deploy govee2mqtt

2024-06-16 17:48:20 +02:00 · 2024-06-16 17:48:20 +02:00 · 71264cd275
parent 59b1aa61c3
commit 71264cd275
8 changed files with 121 additions and 29 deletions
--- a/nixos/machines/frumar/default.nix
+++ b/nixos/machines/frumar/default.nix
@ -83,7 +83,7 @@
        locations."/sonarr" = proxyOauth2 "http://127.0.0.1:8989";
        locations."/radarr" = proxyOauth2 "http://127.0.0.1:7878";
        locations."/marvin-tracker/" = {
-          proxyPass = "http://[::1]:4001/";
+          proxyPass = "http://[::1]:${toString config.services.yorick.marvin-tracker.port}/";
          extraConfig = "auth_request off;";
          # handles auth using arg
        };
@ -291,6 +291,11 @@
              password = "$2a$11$V9G2gT52obCsDOBwibHfMudnibwP/s3NwUjwvtsnlHfkn5kJHOOEe";
              allowed_connection_types = [ "MQTT" ];
            }
+            {
+              user = "govee2mqtt";
+              password = "$2y$10$7EOQkxOjWdHV.hCb.a92JOAU30Qgok0faew/1xU3SJhaXVuKbZ1bm";
+              allowed_connection_types = [ "MQTT" ];
+            }
          ];
        };
      };
--- a/nixos/machines/frumar/home-automation.nix
+++ b/nixos/machines/frumar/home-automation.nix
@ -15,6 +15,12 @@
      serial.port = "/dev/ttyUSB0";
    };
  };
+  age.secrets.govee2mqtt-env.file = ../../../secrets/govee2mqtt.env.age;
+  services.govee2mqtt = {
+    enable = true;
+    environmentFile = config.age.secrets.govee2mqtt-env.path;
+  };
+  networking.firewall.allowedUDPPorts = [ 4002 ]; # govee2mqtt
  services.home-assistant = {
    enable = true;
    openFirewall = true;
@ -35,6 +41,7 @@
      "ipp"
      "homekit_controller"
      "tuya" "ffmpeg"
+      "govee_light_local"
      #"unifiprotect"
    ];
    customComponents = [
@ -66,7 +73,6 @@
      mobile_app = {};
      default_config = {};
      system_log = {};
-      "map" = {};
      
      frontend.themes = "!include_dir_merge_named themes";
      automation = "!include automations.yaml";
--- a/nixos/modules/marvin-tracker.nix
+++ b/nixos/modules/marvin-tracker.nix
@ -8,7 +8,7 @@ let cfg = config.services.yorick.marvin-tracker; in
      type = types.str;
    };
    port = mkOption {
-      default = 4001;
+      default = 4008;
      type = types.port;
    };
    package = mkOption {
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@ -91,4 +91,5 @@
  llm = super.callPackage ./llm.nix {
    python3 = self.python312;
  };
+  govee2mqtt = super.callPackage ./govee2mqtt.nix { inherit (super) govee2mqtt; };
 })
--- a/pkgs/dont-vendor-openssl.patch
+++ b/pkgs/dont-vendor-openssl.patch
@ -0,0 +1,41 @@
+diff --git a/Cargo.lock b/Cargo.lock
+index 193c40c..50edf55 100644
+--- a/Cargo.lock
+++ b/Cargo.lock
+@@ -1495,15 +1495,6 @@ version = "0.1.5"
