zwavejs websocket issue fixed, hass authelia, voicerss #19

Merged
ben merged 1 commits from hass into main 2022-10-07 17:13:06 +00:00
5 changed files with 61 additions and 31 deletions

View File

@ -15,4 +15,4 @@
name: hass name: hass
state: started state: started
restart: true restart: true
when: not hass_container.changed when: hass_container is not defined or not hass_container.changed

View File

@ -50,21 +50,6 @@
# hass + zwave # hass + zwave
- name: install certs
copy:
src: "/usr/local/etc/letsencrypt/live/{{ item }}"
dest: "/usr/local/etc/certs/"
owner: root
group: root
mode: 0755
tags:
- letsencrypt-certs
notify: reload nginx
vars:
prediff_cmd: echo
with_items:
- "{{ hass_url }}"
- name: create dir structure - name: create dir structure
file: file:
path: "{{ systemuserlist.hass.home }}/{{ item }}" path: "{{ systemuserlist.hass.home }}/{{ item }}"
@ -89,6 +74,8 @@
group: "{{ systemuserlist.hass.gid }}" group: "{{ systemuserlist.hass.gid }}"
mode: 0644 mode: 0644
notify: restart hass container notify: restart hass container
tags:
- hass-config
- name: home assistant secrets file - name: home assistant secrets file
template: template:
@ -97,8 +84,9 @@
owner: "{{ systemuserlist.hass.uid }}" owner: "{{ systemuserlist.hass.uid }}"
group: "{{ systemuserlist.hass.gid }}" group: "{{ systemuserlist.hass.gid }}"
mode: 0644 mode: 0644
no_log: true
notify: restart hass container notify: restart hass container
tags:
- hass-config
# docker run --run -it -p 8091:8091 -p 3000:3000 --network # docker run --run -it -p 8091:8091 -p 3000:3000 --network
#bridgewithdns --device /dev/ttyACM0:/dev/zwave -v #bridgewithdns --device /dev/ttyACM0:/dev/zwave -v
@ -131,6 +119,10 @@
# ip/dns changed or the container moved networks. it is not configured in a # ip/dns changed or the container moved networks. it is not configured in a
# config file either. so using localhost is the least fragile strategy. # config file either. so using localhost is the least fragile strategy.
- "127.0.0.1:3000:3000" - "127.0.0.1:3000:3000"
env:
#BASE_URL: "/zwavejs/"
SESSION_SECRET: "{{ zwavejs_session_secret }}"
ZWAVEJS_EXTERNAL_CONFIG: /usr/src/app/store/.config-db
mounts: mounts:
- type: bind - type: bind
source: "{{ systemuserlist.hass.home }}/zwavejs/app/store" source: "{{ systemuserlist.hass.home }}/zwavejs/app/store"
@ -168,6 +160,11 @@
- type: bind - type: bind
source: "{{ systemuserlist.hass.home }}/home-assistant/media" source: "{{ systemuserlist.hass.home }}/home-assistant/media"
target: /usr/var/media target: /usr/var/media
# from role: common
# only depends on requests, which hass image has
- type: bind
source: /usr/local/bin/authelia-auth.py
target: /usr/local/bin/authelia-auth.py
tags: tags:
- home-assistant - home-assistant
- home-assistant-container - home-assistant-container
@ -175,6 +172,21 @@
- docker-containers - docker-containers
register: hass_container register: hass_container
- name: install certs
copy:
src: "/usr/local/etc/letsencrypt/live/{{ item }}"
dest: "/usr/local/etc/certs/"
owner: root
group: root
mode: 0755
tags:
- letsencrypt-certs
notify: reload nginx
vars:
prediff_cmd: echo
with_items:
- "{{ hass_url }}"
- name: template nginx vhost for hass - name: template nginx vhost for hass
template: template:
src: 01-hass.j2 src: 01-hass.j2

