From c626bc4b9f348903c313cb5b493454f0c1a7eeda Mon Sep 17 00:00:00 2001
From: Stefan Kempinger <kempinger@ins.jku.at>
Date: Wed, 19 Nov 2025 15:18:29 +0100
Subject: [PATCH] add home assistant

---
 configuration.nix | 18 +++++++++---------
 flake.lock        |  6 +++---
 services.nix      | 39 ++++++++++++++++++++++++++++++++-------
 3 files changed, 44 insertions(+), 19 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index ede027f..539b66f 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -58,7 +58,9 @@
     22
     80
     443
-    3000
+    2222 # forgejo ssh
+    3000 # forgejo frontend
+    8123 # homeassistant
     9000
   ];
 
@@ -68,14 +70,6 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGHadFhDCUU/ta3p1FQgpm7NExHkyHNrJbNJP6np5w9 kempinger@ins.jku.at"
     ];
   };
-  # Service users for containers
-  users.users.docker-user = {
-    isSystemUser = true;
-    group = "docker-user";
-    extraGroups = [ "docker" ];
-  };
-  users.groups.docker-user = { };
-
   # Security
   # security.sudo.wheelNeedsPassword = false;
 
@@ -89,6 +83,9 @@
     };
   };
 
+  hardware.bluetooth.enable = true;
+  services.blueman.enable = true;
+
   # Packages
   environment.systemPackages = with pkgs; [
     vim
@@ -100,6 +97,9 @@
     docker-compose
     nixd
     nixfmt
+    systemd
+
+    nil
   ];
 
   # Nix settings
diff --git a/flake.lock b/flake.lock
index 8cf7a3e..e7b1b8c 100644
--- a/flake.lock
+++ b/flake.lock
@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1761907660,
-        "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=",
+        "lastModified": 1762977756,
+        "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15",
+        "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
         "type": "github"
       },
       "original": {
diff --git a/services.nix b/services.nix
index aac05c7..8924639 100644
--- a/services.nix
+++ b/services.nix
@@ -59,7 +59,11 @@ in
         # You need to specify this to remove the port from URLs in the web UI.
         ROOT_URL = "https://${srv.DOMAIN}/";
         HTTP_PORT = 3000;
+        DISABLE_SSH = false;
+        SSH_PORT = 2222;
+        START_SSH_SERVER=true;
       };
+
       # You can temporarily allow registration to create an admin user.
       service.DISABLE_REGISTRATION = true;
       # Add support for actions, based on act: https://github.com/nektos/act
@@ -82,17 +86,38 @@ in
   # systemd.services.forgejo.preStart =
   #   ''
   #     ${lib.getExe cfg.package} admin user create --admin --email "root@localhost" --username crazychaoz --password temp123 || true
-  #     ''; 
-       
+  #     '';
+
   #services.vscode-server.enable = true;
 
   # Virtualisation
-  virtualisation.docker = {
-    enable = true;
-    enableOnBoot = true;
-    rootless = {
+  virtualisation = {
+    containers.enable = true;
+    podman = {
       enable = true;
-      setSocketVariable = true;
+      dockerCompat = true;
+      defaultNetwork.settings.dns_enabled = true; # Required for containers under podman-compose to be able to talk to each other.
+    };
+  };
+
+  virtualisation.oci-containers = {
+    backend = "podman";
+    containers.homeassistant = {
+      #autoStart = true;
+      volumes = [ 
+        "home-assistant:/config" 
+        "/run/dbus:/run/dbus:ro"
+      ];
+      environment.TZ = "Europe/Berlin";
+      # Note: The image will not be updated on rebuilds, unless the version label changes
+      image = "ghcr.io/home-assistant/home-assistant:stable";
+      extraOptions = [
+        # Use the host network namespace for all sockets
+        "--network=host"
+        # Pass devices into the container, so Home Assistant can discover and make use of them
+        #"--device=/dev/ttyACM0:/dev/ttyACM0"
+        "--privileged"
+      ];
     };
   };
 }