update

conf/app.src

@@ -1 +0,0 @@
-UPSTREAM_HA_VERSION=0.78.3

conf/homeassistant_conf_files/automations.yaml

@@ -1,3 +0,0 @@
-##########################
-# Automations
-##########################

conf/homeassistant_conf_files/bin/upgrade_homeassistant.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# define usefull variables
+app="homeassistant"
+final_path="/opt/yunohost/$app"
+
+# stop homeassistant systemd service
+#sudo systemctl stop $app@$app.service
+
+# create the virtual environment
+python3 -m venv "$final_path"
+
+# activate the virtual environment
+. "$final_path/bin/activate"
+
+# upgrade required python package
+pip install --upgrade wheel
+
+# upgrade homeassistant python package
+pip install --upgrade $app
+
+# restart homeassistant systemd service
+sudo systemctl restart $app@$app.service

conf/homeassistant_conf_files/bin/ynh_ldap-auth.sh

@@ -0,0 +1,148 @@
+#!/bin/sh
+#
+# ldap-auth.sh - Simple shell script to authenticate users against LDAP
+#
+
+# Uncomment to enable debugging to stderr (prints full client output
+# and more).
+#DEBUG=1
+
+# Must be one of "curl" and "ldapsearch".
+# NOTE:
+# - When choosing "curl", make sure "curl --version | grep ldap" outputs
+#   something. Otherwise, curl was compiled without LDAP support.
+# - When choosing "ldapsearch", make sure the ldapwhoami command is
+#   available as well, as that might be needed in some cases.
+CLIENT="ldapsearch"
+
+# Usernames should be validated using a regular expression to be of
+# a known format. Special characters will be escaped anyway, but it is
+# generally not recommended to allow more than necessary.
+# This pattern is set by default. In your config file, you can either
+# overwrite it with a different one or use "unset USERNAME_PATTERN" to
+# disable validation completely.
+USERNAME_PATTERN='^[a-z|A-Z|0-9|_|-|.]+$'
+
+# Adapt to your needs.
+SERVER="ldap://127.0.0.1:389"
+USERDN="uid=$username,ou=users,dc=yunohost,dc=org"
+BASEDN="$USERDN"
+SCOPE="base"
+FILTER="(&(uid=$username)(objectClass=posixAccount))"
+NAME_ATTR="cn"
+ATTRS="$ATTRS $NAME_ATTR"
+
+# When the timeout (in seconds) is exceeded (e.g. due to slow networking),
+# authentication fails.
+TIMEOUT=3
+
+########## END OF CONFIGURATION ##########
+
+
+########## SCRIPT CODE FOLLOWS, DON'T TOUCH!  ##########
+
+# Log messages to log file.
+log() {
+	echo "$(date)\t$1" >> $LOG_FILE
+}
+
+# Check permission of ynh user.
+ynh_user_app_permission() {
+	access=$(cat "/etc/ssowat/conf.json" | jq ".users."$username"" | grep "Home Assistant")
+	[ ! -z "$access" ] && return 1
+	return 0
+}
+
+ldap_auth_ldapsearch() {
+	common_opts="-o nettimeout=$TIMEOUT -H $SERVER -x"
+	[ ! -z "$DEBUG" ] && common_opts="-v $common_opts"
+	output=$(ldapsearch $common_opts -LLL \
+		-D "$USERDN" -w "$password" \
+		-s "$SCOPE" -b "$BASEDN" "$FILTER" dn $ATTRS)
+	[ $? -ne 0 ] && return 1
+	return 0
+}
+
+on_auth_success() {
+	# print the meta entries for use in HA
+	if [ ! -z "$NAME_ATTR" ]; then
+		name=$(echo "$output" | sed -nr "s/^\s*$NAME_ATTR:\s*(.+)\s*\$/\1/Ip")
+		[ -z "$name" ] || echo "name=$name"
+	fi
+}
+
+# Reset log file.
+if [ ! -z "$DEBUG" ]; then
+	LOG_FILE=$(cd -P -- "$(dirname -- "$0")" && pwd -P)"/ldap-auth.log"
+	[ -f "$LOG_FILE" ] && :> "$LOG_FILE"
+fi
+
+# Check app access permisssion for the ynh user.
+ynh_user_app_permission
+if [ $? -eq 0 ]; then
+	[ ! -z "$DEBUG" ] && log "User '$username' does not have the permission to access these app."
+	exit 1
+else
+	[ ! -z "$DEBUG" ] && log "User '$username' have the permission to access these app."
+fi
+
+# Validate config.
+err=0
+if [ -z "$SERVER" ] || [ -z "$USERDN" ]; then
+	[ ! -z "$DEBUG" ] && log "SERVER and USERDN need to be configured."
+	err=1
+fi
+if [ -z "$TIMEOUT" ]; then
+	[ ! -z "$DEBUG" ] && log "TIMEOUT needs to be configured."
+	err=1
+fi
+if [ ! -z "$BASEDN" ]; then
+	if [ -z "$SCOPE" ] || [ -z "$FILTER" ]; then
+		[ ! -z "$DEBUG" ] && log "BASEDN, SCOPE and FILTER may only be configured together."
+		err=1
+	fi
+elif [ ! -z "$ATTRS" ]; then
+	[ ! -z "$DEBUG" ] && log "Configuring ATTRS only makes sense when enabling searching."
+	err=1
+fi
+
+# Check username and password are present and not malformed.
+if [ -z "$username" ] || [ -z "$password" ]; then
+	[ ! -z "$DEBUG" ] && log "Need username and password environment variables."
+	err=1
+elif [ ! -z "$USERNAME_PATTERN" ]; then
+	username_match=$(echo "$username" | sed -r "s/$USERNAME_PATTERN/x/")
+	if [ "$username_match" != "x" ]; then
+		[ ! -z "$DEBUG" ] && log "Username '$username' has an invalid format."
+		err=1
+	fi
+fi
+
+[ $err -ne 0 ] && exit 2
+
+# Do the authentication.
+ldap_auth_ldapsearch
+result=$?
+
+entries=0
+if [ $result -eq 0 ]; then
+	entries=$(echo "$output" | grep -cie '^dn\s*:')
+	[ "$entries" != "1" ] && result=1
+fi
+
+if [ ! -z "$DEBUG" ]; then
+	log "Result: $result"
+	log "Number of entries: $entries"
+	log "Client output:"
+	log "$output"
+fi
+
+if [ $result -ne 0 ]; then
+	[ ! -z "$DEBUG" ] && log "User '$username' failed to authenticate."
+	type on_auth_failure > /dev/null && on_auth_failure
+	exit 1
+fi
+
+[ ! -z "$DEBUG" ] && log "User '$username' authenticated successfully."
+type on_auth_success > /dev/null && on_auth_success
+exit 0

