diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index 9d0389a..0000000 --- a/conf/app.src +++ /dev/null @@ -1 +0,0 @@ -UPSTREAM_HA_VERSION=0.78.3 diff --git a/conf/homeassistant_conf_files/automations.yaml b/conf/homeassistant_conf_files/automations.yaml deleted file mode 100644 index 97ff5fc..0000000 --- a/conf/homeassistant_conf_files/automations.yaml +++ /dev/null @@ -1,3 +0,0 @@ -########################## -# Automations -########################## diff --git a/conf/homeassistant_conf_files/bin/upgrade_homeassistant.sh b/conf/homeassistant_conf_files/bin/upgrade_homeassistant.sh new file mode 100755 index 0000000..82d127a --- /dev/null +++ b/conf/homeassistant_conf_files/bin/upgrade_homeassistant.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# define usefull variables +app="homeassistant" +final_path="/opt/yunohost/$app" + +# stop homeassistant systemd service +#sudo systemctl stop $app@$app.service + +# create the virtual environment +python3 -m venv "$final_path" + +# activate the virtual environment +. "$final_path/bin/activate" + +# upgrade required python package +pip install --upgrade wheel + +# upgrade homeassistant python package +pip install --upgrade $app + +# restart homeassistant systemd service +sudo systemctl restart $app@$app.service diff --git a/conf/homeassistant_conf_files/bin/ynh_ldap-auth.sh b/conf/homeassistant_conf_files/bin/ynh_ldap-auth.sh new file mode 100755 index 0000000..4f091d0 --- /dev/null +++ b/conf/homeassistant_conf_files/bin/ynh_ldap-auth.sh @@ -0,0 +1,148 @@ +#!/bin/sh +# +# ldap-auth.sh - Simple shell script to authenticate users against LDAP +# + +# Uncomment to enable debugging to stderr (prints full client output +# and more). +#DEBUG=1 + +# Must be one of "curl" and "ldapsearch". +# NOTE: +# - When choosing "curl", make sure "curl --version | grep ldap" outputs +# something. Otherwise, curl was compiled without LDAP support. +# - When choosing "ldapsearch", make sure the ldapwhoami command is +# available as well, as that might be needed in some cases. +CLIENT="ldapsearch" + +# Usernames should be validated using a regular expression to be of +# a known format. Special characters will be escaped anyway, but it is +# generally not recommended to allow more than necessary. +# This pattern is set by default. In your config file, you can either +# overwrite it with a different one or use "unset USERNAME_PATTERN" to +# disable validation completely. +USERNAME_PATTERN='^[a-z|A-Z|0-9|_|-|.]+$' + +# Adapt to your needs. +SERVER="ldap://127.0.0.1:389" +USERDN="uid=$username,ou=users,dc=yunohost,dc=org" +BASEDN="$USERDN" +SCOPE="base" +FILTER="(&(uid=$username)(objectClass=posixAccount))" +NAME_ATTR="cn" +ATTRS="$ATTRS $NAME_ATTR" + +# When the timeout (in seconds) is exceeded (e.g. due to slow networking), +# authentication fails. +TIMEOUT=3 + +########## END OF CONFIGURATION ########## + + +########## SCRIPT CODE FOLLOWS, DON'T TOUCH! ########## + +# Log messages to log file. +log() { + echo "$(date)\t$1" >> $LOG_FILE +} + +# Check permission of ynh user. +ynh_user_app_permission() { + access=$(cat "/etc/ssowat/conf.json" | jq ".users."$username"" | grep "Home Assistant") + [ ! -z "$access" ] && return 1 + return 0 +} + +ldap_auth_ldapsearch() { + common_opts="-o nettimeout=$TIMEOUT -H $SERVER -x" + [ ! -z "$DEBUG" ] && common_opts="-v $common_opts" + output=$(ldapsearch $common_opts -LLL \ + -D "$USERDN" -w "$password" \ + -s "$SCOPE" -b "$BASEDN" "$FILTER" dn $ATTRS) + [ $? -ne 0 ] && return 1 + return 0 +} + +on_auth_success() { + # print the meta entries for use in HA + if [ ! -z "$NAME_ATTR" ]; then + name=$(echo "$output" | sed -nr "s/^\s*$NAME_ATTR:\s*(.