Ansible configuration policy for the private network/home lab of Dustin C. Hatch
http://dustin.hatch.name/
Dustin
0f70a5b6ba
Home Assistant no longer recommends using the built-in libopenzwave integration for communicating with Z-Wave devices. Evidently, OpenZWave is no longer maintained, and community efforts have shifted toward Z-Wave JS. Z-Wave JS is architecturally much different than the legacy Z-Wave integration. Instead of running the network controller inside the Home Assistant process, a separate daemon communicates with the Z-Wave radio. Home Assistant integrates with that daemon using a WebSockets API. This has the advantage of decoupling the network operation from the lifecycle of the Home Assistant process: restarting Home Assistant (e.g. to load new configuration changes) does not take the Z-Wave network offline. ZwaveJS2Mqtt is a distribution of the Z-Wave JS daemon, as well as a web-based user interface for configuring it. Although its name implies that it uses MQTT for communication, this feature is actually optional, and the native WebSockets API can still be used for integration with Home Assistant. I decided to follow the same deployment pattern for ZwaveJS2Mqtt as for Home Assistant itself: run the application from a container image using Podman. This of course simplifies the installation of the application significantly, leaving most of that work up to the maintainer of the container image. Podman provides the container runtime, managing the privileges, etc. The systemd service unit starts Podman, configuring an ephemeral container on each run. The container uses the default network namespace, avoiding the unnecessary overhead of port mapping. It uses Podman's "rootless" mode, via the `--uidmap` and `--gidmap` arguments, mapping users inside the container, including root, to unprivileged users on the host. The Z-Wave radio, which is specified by the `zwavejs_device` Ansible variable, is passed into the container via the `--device` argument. |
||
|---|---|---|
| .certs@654b52b608 | ||
| certs | ||
| ci | ||
| group_vars | ||
| host_vars | ||
| passwords/kojiweb_secret | ||
| roles | ||
| vars | ||
| vault | ||
| .gitignore | ||
| .gitmodules | ||
| .vault-secret.sh | ||
| ansible.cfg | ||
| ansible.yml | ||
| aria2.yml | ||
| base.yml | ||
| bitwarden_rs.yml | ||
| burp-client.yml | ||
| burp-server.yml | ||
| certbot.yml | ||
| collectd.yml | ||
| dch-gw.yml | ||
| dch-proxy.yml | ||
| dch-root-ca.crt | ||
| dch-vpn.yml | ||
| dhcpcd.yml | ||
| dhcpd.yml | ||
| docker.yml | ||
| domain-controller.yml | ||
| dyngroups.yml | ||
| fileserver.yml | ||
| firewalld.yml | ||
| gitea.yml | ||
| grafana.yml | ||
| graylog.yml | ||
| hassdb.yml | ||
| homeassistant.yml | ||
| hostname.yml | ||
| hosts | ||
| hosts.offline | ||
| jenkins-slave.yml | ||
| koji-builder.yml | ||
| koji-hub.yml | ||
| koji-web.yml | ||
| koji.yml | ||
| motioneye.yml | ||
| named-server.yml | ||
| net-ifaces.yml | ||
| network.yml | ||
| nextcloud.yml | ||
| ntp.yml | ||
| postgresql.yml | ||
| protonvpn.yml | ||
| pyrocufflink.yml | ||
| radius.yml | ||
| radvd.yml | ||
| remount.yml | ||
| rngd.yml | ||
| samba-dc.yml | ||
| smtp-relay.yml | ||
| squid.yml | ||
| synapse.yml | ||
| taiga.yml | ||
| vmhost.yml | ||
| websites.yml | ||
| wheelhost.yml | ||
| zabbix-agent.yml | ||
| zabbix-server.yml | ||
| zabbix.yml | ||
| zezere.yml | ||