conf/homeassistant_conf_files/configuration.yaml

@@ -1,60 +1,51 @@
 homeassistant:
-  # Auth providers
-  #auth_providers:
-  # - type: homeassistant
-  # - type: trusted_networks
-  # - type: legacy_api_password
-  # Name of the location where Home Assistant is running
+  auth_providers:
+   - type: command_line
+     command: /home/homeassistant/.homeassistant/bin/ynh_ldap-auth.sh
+     meta: true
+   - type: homeassistant
+   - type: trusted_networks
+     trusted_networks:
+       - 127.0.0.1 
+       - ::1 
+       - 192.168.0.0/24 
+       - fd00::/8
   name: Home
-  # Location required to calculate the time the sun rises and sets
   latitude: 0
   longitude: 0
-  # Impacts weather/sunrise data (altitude above sea level in meters)
   elevation: 0
-  # metric for Metric, imperial for Imperial
   unit_system: metric
-  # Pick yours from here: http://en.wikipedia.org/wiki/List_of_tz_database_time_zones
   time_zone: UTC
-  # Customization file
-  customize: !include customize.yaml
 
 http:
-  # Uncomment this if you are using SSL/TLS, running in Docker container, etc.
   base_url: __DOMAIN__:__PORT__
   server_port: __PORT__
-  cors_allowed_origins:
-    - https://google.com
-    - https://www.home-assistant.io
   use_x_forwarded_for: True
   trusted_proxies:
     - 127.0.0.1
     - ::1
   ip_ban_enabled: True
   login_attempts_threshold: 5
-  # If trusted_networks is active as auth_provider 
-  trusted_networks:
-    - 192.168.0.0/24
-    - fd00::/8
-  # If legacy_api_password is active as auth_provider 
-  #api_password: !secret http_password
+
+# Lovelace mode
+lovelace:
+  mode: yaml
 
