jet/noisebell
jet/noisebell
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: add home assistant capability with pi-relay

Browse source
This commit is contained in:
Jet 2026-03-23 22:45:49 -07:00
parent 2374e3cd60
commit 4f7ac0e7d7
No known key found for this signature in database
13 changed files with 415 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

49
pi/README.md
View file

@ -111,25 +111,32 @@ scripts/deploy-pios-pi.sh pi@10.21.x.x
That script:
1. builds `.#packages.aarch64-linux.noisebell-static` locally
2. decrypts the Pi-facing secrets locally with `agenix`
3. uploads the binary and secrets to the Pi
4. installs Tailscale and Avahi if needed
5. writes `/etc/noisebell/noisebell.env`
6. installs `noisebell.service`
7. enables and starts the service
8. runs `tailscale up` with the decrypted auth key
2. builds `.#packages.aarch64-linux.noisebell-relay-static` locally
3. decrypts the Pi-facing secrets locally with `agenix`
4. uploads the binaries and secrets to the Pi
5. installs Tailscale and Avahi if needed
6. writes `/etc/noisebell/noisebell.env`
7. writes `/etc/noisebell/noisebell-relay.env`
8. installs `noisebell.service` and `noisebell-relay.service`
9. enables and starts both services
10. runs `tailscale up` with the decrypted auth key
## Files written on the Pi
The deploy script creates:
- `/opt/noisebell/releases/<timestamp>/noisebell`
- `/opt/noisebell/releases/<timestamp>/noisebell-relay`
- `/opt/noisebell/current` -> current release symlink
- `/etc/noisebell/pi-to-cache-key`
- `/etc/noisebell/cache-to-pi-key`
- `/etc/noisebell/relay-webhook-secret`
- `/etc/noisebell/homeassistant-webhook-id`
- `/etc/noisebell/tailscale-auth-key`
- `/etc/noisebell/noisebell.env`
- `/etc/noisebell/noisebell-relay.env`
- `/etc/systemd/system/noisebell.service`
- `/etc/systemd/system/noisebell-relay.service`
All secret files are root-only.
@ -171,6 +178,34 @@ The deployed service uses these environment variables:
| `NOISEBELL_BIND_ADDRESS` | `0.0.0.0` | HTTP bind address |
| `NOISEBELL_ACTIVE_LOW` | `true` | Low GPIO = door open |
## Relay service configuration
The optional relay service accepts authenticated webhooks from cache-service and forwards them to Home Assistant on the local network.
| Variable | Default | Description |
|---|---|---|
| `NOISEBELL_RELAY_PORT` | `8090` | HTTP port for the relay webhook endpoint |
| `NOISEBELL_RELAY_BIND_ADDRESS` | `0.0.0.0` | HTTP bind address |
| `NOISEBELL_RELAY_TARGET_BASE_URL` | `http://homeassistant.local:8123` | Base URL for Home Assistant |
| `NOISEBELL_RELAY_TARGET_WEBHOOK_ID` | required | Home Assistant webhook ID |
| `NOISEBELL_RELAY_INBOUND_API_KEY` | required | Bearer token expected from cache-service |
| `NOISEBELL_RELAY_RETRY_ATTEMPTS` | `3` | Forward retry count |
| `NOISEBELL_RELAY_RETRY_BASE_DELAY_SECS` | `1` | Exponential backoff base delay |
| `NOISEBELL_RELAY_HTTP_TIMEOUT_SECS` | `10` | Outbound request timeout |
Example cache target for the relay:
```nix
{
services.noisebell-cache.outboundWebhooks = [
{
url = "http://noisebell-pi.local:8090/webhook";
secretFile = /run/agenix/noisebell-relay-webhook-secret;
}
];
}
```
## API
All endpoints require `Authorization: Bearer <token>`.