This page is read only. You can view the source, but not change it. Ask your administrator if you think this is wrong. # home-assistant-one This is one of the NixOS boxes. Its primary service is running Home Assistant. It currently has dongles for Z-Wave, Zigbee (ZBT-1) and OpenThread (ZBT-2) plugged in. All these dongles have custom `/dev/tty-*` names based on custom udev rules. ## Architecture The box operates Home Assistant and other dependency services as a bunch of containers mixed with some NixOS services. Here's a (possibly non-exhaustive) list of them: - `podman-homeassistant`: the primary HA container, running with `privileged=true`. It has access to all the exposed dongles. - `podman-thread_border_router`: runs the OpenThread Border Router (OTBR) container that talks to the ZBT-2 dongle for Thread support. This container is required for the ZBT-2 dongle (in Thread mode) to operate at all. - `matter-server`: the Matter server that HA talks to. - `mpd`: HA uses this to play music and TTS over the system audio outputs (e.g. Bluetooth, 3.5mm audio) - `pulseaudio`: audio server, run as a system-wide service - `zwave-js`: the Z-Wave.js server that HA talks to ### Networking This box is a special box, in that it has access to almost all of our VLANs! - `vlan10` (management) - `vlan100` (services, primary, over `eno1`) - `vlan110` (user) - `vlan130` (iot) It primarily talks to `vlan130` (Matter, Home Assistant). The box does network ingress using `cloudflared` + `caddy`, since we don't have stable public IPs yet. All `cloudflared` traffic routed to the box (requires DNS queries set to the tunnel's) are automatically forwarded to Caddy's `:80`, which is then routed to each host according to `services.caddy.virtualHosts` rules. **Only listen to `http://` pages; HTTPS is NOT used for routing and is terminated at cloudflared already.**