 # Show links to resources in log and frontend
 introduction:
 
 # Enables the frontend
 frontend:
+  javascript_version: latest
 
 # Enables configuration UI
 config:
 
+# Enables health
+system_health:
+
 # Checks for available updates
-# Note: This component will send some information about your system to
-# the developers to assist with development of Home Assistant.
-# For more information, please see:
-# https://home-assistant.io/blog/2016/10/25/explaining-the-updater/
 updater:
-  # Optional, allows Home Assistant developers to focus on popular components.
-  # include_used_components: true
 
 # Discover some devices automatically
 discovery:
@@ -81,8 +72,28 @@ tts:
 # Cloud
 cloud:
 
-# Display
-group: !include groups.yaml
-automation: !include automations.yaml
-script: !include scripts.yaml
-sensor: !include sensors.yaml
+# Sensors
+sensor:
+  - platform: version
+  - platform: rest
+    resource: https://pypi.python.org/pypi/homeassistant/json
+    name: "Latest Available Version"
+    value_template: '{{ value_json.info.version }}'
+    scan_interval: 3600
+
+# Binary sensors
+binary_sensor:
+  - platform: template
+    sensors:
+      ha_update_available:
+        friendly_name: An update is available
+        value_template: >-
+            {{states.sensor.latest_available_version.state != "unavailable" and states.sensor.latest_available_version.state != states.sensor.current_version.state}}
+
+# Switches
+switch:
+  - platform: command_line
+    switches:   
+      upgrade_homeassistant:
+        command_on: "bash -c /home/homeassistant/.homeassistant/bin/upgrade_homeassistant.sh"
+        friendly_name: Upgrade Home Assistant

conf/homeassistant_conf_files/customize.yaml

@@ -1,3 +0,0 @@
-##########################
-# Customizations
-##########################

conf/homeassistant_conf_files/groups.yaml

@@ -1,3 +0,0 @@
-##########################
-# Groups
-##########################

conf/homeassistant_conf_files/known_devices.yaml

@@ -1,3 +0,0 @@
-##########################
-# Known Devices
-##########################

conf/homeassistant_conf_files/scripts.yaml

@@ -1,3 +0,0 @@
-##########################
-# Scripts
-##########################

conf/homeassistant_conf_files/secrets.yaml

@@ -1,3 +0,0 @@
-# Use this file to store secrets like usernames and passwords.
-# Learn more at https://home-assistant.io/docs/configuration/secrets/
-http_password: 

conf/homeassistant_conf_files/sensors.yaml

@@ -1,3 +0,0 @@
-##########################
-# Sensors
-##########################

scripts/_common.sh

@@ -3,7 +3,7 @@
 #
 
 # Package dependencies
-PKG_DEPENDENCIES="python3 python3-venv python3-pip"
+PKG_DEPENDENCIES="python3 python3-venv python3-pip build-essential libssl-dev libffi-dev python3-dev"
 
 # Check if directory/file already exists (path in argument)
 myynh_check_path () {

scripts/install

@@ -63,8 +63,9 @@ exec_as $app -H -s /bin/bash -c " \
 # set default configuration files
 ynh_replace_string "__PORT__" "$port" "../conf/homeassistant_conf_files/configuration.yaml"
 ynh_replace_string "__DOMAIN__" "$domain" "../conf/homeassistant_conf_files/configuration.yaml"
+chmod -R +x "../conf/homeassistant_conf_files/bin/"
 
-## move all homeassistant_conf_files
+# move all homeassistant_conf_files
 cp -r "../conf/homeassistant_conf_files/." "$data_path/"
 chown -R $app: "$data_path"