fireproof/nixos
1
0
Fork 0
mirror of https://github.com/nickolaj-jepsen/nixos.git synced 2026-01-22 16:16:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(homelab): implement SSO

Browse source
This commit is contained in:
Nickolaj Jepsen 2025-04-26 20:02:56 +02:00
parent db85aeb044
commit ab6f8e21dc
17 changed files with 245 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

20
hosts/homelab/home-assistant.nix
View file

@ -14,11 +14,6 @@ in {
owner = "zigbee2mqtt";
group = "zigbee2mqtt";
};
z2m-basic-auth = {
rekeyFile = ../../secrets/hosts/homelab/basic-auth.age;
owner = config.services.nginx.user;
inherit (config.services.nginx) group;
};
mosquitto-zigbee2mqtt.rekeyFile = ../../secrets/hosts/homelab/mosquitto-zigbee2mqtt.age;
mosquitto-sas.rekeyFile = ../../secrets/hosts/homelab/mosquitto-sas.age;
mosquitto-ha.rekeyFile = ../../secrets/hosts/homelab/mosquitto-ha.age;
@ -29,11 +24,17 @@ in {
];
services = {
restic.backups.homelab.paths = [
config.services.zigbee2mqtt.dataDir
config.services.home-assistant.configDir
];
restic.backups.homelab = {
paths = [
config.services.zigbee2mqtt.dataDir
config.services.home-assistant.configDir
];
exclude = [
"/var/lib/zigbee2mqtt/log/"
];
};
oauth2-proxy.nginx.virtualHosts."zigbee.nickolaj.com".allowed_groups = ["iot-admin"];
nginx.virtualHosts = {
"zigbee.nickolaj.com" = {
enableACME = true;
@ -42,7 +43,6 @@ in {
proxyPass = "http://localhost:${toString zigbee2mqttPort}";
proxyWebsockets = true;
};
basicAuthFile = "${config.age.secrets.z2m-basic-auth.path}";
};
"ha.nickolaj.com" = {
enableACME = true;