From 3b9006077ef2f4de25477daed18cc5c2f1cdddcb Mon Sep 17 00:00:00 2001
From: Nickolaj Jepsen <nickolaj@fireproof.website>
Date: Sat, 18 Oct 2025 12:07:00 +0200
Subject: [PATCH] feat(home-assistant): store long-lat in age secret

---
 hosts/homelab/home-assistant.nix              |  19 ++++++++++++------
 ...fd4d365506669c2d35e6d3abc5-hassSecrets.age |   8 ++++++++
 secrets/hosts/homelab/hass.yaml.age           | Bin 0 -> 474 bytes
 3 files changed, 21 insertions(+), 6 deletions(-)
 create mode 100644 secrets/hosts/homelab/.rekey/89aac8fd4d365506669c2d35e6d3abc5-hassSecrets.age
 create mode 100644 secrets/hosts/homelab/hass.yaml.age

diff --git a/hosts/homelab/home-assistant.nix b/hosts/homelab/home-assistant.nix
index 17ae55e..0b71526 100644
--- a/hosts/homelab/home-assistant.nix
+++ b/hosts/homelab/home-assistant.nix
@@ -17,6 +17,13 @@ in {
     mosquitto-zigbee2mqtt.rekeyFile = ../../secrets/hosts/homelab/mosquitto-zigbee2mqtt.age;
     mosquitto-sas.rekeyFile = ../../secrets/hosts/homelab/mosquitto-sas.age;
     mosquitto-ha.rekeyFile = ../../secrets/hosts/homelab/mosquitto-ha.age;
+    hassSecrets = {
+      rekeyFile = ../../secrets/hosts/homelab/hass.yaml.age;
+      path = "${config.services.home-assistant.configDir}/secrets.yaml";
+      mode = "400";
+      owner = "hass";
+      group = "hass";
+    };
   };
 
   networking.firewall.allowedTCPPorts = [
@@ -56,8 +63,8 @@ in {
 
     home-assistant = {
       enable = true;
-      package = pkgsUnstable.home-assistant;
-      customComponents = with pkgsUnstable.home-assistant-custom-components; [
+      package = pkgs.home-assistant;
+      customComponents = with pkgs.home-assistant-custom-components; [
         adaptive_lighting
         sleep_as_android
         (pkgs.buildHomeAssistantComponent rec {
@@ -86,9 +93,9 @@ in {
       config = {
         homeassistant = {
           name = "Home";
-          latitude = "56.2";
-          longitude = "10.2";
-          elevation = "0";
+          latitude = "!secret latitude";
+          longitude = "!secret longitude";
+          elevation = "!secret elevation";
           unit_system = "metric";
           time_zone = "Europe/Copenhagen";
         };
@@ -102,7 +109,7 @@ in {
             "127.0.0.1"
             "::1"
           ];
-          base_url = "https://ha.nickolaj.com";
+          # base_url = "https://ha.nickolaj.com";
         };
 
         automation = "!include automations.yaml";
diff --git a/secrets/hosts/homelab/.rekey/89aac8fd4d365506669c2d35e6d3abc5-hassSecrets.age b/secrets/hosts/homelab/.rekey/89aac8fd4d365506669c2d35e6d3abc5-hassSecrets.age
new file mode 100644
index 0000000..79e50f8
--- /dev/null
+++ b/secrets/hosts/homelab/.rekey/89aac8fd4d365506669c2d35e6d3abc5-hassSecrets.age
@@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 uxq+Zw reTHDLwj8jaI7giq5hw77+cvVurKP2vR8KeonjAJ+nY
+Pe6Df2WQawEnCp5GVCzegzEJaK868bhwZm2hEEwAc/I
+-> 6`Rk-grease K=O ttrh.^ [o4vdGR
+9xDUT+18cwMzzTgWlQzWBAniL9GAv+e4rmhwu3Vdwdh/mBeXJdfgEMxTqyRZk9TX
+BSW+CifV9iGZXmYm9b+NzKwWJUQ
+--- /NXPE/9QIghJoaXFNtmPMvs78dD2RdXbDWiBnwgXIzo
+£‹äÂe’Û•r³ü12„G­ªˆ ¸[îsM[#¶Ô±ª,»ÁI<öÿ*~aýÎY³vYX½éŽOQÒøKÎ:°#g&:£õmÖHÀççK‹Ç·žEZ·-þúpjËà˜Ý!¿]
\ No newline at end of file
diff --git a/secrets/hosts/homelab/hass.yaml.age b/secrets/hosts/homelab/hass.yaml.age
new file mode 100644
index 0000000000000000000000000000000000000000..8bb8ad458d8ae0868dc5a832777938ba55330505
GIT binary patch
literal 474
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR2FFfuhYv{Z1i$W9C{$O;Q}EGZ7FN{=kj
zH}Ey^b*b=lE%NY)3W~@LF7nM!%SlRcP3FpRu1qxz_sIz>_sT4CH}mxhGf&U13@Ry2
z&D0NZEcb9UGV>}d)vn0$G6C68kXfc%U}S2hP-yJq7gny|XcU|qWbWpl9%^Y49Bkn3
z>>1*llo?u(UlnYUsc)8>;$d86?62>X?H3ism7JJgT;`i)<eeXxU*h2w7Udco7G+|Y
z>lGEASrTZH?Uo;w>6`5CksXl?vMV6cJxpIYH$XSNC^fM-RYA|iJ<CNQI3_0DKZ&b6
z(A*~~ygVnv&9^EuqAVrHsW7oL#JwoZCn`KO$=})1z%47&C(AIz*wo3))6>}5JTTMQ
z+$Sd>s@%e-oJ&_%S0OjTF*7*VE8HbDxili&%p|}$SKHYqqcAcz#iY>B)lA#b-z~c=
z-_0*1oy#j?*=CK|Tj%z7xL<ZHRo^FCsNI@$&~3j(duW%)?>YIWWBjKb+}QL{TXPm`
zLTqH^lN<R=#j(0h2Rt6U^U#etb4pyoX3OaZJRG0f^iRgm+P!zn-i<pMDyq5v<Sq*o
Oxn!od^R|{I`y2qqZl{6(

literal 0
HcmV?d00001