+ source = "registry+https://github.com/rust-lang/crates.io-index"
+ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf"
+ 
+-[[package]]
+-name = "openssl-src"
+-version = "300.3.1+3.3.1"
+-source = "registry+https://github.com/rust-lang/crates.io-index"
+-checksum = "7259953d42a81bf137fbbd73bd30a8e1914d6dce43c2b90ed575783a22608b91"
+-dependencies = [
+- "cc",
+-]
+-
+ [[package]]
+ name = "openssl-sys"
+ version = "0.9.102"
+@@ -1512,7 +1503,6 @@ checksum = "c597637d56fbc83893a35eb0dd04b2b8e7a50c91e64e9493e398b5df4fb45fa2"
+ dependencies = [
+  "cc",
+  "libc",
+- "openssl-src",
+  "pkg-config",
+  "vcpkg",
+ ]
+diff --git a/Cargo.toml b/Cargo.toml
+index 1e87339..cc822f2 100644
+--- a/Cargo.toml
+++ b/Cargo.toml
+@@ -44,7 +44,7 @@ parking_lot = "0.12.1"
+ 
+ [dependencies.mosquitto-rs]
+ version="0.11.1"
+-features = ["vendored-openssl"]
+features = ["router"]
+ #path = "../mosquitto-rs/mosquitto-rs"
+ 
+ [dev-dependencies]
--- a/pkgs/govee2mqtt.nix
+++ b/pkgs/govee2mqtt.nix
@ -0,0 +1,28 @@
+{ lib, fetchFromGitHub, rustPlatform, govee2mqtt, pkg-config, openssl }:
+
+rustPlatform.buildRustPackage rec {
+  pname = "govee2mqtt";
+  version = "2024.06.15-patched";
+  src = fetchFromGitHub {
+    owner = "yorickvP";
+    repo = pname;
+    rev = "968b98a2efb7174ac34989b6383e5d21249e567f";
+    hash = "sha256-U8cxmQoWlNtBvVwCSPAkPP2rJbWM2DVnN/CvPMU2wpQ=";
+  };
+  cargoHash = "sha256-/iAK6Vp6tCW5W1fsA2S9TqGml2EvyBMMwovMt/oVDSo=";
+  cargoPatches = [ ./dont-vendor-openssl.patch ];
+
+  nativeBuildInputs = [ pkg-config ];
+  buildInputs = [ openssl ];
+
+  postPatch = ''
+    substituteInPlace src/service/http.rs \
+      --replace '"assets"' '"${placeholder "out"}/share/govee2mqtt/assets"'
+  '';
+
+  postInstall = ''
+    mkdir -p $out/share/govee2mqtt/
+    cp -r assets $out/share/govee2mqtt/
+  '';
+  inherit (govee2mqtt) meta;
+}
--- a/secrets/govee2mqtt.env.age
+++ b/secrets/govee2mqtt.env.age
@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> X25519 F4iJj7MxQCNoiGycdWq1Ty30Q5etLb4pjc7ExmV8O1w
+L8Q/sxmZaxUTYD3whnWRtSCih7a0mkW8wGZLeFRUmc0
+-> ssh-ed25519 n7yA6g ZMDoV+9G4wH58BZLdcLFNzaJ2ip4YZR5EemC8Ld+i0U
+LZoX6EnAI70UKiaNO3HxzrtaOFPceyZW2FjHymlG7Co
+--- V2GhHllLGXOb3OpkhcAyc6Cpbhh4B2nfUUaiemh9Dmw
+ù^¬Ò”äçE
+Ú2$Çj¶ÑŒc8¨<03>Z6Ð«ìÎ?µŽÖ¾e¸˜<>åûˆ’
Ð}Zf±€Ê/êúsõÀê&KÐB¾Ìõš‚a1òæ¢Ë<C2A2>²’”zÌgfR£¿ÎËs§<12>9<EFBFBD>yîÑwJ¹3CŽgAÔ<41>ÒGÂé1/åÀ”è†r£·hìÆs‹n¥¦‡ùyVQË#ã‰IZª7G9™²gÄ‚Ïý<ò´wy}bÙoQ?ÔÓi³ä1ºÑÚ-yëBT6åK{m:;»w…ÕH$%2ÄÍÌÃW³ucÅ¶8";Ÿúÿ¶Ô[ÄŒ[™zhãm$ùô?S<12>÷¥&iõ¬²†H
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -7,30 +7,33 @@ let
  jarvis = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKd8oRn7T+NnzDbTLaWyiUGIRZ21n42zdozkuUoHp8IX";

 in
-{
-  "wg.blackadder.age".publicKeys = [ yorick blackadder ];
