Add HomeAssistant docker module

inverted-tree · inverted-tree · commit 4f44d1c0c642 · 2025-06-26T10:59:29.000+02:00
Added a new nix module which when included starts the docker container
for Home Assistant
diff --git a/hosts/itxserver/configuration.nix b/hosts/itxserver/configuration.nix
@@ -16,6 +16,7 @@ in
     ../../users/docker.nix
     # All custom modules
     ../../modules/containers/stump.nix
+    ../../modules/containers/homeassistant.nix
     # Any other modules
     inputs.sops-nix.nixosModules.sops
   ];
@@ -83,6 +84,7 @@ in
 
   environment.systemPackages = with pkgs; [
     btop
+    compose2nix
     curl
     gcc
     git
@@ -104,6 +106,7 @@ in
       ports = [
         22
         8888
+	8123
       ];
       settings = {
         PasswordAuthentication = false;
diff --git a/modules/containers/homeassistant.nix b/modules/containers/homeassistant.nix
@@ -0,0 +1,56 @@
+# Auto-generated using compose2nix v0.3.1. Edited.
+# https://www.home-assistant.io/installation/linux#docker-compose
+{ pkgs, lib, ... }:
+
+{
+  # Runtime
+  virtualisation.docker = {
+    enable = true;
+    autoPrune.enable = true;
+  };
+  virtualisation.oci-containers.backend = "docker";
+
+  # Create persistent directory for the container data
+  systemd.tmpfiles.rules = [
+    "d /srv/homeassistant/config 0750 docker docker -"
+  ];
+
+  # Containers
+  virtualisation.oci-containers.containers."homeassistant" = {
+    image = "ghcr.io/home-assistant/home-assistant:stable";
+    volumes = [
+      "/srv/homeassistant/config:/config:rw"
+      "/etc/localtime:/etc/localtime:ro"
+      "/run/dbus:/run/dbus:ro"
+    ];
+    log-driver = "journald";
+    extraOptions = [
+      "--network=host"
+      "--privileged"
+    ];
+  };
+  systemd.services."docker-homeassistant" = {
+    serviceConfig = {
+      Restart = lib.mkOverride 90 "always";
+      RestartMaxDelaySec = lib.mkOverride 90 "1m";
+      RestartSec = lib.mkOverride 90 "100ms";
+      RestartSteps = lib.mkOverride 90 9;
+    };
+    partOf = [
+      "docker-compose-homeassistant-root.target"
+    ];
+    wantedBy = [
+      "docker-compose-homeassistant-root.target"
+    ];
+  };
+
+  # Root service
+  # When started, this will automatically create all resources and start
+  # the containers. When stopped, this will teardown all resources.
+  systemd.targets."docker-compose-homeassistant-root" = {
+    unitConfig = {
+      Description = "Root target generated by compose2nix.";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+}
diff --git a/modules/containers/stump.nix b/modules/containers/stump.nix
@@ -11,7 +11,7 @@
 
   # Create persistent directory for postgres data
   systemd.tmpfiles.rules = [
-    "d /srv/stump/config 0750 stump stump -"
+    "d /srv/stump/config 0750 docker docker -"
   ];
 
   # Containers
diff --git a/secrets/atuin.env.enc b/secrets/atuin.env.enc
@@ -0,0 +1,11 @@
+#ENC[AES256_GCM,data:FgMB4Fdou4FDNukmwWu4uHnFZcUfQxK2y+fbc546rLGl9FGAMpOVsOJ73SmNH+63uFe0UsJnX8CHTkUS5ahdaUzKN2JyDqqzBiSYJxKcKeiq,iv:piidfTMByoQF00IavRANhRiDeqHMhigp/yFB6L659dY=,tag:uWY6bVvO4h5YJaw7Et67cQ==,type:comment]
+ATUIN_DB_URI=ENC[AES256_GCM,data:MTMEj3zlnzKVJi0fczue+48nyd4YsFSM9hj/VwpJMz6+btRwKMaadU4K+hNSh9e24wO6YJ8cKe+dSbhE,iv:Q6HXAkPgHxF88di5j+LIPn0kCkpC/5n6vgUCYU0e8ww=,tag:T6PoipYT14VDOlKAaemI6A==,type:str]
+POSTGRES_USER=ENC[AES256_GCM,data:n42QCqY=,iv:4JN6H9Ql0n18qCtD219Uam7QJhVKLOjy9fhxMD6UxQI=,tag:RKr1aIaQqwEZm7jMPWxpfQ==,type:str]
+POSTGRES_PASSWORD=ENC[AES256_GCM,data:T6sWrSikarsAThDutz+ULf1SrAEMnPgjZsEkmHfD5a4=,iv:dtLynnCUMo2ynLXIuCaX1TqxFqZwcHxyMTOL916OTqw=,tag:gWS6GYmjX2ZhMGqkQiGkow==,type:str]
+POSTGRES_DB=ENC[AES256_GCM,data:FTAvxDtggA==,iv:IiPyHuZdILw6b/exom/u7F4v4vpnFtB0HgunulD0BjQ=,tag:NUKSOxC76XBb5KG1STaHPQ==,type:str]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpRjllNFppa3Rua2pOdnh0\naVZieFVBQ1pwZU5EVXVjUytLbmtCY2I4SkdzCkVTVjQ4eFVGRGgrdy9kaFFMaXc3\ncUZMSnFOLzBUS2hkN09MaHFCYUVFZGsKLS0tIEpnY284cGk2eWdrbG9xOFZGbTRW\nWFF5RCt1dVpOL1BDOTQ5dmVsYVNlQk0KjCp1NiHjRfJ9/2mmiQ2oXiF3toLnoiy3\nsFRflWNhGA6zjhVSb3hPmK6BYDKp0q8pjU5+q7BAQJAUYb34NO497Q==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_0__map_recipient=age1njkfdv4ayqlqak76az6ezhse8hn3gmgt9ntur2edyz3watx2xdqq3jklqm
+sops_lastmodified=2025-06-23T18:55:18Z
+sops_mac=ENC[AES256_GCM,data:KwFQkttAQ8l/sjQ0iKz09GJzXIxlsplWt7N/1jCoKUUbxcwVEIjq+oT6Ap4y96F6S9VByW/ftkKxtBv+UVROEMmrPTSKZKAM9J0CKCyahy7IhmhUe/UzzcgpQRhnmjA9W6uUUJob0YFzZ1r6moGhtnUvt3hcTv1/IlqBcxqy6DI=,iv:Ea27MTfp4I+1rHKKF6+WZEVQP+CFiyoTHrWHza/LFSw=,tag:w3Ux+y/OGS3ujS56Qi/VPw==,type:str]
+sops_unencrypted_suffix=_unencrypted
+sops_version=3.10.2