+)\s*\$/\1/Ip") + [ -z "$name" ] || echo "name=$name" + fi +} + +# Reset log file. +if [ ! -z "$DEBUG" ]; then + LOG_FILE=$(cd -P -- "$(dirname -- "$0")" && pwd -P)"/ldap-auth.log" + [ -f "$LOG_FILE" ] && :> "$LOG_FILE" +fi + +# Check app access permisssion for the ynh user. +ynh_user_app_permission +if [ $? -eq 0 ]; then + [ ! -z "$DEBUG" ] && log "User '$username' does not have the permission to access these app." + exit 1 +else + [ ! -z "$DEBUG" ] && log "User '$username' have the permission to access these app." +fi + +# Validate config. +err=0 +if [ -z "$SERVER" ] || [ -z "$USERDN" ]; then + [ ! -z "$DEBUG" ] && log "SERVER and USERDN need to be configured." + err=1 +fi +if [ -z "$TIMEOUT" ]; then + [ ! -z "$DEBUG" ] && log "TIMEOUT needs to be configured." + err=1 +fi +if [ ! -z "$BASEDN" ]; then + if [ -z "$SCOPE" ] || [ -z "$FILTER" ]; then + [ ! -z "$DEBUG" ] && log "BASEDN, SCOPE and FILTER may only be configured together." + err=1 + fi +elif [ ! -z "$ATTRS" ]; then + [ ! -z "$DEBUG" ] && log "Configuring ATTRS only makes sense when enabling searching." + err=1 +fi + +# Check username and password are present and not malformed. +if [ -z "$username" ] || [ -z "$password" ]; then + [ ! -z "$DEBUG" ] && log "Need username and password environment variables." + err=1 +elif [ ! -z "$USERNAME_PATTERN" ]; then + username_match=$(echo "$username" | sed -r "s/$USERNAME_PATTERN/x/") + if [ "$username_match" != "x" ]; then + [ ! -z "$DEBUG" ] && log "Username '$username' has an invalid format." + err=1 + fi +fi + +[ $err -ne 0 ] && exit 2 + +# Do the authentication. +ldap_auth_ldapsearch +result=$? + +entries=0 +if [ $result -eq 0 ]; then + entries=$(echo "$output" | grep -cie '^dn\s*:') + [ "$entries" != "1" ] && result=1 +fi + +if [ ! -z "$DEBUG" ]; then + log "Result: $result" + log "Number of entries: $entries" + log "Client output:" + log "$output" +fi + +if [ $result -ne 0 ]; then + [ ! -z "$DEBUG" ] && log "User '$username' failed to authenticate." + type on_auth_failure > /dev/null && on_auth_failure + exit 1 +fi + +[ ! -z "$DEBUG" ] && log "User '$username' authenticated successfully." +type on_auth_success > /dev/null && on_auth_success +exit 0 diff --git a/conf/homeassistant_conf_files/configuration.yaml b/conf/homeassistant_conf_files/configuration.yaml index e4d3488..5a9d2a8 100644 --- a/conf/homeassistant_conf_files/configuration.yaml +++ b/conf/homeassistant_conf_files/configuration.yaml @@ -1,60 +1,51 @@ homeassistant: - # Auth providers - #auth_providers: - # - type: homeassistant - # - type: trusted_networks - # - type: legacy_api_password - # Name of the location where Home Assistant is running + auth_providers: + - type: command_line + command: /home/homeassistant/.homeassistant/bin/ynh_ldap-auth.sh + meta: true + - type: homeassistant + - type: trusted_networks + trusted_networks: + - 127.0.0.1 + - ::1 + - 192.168.0.0/24 + - fd00::/8 name: Home - # Location required to calculate the time the sun rises and sets latitude: 0 longitude: 0 - # Impacts weather/sunrise data (altitude above sea level in meters) elevation: 0 - # metric for Metric, imperial for Imperial unit_system: metric - # Pick yours from here: http://en.wikipedia.org/wiki/List_of_tz_database_time_zones time_zone: UTC - # Customization file - customize: !include customize.yaml http: - # Uncomment this if you are using SSL/TLS, running in Docker container, etc. base_url: __DOMAIN__:__PORT__ server_port: __PORT__ - cors_allowed_origins: - - https://google.com - - https://www.home-assistant.io use_x_forwarded_for: True trusted_proxies: - 127.0.0.1 - ::1 ip_ban_enabled: True login_attempts_threshold: 5 - # If trusted_networks is active as auth_provider - trusted_networks: - - 192.168.0.0/24 - - fd00::/8 - # If legacy_api_password is active as auth_provider - #api_password: !secret http_password + +# Lovelace mode +lovelace: + mode: yaml # Show links to resources in log and frontend introduction: # Enables the frontend frontend: + javascript_version: latest # Enables configuration UI config: +# Enables health +system_health: + # Checks for available updates -# Note: This component will send some information about your system to -# the developers to assist with development of Home Assistant. -# For more information, please see: -# https://home-assistant.io/blog/2016/10/25/explaining-the-updater/ updater: - # Optional, allows Home Assistant developers to focus on popular components. - # include_used_components: true # Discover some devices automatically discovery: @@ -81,8 +72,28 @@ tts: # Cloud cloud: -# Display -group: !include groups.yaml -automation: !include automations.yaml -script: !include scripts.yaml -sensor: !include sensors.yaml +# Sensors +sensor: + - platform: version + - platform: rest + resource: https://pypi.python.org/pypi/homeassistant/json + name: "Latest Available Version" + value_template: '{{ value_json.info.version }}' + scan_interval: 3600 + +# Binary sensors +binary_sensor: + - platform: template + sensors: + ha_update_available: + friendly_name: An update is available + value_template: >- + {{states.sensor.latest_available_version.state != "unavailable" and states.sensor.latest_available_version.state != states.sensor.current_version.state}} + +# Switches +switch: + - platform: command_line + switches: + upgrade_homeassistant: + command_on: "bash -c /home/homeassistant/.homeassistant/bin/upgrade_homeassistant.sh" + friendly_name: Upgrade Home Assistant diff --git a/conf/homeassistant_conf_files/customize.yaml b/conf/homeassistant_conf_files/customize.yaml deleted file mode 100644 index ca0f867..0000000 --- a/conf/homeassistant_conf_files/customize.yaml +++ /dev/null @@ -1,3 +0,0 @@ -########################## -# Customizations -########################## diff --git a/conf/homeassistant_conf_files/groups.yaml b/conf/homeassistant_conf_files/groups.yaml deleted file mode 100644 index 5781254..0000000 --- a/conf/homeassistant_conf_files/groups.yaml +++ /dev/null @@ -1,3 +0,0 @@ -########################## -# Groups -########################## diff --git a/conf/homeassistant_conf_files/known_devices.yaml b/conf/homeassistant_conf_files/known_devices.yaml deleted file mode 100644 index d7eda4a..0000000 --- a/conf/homeassistant_conf_files/known_devices.yaml +++ /dev/null @@ -1,3 +0,0 @@ -########################## -# Known Devices -########################## diff --git a/conf/homeassistant_conf_files/scripts.yaml b/conf/homeassistant_conf_files/scripts.yaml deleted file mode 100644 index 52c904b..0000000 --- a/conf/homeassistant_conf_files/scripts.yaml +++ /dev/null @@ -1,3 +0,0 @@ -########################## -# Scripts -########################## diff --git a/conf/homeassistant_conf_files/secrets.yaml b/conf/homeassistant_conf_files/secrets.yaml deleted file mode 100644 index 7c0124d..0000000 --- a/conf/homeassistant_conf_files/secrets.yaml +++ /dev/null @@ -1,3 +0,0 @@ -# Use this file to store secrets like usernames and passwords. -# Learn more at https://home-assistant.io/docs/configuration/secrets/ -http_password: diff --git a/conf/homeassistant_conf_files/sensors.yaml b/conf/homeassistant_conf_files/sensors.yaml deleted file mode 100644 index 1dad596..0000000 --- a/conf/homeassistant_conf_files/sensors.yaml +++ /dev/null @@ -1,3 +0,0 @@ -########################## -# Sensors -########################## diff --git a/scripts/_common.sh b/scripts/_common.sh index 0b5a468..b32d5cf 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,7 +3,7 @@ # # Package dependencies -PKG_DEPENDENCIES="python3 python3-venv python3-pip" +PKG_DEPENDENCIES="python3 python3-venv python3-pip build-essential libssl-dev libffi-dev python3-dev" # Check if directory/file already exists (path in argument) myynh_check_path () { diff --git a/scripts/install b/scripts/install index 805b846..230d171 100644 --- a/scripts/install +++ b/scripts/install @@ -63,8 +63,9 @@ exec_as $app -H -s /bin/bash -c " \ # set default configuration files ynh_replace_string "__PORT__" "$port" "../conf/homeassistant_conf_files/configuration.yaml" ynh_replace_string "__DOMAIN__" "$domain" "../conf/homeassistant_conf_files/configuration.yaml" +chmod -R +x "../conf/homeassistant_conf_files/bin/" -## move all homeassistant_conf_files +# move all homeassistant_conf_files cp -r "../conf/homeassistant_conf_files/." "$data_path/" chown -R $app: "$data_path"