Buster

conf/app.src

@@ -1 +0,0 @@
-UPSTREAM_HA_VERSION=0.78.3

conf/homeassistant_conf_files/automations.yaml

@@ -1,3 +0,0 @@
-##########################
-# Automations
-##########################

conf/homeassistant_conf_files/bin/upgrade_homeassistant.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# define usefull variables
+app="homeassistant"
+final_path="/opt/yunohost/$app"
+
+# stop homeassistant systemd service
+#sudo systemctl stop $app@$app.service
+
+# create the virtual environment
+python3 -m venv "$final_path"
+
+# activate the virtual environment
+. "$final_path/bin/activate"
+
+# upgrade required python package
+pip install --upgrade wheel
+
+# upgrade homeassistant python package
+pip install --upgrade $app
+
+# restart homeassistant systemd service
+sudo systemctl restart $app@$app.service

conf/homeassistant_conf_files/bin/ynh_ldap-auth.sh

@@ -0,0 +1,148 @@
+#!/bin/sh
+#
+# ldap-auth.sh - Simple shell script to authenticate users against LDAP
+#
+
+# Uncomment to enable debugging to stderr (prints full client output
+# and more).
+#DEBUG=1
+
+# Must be one of "curl" and "ldapsearch".
+# NOTE:
+# - When choosing "curl", make sure "curl --version | grep ldap" outputs
+#   something. Otherwise, curl was compiled without LDAP support.
+# - When choosing "ldapsearch", make sure the ldapwhoami command is
+#   available as well, as that might be needed in some cases.
+CLIENT="ldapsearch"
+
+# Usernames should be validated using a regular expression to be of
+# a known format. Special characters will be escaped anyway, but it is
+# generally not recommended to allow more than necessary.
+# This pattern is set by default. In your config file, you can either
+# overwrite it with a different one or use "unset USERNAME_PATTERN" to
+# disable validation completely.
+USERNAME_PATTERN='^[a-z|A-Z|0-9|_|-|.]+$'
+
+# Adapt to your needs.
+SERVER="ldap://127.0.0.1:389"
+USERDN="uid=$username,ou=users,dc=yunohost,dc=org"
+BASEDN="$USERDN"
+SCOPE="base"
+FILTER="(&(uid=$username)(objectClass=posixAccount))"
+NAME_ATTR="cn"
+ATTRS="$ATTRS $NAME_ATTR"
+
+# When the timeout (in seconds) is exceeded (e.g. due to slow networking),
+# authentication fails.
+TIMEOUT=3
+
+########## END OF CONFIGURATION ##########
+
+
+########## SCRIPT CODE FOLLOWS, DON'T TOUCH!  ##########
+
+# Log messages to log file.
+log() {
+	echo "$(date)\t$1" >> $LOG_FILE
+}
+
+# Check permission of ynh user.
+ynh_user_app_permission() {
+	access=$(cat "/etc/ssowat/conf.json" | jq ".users."$username"" | grep "Home Assistant")
+	[ ! -z "$access" ] && return 1
+	return 0
+}
+
+ldap_auth_ldapsearch() {
+	common_opts="-o nettimeout=$TIMEOUT -H $SERVER -x"
+	[ ! -z "$DEBUG" ] && common_opts="-v $common_opts"
+	output=$(ldapsearch $common_opts -LLL \
+		-D "$USERDN" -w "$password" \
+		-s "$SCOPE" -b "$BASEDN" "$FILTER" dn $ATTRS)
+	[ $? -ne 0 ] && return 1
+	return 0
+}
+
+on_auth_success() {
+	# print the meta entries for use in HA
+	if [ ! -z "$NAME_ATTR" ]; then
+		name=$(echo "$output" | sed -nr "s/^\s*$NAME_ATTR:\s*(.+)\s*\$/\1/Ip")
+		[ -z "$name" ] || echo "name=$name"
+	fi
+}
+
+# Reset log file.
+if [ ! -z "$DEBUG" ]; then
+	LOG_FILE=$(cd -P -- "$(dirname -- "$0")" && pwd -P)"/ldap-auth.log"
+	[ -f "$LOG_FILE" ] && :> "$LOG_FILE"
+fi
+
+# Check app access permisssion for the ynh user.
+ynh_user_app_permission
+if [ $? -eq 0 ]; then
+	[ ! -z "$DEBUG" ] && log "User '$username' does not have the permission to access these app."
+	exit 1
+else
+	[ ! -z "$DEBUG" ] && log "User '$username' have the permission to access these app."
+fi
+
+# Validate config.
+err=0
+if [ -z "$SERVER" ] || [ -z "$USERDN" ]; then
+	[ ! -z "$DEBUG" ] && log "SERVER and USERDN need to be configured."
+	err=1
+fi
+if [ -z "$TIMEOUT" ]; then
+	[ ! -z "$DEBUG" ] && log "TIMEOUT needs to be configured."
+	err=1
+fi
+if [ ! -z "$BASEDN" ]; then
+	if [ -z "$SCOPE" ] || [ -z "$FILTER" ]; then
+		[ ! -z "$DEBUG" ] && log "BASEDN, SCOPE and FILTER may only be configured together."
+		err=1
+	fi
+elif [ ! -z "$ATTRS" ]; then
+	[ ! -z "$DEBUG" ] && log "Configuring ATTRS only makes sense when enabling searching."
+	err=1
+fi
+
+# Check username and password are present and not malformed.
+if [ -z "$username" ] || [ -z "$password" ]; then
+	[ ! -z "$DEBUG" ] && log "Need username and password environment variables."
+	err=1
+elif [ ! -z "$USERNAME_PATTERN" ]; then
+	username_match=$(echo "$username" | sed -r "s/$USERNAME_PATTERN/x/")
+	if [ "$username_match" != "x" ]; then
+		[ ! -z "$DEBUG" ] && log "Username '$username' has an invalid format."
+		err=1
+	fi
+fi
+
+[ $err -ne 0 ] && exit 2
+
+# Do the authentication.
+ldap_auth_ldapsearch
+result=$?
+
+entries=0
+if [ $result -eq 0 ]; then
+	entries=$(echo "$output" | grep -cie '^dn\s*:')
+	[ "$entries" != "1" ] && result=1
+fi
+
+if [ ! -z "$DEBUG" ]; then
+	log "Result: $result"
+	log "Number of entries: $entries"
+	log "Client output:"
+	log "$output"
+fi
+
+if [ $result -ne 0 ]; then
+	[ ! -z "$DEBUG" ] && log "User '$username' failed to authenticate."
+	type on_auth_failure > /dev/null && on_auth_failure
+	exit 1
+fi
+
+[ ! -z "$DEBUG" ] && log "User '$username' authenticated successfully."
+type on_auth_success > /dev/null && on_auth_success
+exit 0

