From b1afb4adf1f20ff04c4370ef287ee7b8dbb84780 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sun, 26 Mar 2023 12:15:50 -0500 Subject: [PATCH] Configure Home Assistant Podman container The default Home Assistant configuration does not allow running a reverse proxy in front of the application. To enable this, the `use_x_forwarded_for` and `trusted_proxies` options have to be set. Since we want `/var/lib/homeassistant` to be a Btrfs subvolume, we can't simply include the necessary files in the correct location in the rootfs image. Instead, we must define "copy tree" (`C`) actions for `systemd-tmpfiles` to copy them from `/usr/share/factory`. Unfortunately, `systemd-tmpfiles` considers `v` and `C` actions conflicting, and thus will not copy the directory contents recursively. Each file has to be listed explicitly. --- squashfs.exclude | 2 +- .../systemd/home-assistant.container | 19 +++++++++++++++++++ .../overlay/etc/sysusers.d/homeassistant.conf | 2 ++ .../overlay/etc/tmpfiles.d/homeassistant.conf | 8 ++++++++ .../var/lib/homeassistant/automations.yaml | 1 + .../var/lib/homeassistant/configuration.yaml | 14 ++++++++++++++ .../factory/var/lib/homeassistant/groups.yaml | 0 .../factory/var/lib/homeassistant/http.yaml | 4 ++++ .../factory/var/lib/homeassistant/scenes.yaml | 0 .../var/lib/homeassistant/scripts.yaml | 0 .../var/lib/homeassistant/secrets.yaml | 1 + 11 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 yellow/overlay/etc/containers/systemd/home-assistant.container create mode 100644 yellow/overlay/etc/sysusers.d/homeassistant.conf create mode 100644 yellow/overlay/etc/tmpfiles.d/homeassistant.conf create mode 100644 yellow/overlay/usr/share/factory/var/lib/homeassistant/automations.yaml create mode 100644 yellow/overlay/usr/share/factory/var/lib/homeassistant/configuration.yaml create mode 100644 yellow/overlay/usr/share/factory/var/lib/homeassistant/groups.yaml create mode 100644 yellow/overlay/usr/share/factory/var/lib/homeassistant/http.yaml create mode 100644 yellow/overlay/usr/share/factory/var/lib/homeassistant/scenes.yaml create mode 100644 yellow/overlay/usr/share/factory/var/lib/homeassistant/scripts.yaml create mode 100644 yellow/overlay/usr/share/factory/var/lib/homeassistant/secrets.yaml diff --git a/squashfs.exclude b/squashfs.exclude index 6af3f35..fa1dfa4 100644 --- a/squashfs.exclude +++ b/squashfs.exclude @@ -37,7 +37,7 @@ usr/share/aclocal usr/share/baselayout usr/share/bash-completion usr/share/doc -usr/share/factory +usr/share/factory/etc usr/share/gdb usr/share/info usr/share/locale/*/*/*python* diff --git a/yellow/overlay/etc/containers/systemd/home-assistant.container b/yellow/overlay/etc/containers/systemd/home-assistant.container new file mode 100644 index 0000000..84404f5 --- /dev/null +++ b/yellow/overlay/etc/containers/systemd/home-assistant.container @@ -0,0 +1,19 @@ +[Unit] +After=network-online.target +Wants=network-online.target + +[Container] +Image=ghcr.io/home-assistant/yellow-homeassistant:stable +Network=host +Volume=/var/lib/homeassistant:/config:Z +User=300 +Group=300 +ReadOnly=true +VolatileTmp=yes + +[Service] +TimeoutStartSec=5min +UMask=0077 + +[Install] +WantedBy=multi-user.target diff --git a/yellow/overlay/etc/sysusers.d/homeassistant.conf b/yellow/overlay/etc/sysusers.d/homeassistant.conf new file mode 100644 index 0000000..35d916f --- /dev/null +++ b/yellow/overlay/etc/sysusers.d/homeassistant.conf @@ -0,0 +1,2 @@ +u homeassistant 300 "Home Assistant" /var/lib/homeassistant /bin/sh +g homeassistant 300 diff --git a/yellow/overlay/etc/tmpfiles.d/homeassistant.conf b/yellow/overlay/etc/tmpfiles.d/homeassistant.conf new file mode 100644 index 0000000..94b6070 --- /dev/null +++ b/yellow/overlay/etc/tmpfiles.d/homeassistant.conf @@ -0,0 +1,8 @@ +v /var/lib/homeassistant 0700 homeassistant homeassistant - - +C /var/lib/homeassistant/automations.yaml - - - - +C /var/lib/homeassistant/configuration.yaml - - - - +C /var/lib/homeassistant/groups.yaml - - - - +C /var/lib/homeassistant/http.yaml - - - - +C /var/lib/homeassistant/scenes.yaml - - - - +C /var/lib/homeassistant/scripts.yaml - - - - +C /var/lib/homeassistant/secrets.yaml - - - - diff --git a/yellow/overlay/usr/share/factory/var/lib/homeassistant/automations.yaml b/yellow/overlay/usr/share/factory/var/lib/homeassistant/automations.yaml new file mode 100644 index 0000000..fe51488 --- /dev/null +++ b/yellow/overlay/usr/share/factory/var/lib/homeassistant/automations.yaml @@ -0,0 +1 @@ +[] diff --git a/yellow/overlay/usr/share/factory/var/lib/homeassistant/configuration.yaml b/yellow/overlay/usr/share/factory/var/lib/homeassistant/configuration.yaml new file mode 100644 index 0000000..69a414d --- /dev/null +++ b/yellow/overlay/usr/share/factory/var/lib/homeassistant/configuration.yaml @@ -0,0 +1,14 @@ + +# Configure a default setup of Home Assistant (frontend, api, etc) +default_config: + +http: !include http.yaml + +# Text to speech +tts: + - platform: google_translate + +group: !include groups.yaml +automation: !include automations.yaml +script: !include scripts.yaml +scene: !include scenes.yaml diff --git a/yellow/overlay/usr/share/factory/var/lib/homeassistant/groups.yaml b/yellow/overlay/usr/share/factory/var/lib/homeassistant/groups.yaml new file mode 100644 index 0000000..e69de29 diff --git a/yellow/overlay/usr/share/factory/var/lib/homeassistant/http.yaml b/yellow/overlay/usr/share/factory/var/lib/homeassistant/http.yaml new file mode 100644 index 0000000..5311045 --- /dev/null +++ b/yellow/overlay/usr/share/factory/var/lib/homeassistant/http.yaml @@ -0,0 +1,4 @@ +server_host: '::1' +trusted_proxies: +- '::1' +use_x_forwarded_for: true diff --git a/yellow/overlay/usr/share/factory/var/lib/homeassistant/scenes.yaml b/yellow/overlay/usr/share/factory/var/lib/homeassistant/scenes.yaml new file mode 100644 index 0000000..e69de29 diff --git a/yellow/overlay/usr/share/factory/var/lib/homeassistant/scripts.yaml b/yellow/overlay/usr/share/factory/var/lib/homeassistant/scripts.yaml new file mode 100644 index 0000000..e69de29 diff --git a/yellow/overlay/usr/share/factory/var/lib/homeassistant/secrets.yaml b/yellow/overlay/usr/share/factory/var/lib/homeassistant/secrets.yaml new file mode 100644 index 0000000..0967ef4 --- /dev/null +++ b/yellow/overlay/usr/share/factory/var/lib/homeassistant/secrets.yaml @@ -0,0 +1 @@ +{}