View File

@ -1,6 +1,7 @@
map $http_upgrade $connection_upgrade { map $http_upgrade $connection_upgrade {
default upgrade; default upgrade;
'' upgrade; #default $http_connection;
'' close;
} }
server { server {
@ -10,7 +11,6 @@ server {
{% endif -%} {% endif -%}
include /etc/nginx/authelia_internal.conf; include /etc/nginx/authelia_internal.conf;
include listen-proxy-protocol.conf; include listen-proxy-protocol.conf;
include /etc/nginx/sudo-known.conf; include /etc/nginx/sudo-known.conf;
@ -19,7 +19,7 @@ server {
location / { location / {
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -35,20 +35,29 @@ server {
return 302 https://{{ hass_url }}{{ nginx_zwavejs_path }}/; return 302 https://{{ hass_url }}{{ nginx_zwavejs_path }}/;
} }
location {{ nginx_zwavejs_path }}/ { location {{ nginx_zwavejs_path }} {
include /etc/nginx/require_auth.conf; #add_header Access-Control-Allow-Origin "*" always;
# kill cache
add_header Last-Modified $date_gmt always;
add_header Cache-Control 'no-store' always;
if_modified_since off;
expires off;
etag off;
proxy_set_header X-External-Path {{ nginx_zwavejs_path }}; include /etc/nginx/require_auth.conf;
rewrite ^ $request_uri; rewrite ^ $request_uri;
rewrite '^{{ nginx_zwavejs_path }}(/.*)$' $1 break; rewrite '^{{ nginx_zwavejs_path }}(/.*)$' $1 break;
proxy_set_header X-External-Path {{ nginx_zwavejs_path }};
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
#proxy_socket_keepalive on;
proxy_pass http://{{ bridgewithdns.zwavejs }}:8091$uri; proxy_pass http://{{ bridgewithdns.zwavejs }}:8091$uri;
#proxy_pass http://{{ bridgewithdns.zwavejs }}:8091;
# for the special dashboard # for the special dashboard
# https://zwave-js.github.io/zwave-js-ui/#/usage/reverse-proxy?id=using-an-http-header # https://zwave-js.github.io/zwave-js-ui/#/usage/reverse-proxy?id=using-an-http-header
# proxy_set_header X-External-Path $http_x_ingress_path; # proxy_set_header X-External-Path $http_x_ingress_path;

View File

@ -66,9 +66,11 @@ scene: !include scenes.yaml
calendar: calendar:
- platform: caldav - platform: caldav
days: 30
username: !secret caldav_user username: !secret caldav_user
password: !secret caldav_passwd password: !secret caldav_passwd
url: !secret caldav_url # {{ hass_caldav.urls[0].name }}
url: {{ hass_caldav.urls[0].url }}
http: http:
# container runs with network_mode=host, so no network isolation. the docs say to not # container runs with network_mode=host, so no network isolation. the docs say to not
@ -78,11 +80,14 @@ http:
#server_host: 127.0.0.1 #server_host: 127.0.0.1
trusted_proxies: trusted_proxies:
- 127.0.0.1 - 127.0.0.1
- {{ bridgewithdns.host }}
- {{ bridgewithdns_cidr }}
use_x_forwarded_for: true use_x_forwarded_for: true
homeassistant: homeassistant:
auth_providers:
- type: command_line
command: /usr/local/bin/authelia-auth.py
args:
- {{ hass_url }}
name: Home name: Home
currency: EUR currency: EUR
unit_system: metric unit_system: metric
@ -121,3 +126,8 @@ sensor:
- platform: dwd_weather_warnings - platform: dwd_weather_warnings
# Stadt Berlin # Stadt Berlin
region_name: 811000000 region_name: 811000000
tts:
- platform: voicerss
api_key: !secret voicerss_api_key
- platform: google_translate

View File

@ -1,8 +1,7 @@
# Use this file to store secrets like usernames and passwords. # kind of dont need this file
# Learn more at https://www.home-assistant.io/docs/configuration/secrets/
some_password: welcome
caldav_user: "{{ hass_caldav.user }}" caldav_user: "{{ hass_caldav.user }}"
caldav_passwd: "{{ hass_caldav.passwd }}" caldav_passwd: "{{ hass_caldav.passwd }}"
caldav_url: https://{{ nextcloud_url }}/remote.php/dav/principals/users/{{ hass_caldav.user }}/
voicerss_api_key: {{ voicerss_api_key }}