conf/homeassistant_conf_files/configuration.yaml

@@ -1,60 +1,48 @@
 homeassistant:
-  # Auth providers
-  #auth_providers:
-  # - type: homeassistant
-  # - type: trusted_networks
-  # - type: legacy_api_password
-  # Name of the location where Home Assistant is running
+  auth_providers:
+   - type: command_line
+     command: /home/homeassistant/.homeassistant/bin/ynh_ldap-auth.sh
+     meta: true
+   - type: homeassistant
+   - type: trusted_networks
+     trusted_networks:
+       - 127.0.0.1 
+       - ::1 
+       - 192.168.0.0/24 
+       - fd00::/8
   name: Home
-  # Location required to calculate the time the sun rises and sets
   latitude: 0
   longitude: 0
-  # Impacts weather/sunrise data (altitude above sea level in meters)
   elevation: 0
-  # metric for Metric, imperial for Imperial
   unit_system: metric
-  # Pick yours from here: http://en.wikipedia.org/wiki/List_of_tz_database_time_zones
   time_zone: UTC
-  # Customization file
-  customize: !include customize.yaml
 
 http:
-  # Uncomment this if you are using SSL/TLS, running in Docker container, etc.
   base_url: __DOMAIN__:__PORT__
   server_port: __PORT__
-  cors_allowed_origins:
-    - https://google.com
-    - https://www.home-assistant.io
   use_x_forwarded_for: True
   trusted_proxies:
     - 127.0.0.1
     - ::1
   ip_ban_enabled: True
   login_attempts_threshold: 5
-  # If trusted_networks is active as auth_provider 
-  trusted_networks:
-    - 192.168.0.0/24
-    - fd00::/8
-  # If legacy_api_password is active as auth_provider 
-  #api_password: !secret http_password
 
