mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

auth

Browse Source
This commit is contained in:
mjallen18
2026-03-06 09:25:58 -06:00
parent 86acd96e07
commit f1493146ab
2 changed files with 205 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
modules/nixos/homeassistant/services/homeassistant/default.nix
View File

@@ -20,6 +20,36 @@ in
config = mkIf cfg.enable {
sops = {
secrets = {
"home-assistant/auth-client-id" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nuc-secrets.yaml");
owner = config.users.users.hass.name;
group = config.users.users.hass.group;
restartUnits = [ "home-assistant.service" ];
};
"home-assistant/auth-client-secret" = {
sopsFile = (lib.snowfall.fs.get-file "secrets/nuc-secrets.yaml");
owner = config.users.users.hass.name;
group = config.users.users.hass.group;
restartUnits = [ "home-assistant.service" ];
};
};
templates = {
"auth.yaml" = {
content = ''
auth_oidc:
client_id: "${config.sops.placeholder."home-assistant/auth-client-id"}"
client_secret: "${config.sops.placeholder."home-assistant/auth-client-secret"}"
discovery_url: "https://authentik.mjallen.dev/application/o/home-assistant/.well-known/openid-configuration"
'';
owner = config.users.users.hass.name;
group = config.users.users.hass.group;
restartUnits = [ "home-assistant.service" ];
};
};
};
services.home-assistant = {
enable = true;
package = pkgs.home-assistant;
@@ -311,6 +341,8 @@ in
"scene ui" = "!include scenes.yaml";
"script ui" = "!include scripts.yaml";
auth_oidc = "!include ${config.sops.templates."auth.yaml".path}";
http = {
use_x_forwarded_for = true;
trusted_proxies = [
@@ -328,11 +360,6 @@ in
purge_keep_days = 180;
};
auth_header = {
debug = false;
username_header = "X-authentik-username";
};
# https://www.home-assistant.io/integrations/ota_updater/
zha.zigpy_config.ota.z2m_remote_index = "https://raw.githubusercontent.com/Koenkk/zigbee-OTA/master/index.json";