docker: added home assistant

docker/README.md

@@ -1,23 +1,9 @@
-Homeserver Notes
+# Homeserver Notes
-================
-
-# Future Plan
-
-  - Add authentication frontend like Authentik which will handle the authentication
-  - Add Nextcloud
-  - Add Gitea
 
 # List of Service Running on Homeserver
 
-    - Adguard
 - Plex
-    - Sonarr
+- Home Assistant
-    - Radarr
-    - qbittorrent
-    - Portainer
-    - Jackett
-    - Jellyfin
-    - Wireguard
 
 # List of Basic CLI tools installed on server
 
@@ -32,7 +18,6 @@ Homeserver Notes
     - apt-transport-https
     - htop
 
-
 # Firewall Rules (Currently Disabled)
 
 I am using ufw to set different firewall rules. As I go I will update the rules
@@ -71,7 +56,6 @@ processor, we have HW transcoding. Here is the process to enable it:
 
     ```
 
-
 # Traefik Reverse proxy
 
 - Traefik is modern HTTP reverse proxy and load balancerthat can be used to route
@@ -81,7 +65,6 @@ processor, we have HW transcoding. Here is the process to enable it:
   and renewal for HTTPS automatically handle SSL certificate genertion
   and renewal for HTTPS.
 
-
 ## Configuration
 
 In order to get wildcard certificates from LetsEncrypt, I will be using DNS challange
@@ -90,6 +73,7 @@ the ownership of the domain by adding specific DNS records.
 
 To do that with cloudflare, I have created a new API token with name _CF_DNS_API_TOKEN_
 and saved it as docker secret under ~/docker/secrets directory
+
 ```
 # To save the appdata for traefik3, created the following folders
 mkdir -p ~/docker/appdata/traefik3/acme
@@ -103,7 +87,9 @@ chmod 600 acme.json  # without 600, Traefik will not start
 touch traefik.log
 touch access.log
 ```
+
 After creating the Docker Compose file, add these TLS options like this:
+
 ```
 # Under DOCKERDIR/appdata/traefik3/rules/udms/tls-opts.yml
 tls:
@@ -126,7 +112,9 @@ tls:
         - CurveP384
       sniStrict: true
 ```
+
 Add the middleware Basic Auth:
+
 ```
 # Under DOCKERDIR/appdata/traefik3/rules/udms/middlewares-basic-auth.yml
 http:
@@ -139,7 +127,9 @@ http:
         realm: "Traefik 3 Basic Auth"
 
 ```
+
 Add middleware rate limited to prevent DDoS attack
+
 ```
 # Under DOCKERDIR/appdata/traefik3/rules/udms/middlewares-rate-limit.yaml
 http:
@@ -149,7 +139,9 @@ http:
         average: 100
         burst: 50
 ```
+
 Add secure headers middleware
+
 ```
 # Under DOCKERDIR/appdata/traefik3/rules/udms/middlewares-secure-headers.yaml
 http:
@@ -186,6 +178,7 @@ Create a default Bridge network for the Traefik
 In order for qbittorrent container to use the wireguard VPN tunnel
 wireguard container has been added to the qbittorrent docker compose
 file.
+
 - qbittorrent container depends on the wireguard container. If
   wireguard container is down, qbittorrent network will not work.
 
@@ -203,8 +196,10 @@ file.
   # Forward traffic from the WireGuard container back to the host's port 9500
   sudo iptables -t nat -A POSTROUTING -p tcp -d 172.18.0.6 --dport 9500 -j MASQUERADE
   ```
+
 - We can check the host ip geolocation by the following command. In that way
   we can verify VPN is working.
+
   ```
   docker exec -it qbittorrent curl ipinfo.io
 
@@ -221,7 +216,9 @@ file.
     "readme": "https://ipinfo.io/missingauth"
   }
   ```
+
 - We can check the wireguard VPN connection status with the following command
+
   ```
   docker exec -it wireguard wg
 

docker/homeassistant.yaml

@@ -0,0 +1,12 @@
+services:
+  homeassistant:
+    container_name: homeassistant
+    image: ghcr.io/home-assistant/home-assistant:stable
+    restart: unless-stopped
+    network_mode: host
+    privileged: true
+    volumes:
+      - ${DOCKERDIR}/appdata/homeassistant:/config
+      - /etc/localtime:/etc/localtime:ro
+    # devices:
+    #   - /dev/serial/by-id/usb-Silicon_Labs_CP2102_USB_to_UART_Bridge_Controller_<ID>

infra/ansible/inventory/group_vars/vms.yaml

@@ -2,6 +2,7 @@ apt_packages:
   - curl
   - vim
   - htop
+  - nfs-common
 
 # Kubernetes k0sctl configuration vars
 master1_ip: "192.168.1.151"