-# Show links to resources in log and frontend
-introduction:
+# Lovelace mode
+lovelace:
+  mode: yaml
 
 # Enables the frontend
 frontend:
+  javascript_version: latest
 
 # Enables configuration UI
 config:
 
+# Enables health
+system_health:
+
 # Checks for available updates
-# Note: This component will send some information about your system to
-# the developers to assist with development of Home Assistant.
-# For more information, please see:
-# https://home-assistant.io/blog/2016/10/25/explaining-the-updater/
 updater:
-  # Optional, allows Home Assistant developers to focus on popular components.
-  # include_used_components: true
 
 # Discover some devices automatically
 discovery:
@@ -81,8 +69,28 @@ tts:
 # Cloud
 cloud:
 
-# Display
-group: !include groups.yaml
-automation: !include automations.yaml
-script: !include scripts.yaml
-sensor: !include sensors.yaml
+# Sensors
+sensor:
+  - platform: version
+  - platform: rest
+    resource: https://pypi.python.org/pypi/homeassistant/json
+    name: "Latest Available Version"
+    value_template: '{{ value_json.info.version }}'
+    scan_interval: 3600
+
+# Binary sensors
+binary_sensor:
+  - platform: template
+    sensors:
+      ha_update_available:
+        friendly_name: An update is available
+        value_template: >-
+            {{states.sensor.latest_available_version.state != "unavailable" and states.sensor.latest_available_version.state != states.sensor.current_version.state}}
+
+# Switches
+switch:
+  - platform: command_line
+    switches:   
+      upgrade_homeassistant:
+        command_on: "bash -c /home/homeassistant/.homeassistant/bin/upgrade_homeassistant.sh"
+        friendly_name: Upgrade Home Assistant

conf/homeassistant_conf_files/customize.yaml

@@ -1,3 +0,0 @@
-##########################
-# Customizations
-##########################

conf/homeassistant_conf_files/groups.yaml

@@ -1,3 +0,0 @@
-##########################
-# Groups
-##########################

conf/homeassistant_conf_files/known_devices.yaml

@@ -1,3 +0,0 @@
-##########################
-# Known Devices
-##########################

conf/homeassistant_conf_files/scripts.yaml

@@ -1,3 +0,0 @@
-##########################
-# Scripts
-##########################

conf/homeassistant_conf_files/secrets.yaml

@@ -1,3 +0,0 @@
-# Use this file to store secrets like usernames and passwords.
-# Learn more at https://home-assistant.io/docs/configuration/secrets/
-http_password: 

conf/homeassistant_conf_files/sensors.yaml

@@ -1,3 +0,0 @@
-##########################
-# Sensors
-##########################

manifest.json

@@ -38,6 +38,10 @@
           "en": "Should this application be public ? (if not, Smartphone app will not work)",
           "fr": "Est-ce que cette application doit être visible publiquement ? (dans le cas contraire, l'application sur Smartphone ne fonctionnera pas)"
         },
+        "help": {
+          "en": "If not public, Smartphone app will not work",
+          "fr": "Dans le cas contraire, l'application sur Smartphone ne fonctionnera pas"
+        },
         "default": true
       }
     ]

scripts/_common.sh

@@ -3,7 +3,7 @@
 #
 
 # Package dependencies
-PKG_DEPENDENCIES="python3 python3-venv python3-pip"
+PKG_DEPENDENCIES="python3 python3-venv python3-pip build-essential libssl-dev libffi-dev python3-dev"
 
 # Check if directory/file already exists (path in argument)
 myynh_check_path () {

scripts/install

@@ -17,38 +17,41 @@ home_path="/home/$app"
 data_path="/home/$app/.$app"
 
 # check domain/path availability
+ynh_script_progression --message="Validating installation parameters..."
 path_url=$(ynh_normalize_url_path "/")
 ynh_webpath_available "$domain" "$path_url" || ynh_die "$domain/$path_url is not available, please use an other domain."
 ynh_webpath_register $app "$domain" "$path_url"
 
 # add required packages
+ynh_script_progression --message="Installing dependencies..."
 ynh_install_app_dependencies "$PKG_DEPENDENCIES"
 
