services: home-assistant: add switch for waking/powering off workstation

Signed-off-by: Christoph Heiss <christoph@c8h4.io>

extra/bin/automation-shell.pl

@@ -0,0 +1,16 @@
+#!/usr/bin/env perl
+
+use strict;
+use warnings;
+
+use IO::Interactive qw(is_interactive);
+
+die "hi, no interactive shell allowed here :)\n" if is_interactive();
+
+shift;
+my $cmd = shift;
+
+exec 'sudo', '/run/current-system/sw/bin/systemctl', 'poweroff'
+  if $cmd eq 'poweroff';
+
+die "hi, no valid command given :(\n";

machines/zero.nix

@@ -1,7 +1,11 @@
 { my, pkgs, ... }:
 
 {
-  imports = [ ../system/desktop.nix ../system/ucode-amd.nix ];
+  imports = [
+    ../system/automation-target.nix
+    ../system/desktop.nix
+    ../system/ucode-amd.nix
+  ];
 
   system.stateVersion = "23.05";
 

pkgs/automation-shell.nix

@@ -0,0 +1,23 @@
+{ stdenv, perl }:
+
+let src = ../extra/bin/automation-shell.pl;
+in stdenv.mkDerivation {
+  pname = "automation-shell";
+  version = "0.1";
+  dontUnpack = true;
+
+  doCheck = true;
+  checkInputs = [ (perl.withPackages (p: with p; [ PerlCritic ])) ];
+  checkPhase = ''
+    perlcritic ${src}
+  '';
+
+  buildInputs = [ (perl.withPackages (p: with p; [ IOInteractive ])) sudo ];
+
+  postInstall = ''
+    mkdir -p $out/bin
+    install -Dm755 ${src} $out/bin/automation-shell
+  '';
+
+  passthru.shellPath = "/bin/automation-shell";
+}

pkgs/default.nix

@@ -10,6 +10,7 @@ _: super:
     };
   });
 
+  automation-shell = super.callPackage ./automation-shell.nix { };
   dashboard-icons = super.callPackage ./dashboard-icons.nix { };
   deploy-sink = super.callPackage ./deploy-sink.nix { };
   git-multi-shortlog = super.callPackage ./git-multi-shortlog.nix { };

services/home-assistant.nix

@@ -1,6 +1,7 @@
-{ secrets, ... }:
+{ my, pkgs, secrets, ... }:
 
-{
+let trimNewlines = builtins.replaceStrings [ "\n" ] [ "" ];
+in {
   services.home-assistant = {
     enable = true;
     config = {
@@ -34,12 +35,26 @@
       recorder.db_url = "postgresql://@/hass";
       scene = { };
       schedule = { };
+      shell_command.poweroff_zero = trimNewlines ''
+        ${pkgs.openssh}/bin/ssh
+          -i ${secrets.automation-sshkey.destination}
+          -o StrictHostKeyChecking=no
+          automation@zero poweroff
+      '';
       script = { };
       ssdp = { };
       sun = { };
+      switch = [{
+        platform = "wake_on_lan";
+        name = "wake/poweroff zero";
+        mac = my.machines.zero.macAddress;
+        host = "zero";
+        turn_off.service = "shell_command.poweroff_zero";
+      }];
       system_health = { };
       tag = { };
       timer = { };
+      wake_on_lan = { };
       webhook = { };
       zeroconf = { };
       zone = { };

system/automation-target.nix

@@ -0,0 +1,24 @@
+{ pkgs, ... }:
+
+{
+  users.groups.automation = { };
+  users.users.automation = {
+    isSystemUser = true;
+    createHome = false;
+    group = "automation";
+    shell = pkgs.automation-shell;
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJk5vjODKwMUnvQAM1cvBhOhyErdeZcdPMYdIjf9dNEG hass@tank.c8h4.io"
+    ];
+  };
+
+  security.sudo.extraRules = [{
+    users = [ "automation" ];
+    commands = [{
+      command = "/run/current-system/sw/bin/systemctl poweroff";
+      options = [ "NOPASSWD" ];
+    }];
+  }];
+
+  services.openssh.settings.AllowUsers = [ "automation" ];
+}