-  "wg.frumar.age".publicKeys = [ yorick frumar ];
-  "wg.jarvis.age".publicKeys = [ yorick jarvis ];
-  "wg.pennyworth.age".publicKeys = [ yorick pennyworth ];
-  "wg.smithers.age".publicKeys = [ yorick smithers ];
-  "wg.mullvad-nl4.age".publicKeys = [ yorick frumar ];
-  "grafana.env.age".publicKeys = [ yorick frumar ];
-  "http.muflax.age".publicKeys = [ yorick pennyworth ];
-  "nix-netrc.age".publicKeys = [ yorick blackadder jarvis ];
-  "nix-netrc-yorick.age".publicKeys = [ yorick blackadder pennyworth frumar smithers jarvis ];
-  "pennyworth_borg_repo.age".publicKeys = [ yorick pennyworth ];
-  "pennyworth_borg_ssh.age".publicKeys = [ yorick pennyworth ];
-  "transip-key.age".publicKeys = [ yorick frumar ];
-  "yorick-mail-pass.age".publicKeys = [ yorick pennyworth ];
-  "yorick-user-pass.age".publicKeys = [ yorick blackadder pennyworth frumar smithers jarvis ];
-  "root-user-pass.age".publicKeys = [ yorick blackadder pennyworth frumar smithers jarvis ];
-  "frumar-mail-pass-hash.age".publicKeys = [ yorick pennyworth ];
-  "frumar-mail-pass.age".publicKeys = [ yorick frumar ];
-  "zigbee2mqtt.env.age".publicKeys = [ yorick frumar ];
-  "marvin-tracker.env.age".publicKeys = [ yorick frumar ];
-  "oauth2-proxy.age".publicKeys = [ yorick frumar ];
-  "attic.env.age".publicKeys = [ yorick frumar ];
-  "yobot.toml.age".publicKeys = [ yorick pennyworth ];
-  "wg.dk.blackadder.age".publicKeys = [ yorick blackadder ];
-  "wg.dk.smithers.age".publicKeys = [ yorick smithers ];
+builtins.mapAttrs (x: y: {
+  publicKeys = [ yorick ] ++ y;
+}) {
+  "wg.blackadder.age" = [ blackadder ];
+  "wg.frumar.age" = [ frumar ];
+  "wg.jarvis.age" = [ jarvis ];
+  "wg.pennyworth.age" = [ pennyworth ];
+  "wg.smithers.age" = [ smithers ];
+  "wg.mullvad-nl4.age" = [ frumar ];
+  "grafana.env.age" = [ frumar ];
+  "http.muflax.age" = [ pennyworth ];
+  "nix-netrc.age" = [ blackadder jarvis ];
+  "nix-netrc-yorick.age" = [ blackadder pennyworth frumar smithers jarvis ];
+  "pennyworth_borg_repo.age" = [ pennyworth ];
+  "pennyworth_borg_ssh.age" = [ pennyworth ];
+  "transip-key.age" = [ frumar ];
+  "yorick-mail-pass.age" = [ pennyworth ];
+  "yorick-user-pass.age" = [ blackadder pennyworth frumar smithers jarvis ];
+  "root-user-pass.age" = [ blackadder pennyworth frumar smithers jarvis ];
+  "frumar-mail-pass-hash.age" = [ pennyworth ];
+  "frumar-mail-pass.age" = [ frumar ];
+  "zigbee2mqtt.env.age" = [ frumar ];
+  "marvin-tracker.env.age" = [ frumar ];
+  "oauth2-proxy.age" = [ frumar ];
+  "attic.env.age" = [ frumar ];
+  "yobot.toml.age" = [ pennyworth ];
+  "wg.dk.blackadder.age" = [ blackadder ];
+  "wg.dk.smithers.age" = [ smithers ];
+  "govee2mqtt.env.age" = [ frumar ];
 }