 # save app settings
+ynh_script_progression --message="Storing installation settings..."
 ynh_app_setting_set $app domain "$domain"
 ynh_app_setting_set $app is_public $is_public
 
 # find a free port & open it
+ynh_script_progression --message="Looking for a free port and opening it..."
 port=$(ynh_find_port 8123)
 ynh_app_setting_set $app port $port
 ynh_exec_fully_quiet yunohost firewall allow TCP $port
 
 # create a dedicated system user
+ynh_script_progression --message="Creating dedicated user, rights and folders..."
 ynh_system_user_create $app
-
-# grant sudo permissions to the user to manage his own systemd service
+## grant sudo permissions to the user to manage his own systemd service
 myynh_create_dir "/etc/sudoers.d"
 cp "../conf/sudoers" "/etc/sudoers.d/$app"
-
-# create a directory for the installation of Home Assistant
+## create a directory for the installation of Home Assistant
 myynh_create_dir "$final_path"
 chown $app: "$final_path"
-
-# create a directory for the datas of Home Assistant
+## create a directory for the datas of Home Assistant
 myynh_create_dir "$data_path"
 chown -R $app: "$home_path"
 
 # installation in a virtual environment
+ynh_script_progression --message="Installing Home Assistant in a virtual environment..."
 exec_as $app -H -s /bin/bash -c " \
 	echo 'create the virtual environment' \
 		&& python3 -m venv "$final_path" \
@@ -61,32 +64,38 @@ exec_as $app -H -s /bin/bash -c " \
 	"
 
 # set default configuration files
+ynh_script_progression --message="Configuring the installation..."
 ynh_replace_string "__PORT__" "$port" "../conf/homeassistant_conf_files/configuration.yaml"
 ynh_replace_string "__DOMAIN__" "$domain" "../conf/homeassistant_conf_files/configuration.yaml"
-
+chmod -R +x "../conf/homeassistant_conf_files/bin/"
 ## move all homeassistant_conf_files
 cp -r "../conf/homeassistant_conf_files/." "$data_path/"
 chown -R $app: "$data_path"
 
 # setup up autostart using systemd
+ynh_script_progression --message="Adding the dedicated service..."
 ynh_add_systemd_config "$app@$app"
-
-# add service in admin panel
-yunohost service add "$app@$app" --log "$data_path/home-assistant.log"
+## add service in admin panel
+yunohost service add "$app@$app" --log "$data_path/home-assistant.log" --description "Home Assistant server"
 
 # enable & restart systemd service
+ynh_script_progression --message="Starting the Home Assistant server..."
 ynh_system_reload --service_name="$app@$app" --action=enable
 ynh_check_starting --line_to_match="Home Assistant initialized" --app_log="systemd" --timeout=1000 --service_name="$app@$app"
 
 # create a dedicated nginx config
+ynh_script_progression --message="Configuring nginx web server..."
 ynh_add_nginx_config
-
-# reload nginx
+## reload nginx
 ynh_system_reload --service_name=nginx
 
 # unprotect app access if public (needed for Android app to work)
+ynh_script_progression --message="Configuring SSOwat..."
 [ $is_public -eq 1 ] && ynh_app_setting_set $app unprotected_uris "/"
 
 # alert about administrator creator
 message="Your installation is not yet secure : please, IMMEDIATELY go to $domain in order to create the admin user of Home Assistant."
+ynh_script_progression --message="$message"
 ynh_send_readme_to_admin --app_message="$message" --recipients="root"
+
+ynh_script_progression --message="Installation of $app completed" --last

scripts/restore

@@ -47,6 +47,7 @@ fi
 if [ ! -d "$home_path" ]; then
         ynh_restore_file "$home_path"
         chown -R $app: "$home_path"
+        chmod -R +x "$home_path/.homeassistant/bin"
 else
         ynh_die "$home_path already exists and will not be overwritten"
 fi
@@ -56,7 +57,7 @@ fi
 ynh_exec_fully_quiet yunohost firewall allow TCP $port
 
 # add service in admin panel
-yunohost service add "$app@$app" --log "$data_path/home-assistant.log"
+yunohost service add "$app@$app" --log "$data_path/home-assistant.log" --description "Home Assistant server"
 
 # enable & restart systemd service
 ynh_system_reload --service_name="$app@$app" --action=enable