secret = name;
-      extraOptions = [
-        "--network=host"         # Shares host IP: fixes timeouts & MDNS discovery
-        "--cap-add=NET_ADMIN"    # Grants administrative network rights to fix DHCP packets
-        "--cap-add=NET_RAW"      # Allows raw socket parsing needed for network sniffing
-      ];
-      overrides = {
-        volumes = [
-          "${serverCfg.configPath}/homeassistant/:/config"
-          "/run/dbus:/run/dbus:ro"
+        extraPackages = pp: with pp; [
+            python-telegram gtts
         ];
+        lovelaceConfig = {};
+
+        config = {
+          homeassistant = {
+            name = "Home";
+            latitude = "${if containerCfg.extra ? latitude then toString containerCfg.extra.latitude else toString 0}";
+            longitude = "${if containerCfg.extra ? longitude then toString containerCfg.extra.longitude else toString 0}";
+            elevation = "${if containerCfg.extra ? elevation then toString containerCfg.extra.elevation else toString 0}";
+            unit_system = "metric";
+            time_zone = config.time.timeZone;
+          };
+          lovelace = { mode = "yaml"; };
+          customLovelaceModules = [];
+          
+          # default_config = {};
+          http = {
+            use_x_forwarded_for = true;
+            trusted_proxies = [ "10.0.0.0/8" "127.0.0.1" ];
+          };
+        };
       };
     };
   };
 
+  containers = {
+    dummy = builder.mkContainer {
+      subdomain = containerCfg.subdomain;
+      image = "alpine:latest";
+      extraLabels = {
+        "traefik.http.services.${containerCfg.subdomain}.loadbalancer.server.url" = "http://${builder.hostIp}:8123";
+      };
+      overrides = {cmd = [ "sleep" "infinity" ];};
+    };
+  };
+
   setup = {
-    trigger = "server";
+    trigger = "dummy";
     envFile = config.sops.secrets."CUSTOM".path;
     script = pkgs.writeShellScript "setup" ''
 
@@ -60,6 +84,7 @@ in {
           -H "Authorization: Bearer $ACCESS_TOKEN" \
           -H "Content-Type: application/json" \
           -d '{"time_zone":"${config.time.timeZone}"}' > /dev/null 2>&1 || true
+      # We can configure many more things above !
 
       ${pkgs.curl} -s -X POST "$HASS_URL/api/onboarding/analytics" \
           -H "Authorization: Bearer $ACCESS_TOKEN" \
@@ -69,7 +94,6 @@ in {
           -H "Authorization: Bearer $ACCESS_TOKEN" \
           -H "Content-Type: application/json" \
           -d '{"client_id":"'"$HASS_URL"'","redirect_uri":"'"$HASS_URL"'/?auth_callback=1"}' > /dev/null 2>&1 || true
-
     fi
     '';
   };

modules/server/containers/apps/openhab.nix

@@ -0,0 +1,3 @@
+{... }:{
+    
+}

modules/server/containers/apps/transmission.nix

@@ -13,6 +13,9 @@ let
         };
     };
   };
+  routerName = if subpath != null 
+              then "${subdomain}-${lib.strings.sanitizeDerivationName subpath}" 
+              else subdomain;
 in {
   paths = [{
       path = "${serverCfg.dataPath}/transmission/complete";
@@ -41,8 +44,12 @@ in {
         WHITELIST = "";# 127.0.0.1,::1,10.*";
         # HOST_WHITELIST = "traefik-server,authentik-server,authentik-worker";
       };
-      extraLabels = { } // (if serverCfg.containers ? authentik then {
-        "traefik.http.routers.${containerCfg.subdomain}.middlewares" = "authentik";
+      extraLabels = { 
+        "traefik.http.routers.${routerName}.middlewares" = "transmission-rewrite";
+        "traefik.http.middlewares.transmission-rewrite.replacepathregex.regex=^/p2p(.*)"
+        "traefik.http.middlewares.transmission-rewrite.replacepathregex.replacement=/transmission/web$$1"
+      } // (if serverCfg.containers ? authentik then {
+        "traefik.http.routers.${routerName}.middlewares" = "authentik,transmission-rewrite";
       } else {});
 
       overrides = {