hosts/architect/default.nix

@@ -40,7 +40,6 @@ in
     ./teslamate.nix
     ./postgres.nix
     ./netdata.nix
-    ./homeassistant.nix
   ];
 
   age.identityPaths = [ "/root/.ssh/id_ed25519" ];

hosts/architect/home-assistant.nix

@@ -0,0 +1,68 @@
+{ lib, config, pkgs, ... }:
+
+let
+  domain = "home.giugl.io";
+  network = import ./network.nix;
+  host = "127.0.0.1";
+  port = 8123;
+in
+{
+  services = {
+    mosquitto = {
+      enable = true;
+      listeners = [{
+        acl = [ "pattern readwrite #" ];
+        omitPasswordAuth = true;
+        settings.allow_anonymous = true;
+      }];
+    };
+    home-assistant = {
+      enable = true;
+      extraComponents = [
+        # Components required to complete the onboarding
+        "met"
+        "radio_browser"
+      ];
+      config = {
+        default_config = { };
+
+        http = {
+          server_port = port;
+          server_host = host;
+          trusted_proxies = [ host ];
+          use_x_forwarded_for = true;
+        };
+
+        homeassistant = {
+          name = "Manduria";
+          latitude = 40.4;
+          longitude = 17.63;
+          unit_system = "metric";
+          time_zone = "Europe/Rome";
+          external_url = "http://${domain}";
+        };
+      };
+    };
+
+    nginx.virtualHosts.${domain} = {
+      #      forceSSL = true;
+      #      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://${host}:${toString port}";
+        extraConfig = ''
+            proxy_set_header    Upgrade     $http_upgrade;
+            proxy_set_header    Connection  "upgrade";
+          allow 10.0.0.0/24;
+          ${lib.concatMapStrings (x: "allow ${x};") network.gdevices}
+          deny all;
+        '';
+      };
+    };
+  };
+
+  networking.extraHosts = ''
+    ${network.architect-lan} ${domain}
+    ${network.architect-wg} ${domain}
+    ${network.architect-ts} ${domain}
+  '';
+}

hosts/architect/homeassistant.nix

@@ -1,60 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  domain = "home.giugl.io";
-in
-{
-  services.home-assistant = {
-    enable = true;
-    config = {
-      http = {
-        server_host = "127.0.0.1";
-        server_port = 8123;
-        use_x_forwarded_for = true;
-        trusted_proxies = [ "127.0.0.1" ];
-      };
-      homeassistant = {
-        name = "Underwood House";
-        unit_system = "metric";
-      };
-      default_config = { };
-    };
-    extraComponents = [
-      "otbr"
-      "litterrobot"
-      "apple_tv"
-      "homekit"
-      "homekit_controller"
-      "spotify"
-      "hue"
-      "sonos"
-      "tplink"
-      "ollama"
-      "wyoming"
-      "whisper"
-      "piper"
-      "isal"
-      "radarr"
-      "sonarr"
-    ];
-    extraPackages = python3Packages: with python3Packages; [
-      pkgs.openai-whisper
-      openai-whisper
-      pkgs.piper-tts
-      pkgs.wyoming-piper
-    ];
-  };
-
-  architect.vhost.${domain} = with config.architect.networks; {
-    dnsInterfaces = [ "tailscale" "lan" ];
-
-    locations."/" = {
-      port = config.services.home-assistant.config.http.server_port;
-      allowLan = true;
-      proxyWebsockets = true;
-      allow = [
-        tailscale.net
-      ];
-    };
-  };
-}

hosts/architect/nextcloud.nix

@@ -12,12 +12,10 @@ in
     nextcloud-admin = {
       file = ../../secrets/nextcloud-admin.age;
       owner = "nextcloud";
-      group ="nginx";
     };
     nextcloud-database = {
       file = ../../secrets/nextcloud-database.age;
       owner = "nextcloud";
-      group = "nginx";
     };
   };
 

hosts/architect/sonarr.nix

@@ -11,7 +11,7 @@ in
   };
 
   architect.vhost.${domain} = with config.architect.networks; {
-    dnsInterfaces = [ "tailscale" "lan" ];
+    dnsInterfaces = [ "tailscale" ];
 
     locations."/" = {
       port = 8989;