| 4 Oct 2023 |
 presto8 | I'm happy to say that I successfully migrated from my previous Ubuntu/supervised HA to a fully declarative HA on NixOS! For the most part it was pretty smooth. BT and Zigbee stuff moved over very easily. Zwave was fine too once I figured out that I needed to run my own zwave-js-ui container in addition to the HA declarative configuration.
Moving the Zigbee and Zwave USB sticks to the new system also brought along the paired devices, however the HA configuration was buried somewhere in the home-assistant_v2.db Sqlite DB on the previous system and I could not figure out how to extract the device name/ID information. The HA DB schema is quite difficult to figure out, maybe that is intentional as it seems the HA upstream is moving more and more stuff to the database unfortunately. I had to manually rename all the devices in HA to match the automations.yaml from the previous system but it was a one-time pain. (I was able to backup the system configuration on the previous system and download the backup file, but did not figure out a way to import it on the new system. For the yaml files that were exported, it was easy to convert those into .nix declarative files.) If anyone knows an easy way to extract the device names and pairins to the hardware ID, that would be very helpful.
I am running on nixos-23.05 but with an overlay to nixos-unstable for the home-assistant package only in order to get the latest HA version. Have Mosquitto, Frigate, VictoriaMetrics, and Grafana, all of which required a tiny bit of work (not much). And also a custom lovelace card for air quality which is working but not declaratively yet (still debugging).
The documentation on the NixOS HA Wiki is very good and made the transition fairly straightforward. Thanks all!
| 16:36:22 |
 @hexa:lossy.network | That's great to hear, that things went so well for your migration | 16:39:20 |
| @hexa:lossy.network | I have no experience with the backup/restore functionality of home-assistant sadly | 16:39:36 |
| @hexa:lossy.network | I treat /var/lib/home-assistant mostly as state | 16:39:55 |
| @hexa:lossy.network | and zigbee2mqtt is more forthcoming with backup/restore | 16:40:09 |
| presto8 | It seems the backup/restore only works if you stay within supervised or HAOS :( | 16:40:27 |
| presto8 | I spent hours inside the Sqlite DB, it seems most things are stored in the 'states' table, but there is also a db/devices directory with tons of files. I just gave up eventually | 16:42:20 |
| @hexa:lossy.network | I never digged into that much | 16:43:31 |
| @hexa:lossy.network | but that is good info | 16:43:42 |
| @hexa:lossy.network | I thought they wrote most stuff back out into yaml in ~/.storage | 16:43:53 |
| presto8 | Oh.... hmmm... let me look! | 16:44:21 |
| @hexa:lossy.network | looks like each esphome device has a file in there for example | 16:45:50 |
| @hexa:lossy.network | and it's actually json, but w/e | 16:46:07 |
| presto8 | Ok, yes, I remember. What I did was get the various unique ID strings from the new build, and then ripgrep'd for them in the old backup directory and didn't find any matches. I just confirmed now, it seems the device_id is changed for some reason! :( | 16:48:20 |
| presto8 | Here is a comparison of the same device (not repaired with Zwave dongle) on the old system and new system: | 16:48:46 |
| presto8 | 
Download image.png | 16:48:48 |
| presto8 | 
Download image.png | 16:49:02 |
| presto8 | I will keep looking, maybe it is in there somewhere | 16:49:49 |
| presto8 | But each Zwave controller has a unique ID, such as "24", whenever it pairs the device. I can see those IDs on the zwave-ui-js web interface. It would be nice to see some sort of mapping on the HA side for that (it may not exist). Similarly, Zigbee has unique MAC-based IDs, such as 28:2c:02:bf:ff:eb:78:8f (verified from hardware device properties). | 16:52:31 |
| presto8 | Anyway, I will keep trying, it is working for now so it will be lower priority. I will report back any progress :) | 16:52:52 |
| presto8 | For any suggested changes or additions, should I discuss here first or just make a pull request? | 16:58:31 |
| @hexa:lossy.network | feel free to discuss them here first | 17:01:06 |
| presto8 | One quick one, I think UMask should be 0027 (currently 0077) in home-assistant.nix: if a user is in the group 'hass', that user should be able to access the files? Normally I am not root, so whenever I want to access configDir, I need to sudo first. (Also complicates backup for me since I run backup as a non-privileged user.) | 17:15:21 |
|  @pederbs:pvv.ntnu.no changed their profile picture. | 22:20:22 |
| 5 Oct 2023 |
| @hexa:lossy.network | the hardening on the unit is pretty strong, I'm aware | 00:23:42 |
| @hexa:lossy.network | I do backups as root personally | 00:23:57 |
| @hexa:lossy.network | but you could also add CAP_DAC_READ_OVERRIDE | 00:24:08 |
| @hexa:lossy.network | but that depends on your threat model | 00:24:15 |
| @hexa:lossy.network | I would suggest overriding the UMask to your liking and we stick to a secure by default setup | 00:24:55 |
| @hexa:lossy.network | systemd.services.home-assistant.serviceConfig.UMask = lib.mkForce "0027";
| 00:25:21 |
