From 875066f774fb3a0921df3e03a5cb1aa6845e7f92 Mon Sep 17 00:00:00 2001
From: Christoph Hollizeck <christoph.hollizeck@hey.com>
Date: Fri, 28 Mar 2025 00:18:00 +0100
Subject: [PATCH] homeassistant: allow remote connection via tailscale tunnel

---
 systems/aarch64-linux/nixberry/default.nix | 20 ++++++++++++++++++++
 systems/x86_64-linux/loptland/default.nix  |  4 ++++
 2 files changed, 24 insertions(+)

diff --git a/systems/aarch64-linux/nixberry/default.nix b/systems/aarch64-linux/nixberry/default.nix
index 16fb943..8b50334 100644
--- a/systems/aarch64-linux/nixberry/default.nix
+++ b/systems/aarch64-linux/nixberry/default.nix
@@ -112,6 +112,26 @@ in
     };
   };
 
+  services.home-assistant = {
+    enable = true;
+    configWritable = true;
+    config = {
+      homeassistant = {
+        name = "Heidelberg";
+        temperature_unit = "C";
+        unit_system = "metric";
+      };
+
+      http = {
+        use_x_forwarded_for = true;
+        trusted_proxies = [
+          "100.86.250.97"
+        ];
+      };
+    };
+    openFirewall = true;
+  };
+
   # Pi specific stuff
   raspberry-pi-nix = {
     board = "bcm2712";
diff --git a/systems/x86_64-linux/loptland/default.nix b/systems/x86_64-linux/loptland/default.nix
index 74e4e80..71128ae 100644
--- a/systems/x86_64-linux/loptland/default.nix
+++ b/systems/x86_64-linux/loptland/default.nix
@@ -68,6 +68,10 @@ in
 
         locations."/" = {
           # tailscale ip
+          extraConfig = ''
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+          '';
           proxyPass = "http://100.86.23.74:8123";
         };
       };