Advertisement
finity69x2

Home Assistant Install In Virtual Env On NUC with Debian 9

Jan 31st, 2019
1,757
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. NUC Installation in python venv
  2.  
  3. Throughout this procedure you'll need to add your personal details to different sections. Replace anything that has anything between "<...>" or where it says "your" in it.
  4.  
  5. Install Debian 9 Desktop:
  6.  
  7. use win32diskimager to create a live cd on USB stick
  8.  
  9. If needed, follow the instructions for UEFI boot repair from:
  10. https://arstechnica.com/gadgets/2014/02/linux-on-the-nuc-using-ubuntu-mint-fedora-and-the-steamos-beta/
  11.  
  12. install from USB live but don’t reboot.
  13.  
  14. Open terminal and the do the following:
  15. $ sudo mount /dev/sda1 /mnt
  16. $ sudo mkdir /mnt/EFI/BOOT
  17. $ sudo cp /mnt/EFI/ubuntu/* /mnt/EFI/BOOT
  18. $ sudo mv /mnt/EFI/BOOT/grubx64.efi /mnt/EFI/BOOT/bootx64.efi
  19.  
  20. - reboot
  21.  
  22. Add user to sudoers file:
  23.  
  24. $ su
  25. Enter root password
  26. $ adduser <username> sudo
  27. $ exit
  28.  
  29. - reboot
  30.  
  31. install openssh-server from command line:
  32. $ sudo apt-get install openssh-server
  33.  
  34. install Putty on the computer you will use to run terminal commands on the HA machine if necessary.
  35.  
  36. Set up a Key for encrypting SSH:
  37.  
  38. Generate key using puttygen
  39.  
  40. Create a new .ssh directory (if not already created by default…)
  41. $ mkdir .ssh
  42.  
  43. Change permissions on .ssh to 700 (if not done by default…)
  44. $ chmod 700 .ssh
  45.  
  46. Create a file called “authorized_keys” using nano
  47. $ nano ~/.ssh/authorized_keys
  48.  
  49. Copy and paste the entire key from puttygen
  50.  
  51. - Save file
  52.  
  53. Change permissions of “authorized_keys” to 600
  54. $ chmod 600 ~/.ssh/authorized_keys
  55.  
  56. Restart SSH service
  57. $ sudo service ssh restart
  58.  
  59. Exit putty session
  60.  
  61. Run Putty and before connecting open saved session info & add key to “auth” under SSH
  62.  
  63. Connect via SSH using Putty to test that the key is working
  64.  
  65. Change ssh to not allow password login
  66. $ sudo nano /etc/ssh/sshd_config
  67.  
  68. Add the following line to the end:
  69.  
  70. PasswordAuthentication no
  71.  
  72. - Save
  73.  
  74. Restart ssh service
  75. $ sudo service ssh restart
  76.  
  77. Get rid of iv6
  78. $ sudo nano /etc/sysctl.conf
  79.  
  80. Add:
  81. net.ipv6.conf.all.disable_ipv6=1
  82.  
  83. Save file
  84.  
  85. Commit changes
  86. $ sudo sysctl -p
  87.  
  88.  
  89. Install & Setup WinSCP on computer you will use to edit configuration files:
  90.  
  91. - Give WinSCP the ability to edit files:
  92.  
  93. Select SCP/Shell under Environment
  94. Select profile.
  95. Select edit.
  96. Select advanced.
  97. Under Shell on the left select “bin/bash“
  98.  
  99. - After authorized keys from above is complete:
  100.  
  101. Select profile.
  102. Select edit.
  103. Select advanced.
  104. Select Authentication under SSH on the left
  105. Enter location of private key that you created and saved from Puttygen
  106.  
  107.  
  108. Install curl:
  109.  
  110. $ sudo apt install curl
  111.  
  112.  
  113. Setup duckdns if desired:
  114.  
  115. create a dynamic dns name (using duckdns.org)
  116.  
  117. yourdomain.duckdns.org
  118. yourdomain2.duckdns.org (if desired, you only need one)
  119. token = xxxxxxxxxxxxxxxxxxxxxxx
  120.  
  121. install duckdns
  122.  
  123. $ mkdir duckdns
  124. $ cd duckdns
  125. $ nano duck.sh
  126.  
  127. create an update script by entering the following:
  128.  
  129. echo url="https://www.duckdns.org/update?domains=yourdomain,yourdomain2&token=xxxxxxxxxxxip=" | curl -k -o ~/duckdns/duck.log -K -
  130.  
  131. save file
  132.  
  133. change permissions on file
  134.  
  135. $ sudo chmod 700 duck.sh
  136.  
  137. set it to update the public ip every 5 minutes
  138.  
  139. $ sudo crontab -e
  140.  
  141. Pick default editor (selection 1)
  142.  
  143. Add line:
  144.  
  145. */5 * * * * ~/duckdns/duck.sh >/dev/null 2>&1
  146.  
  147. Save file
  148.  
  149. Test the file
  150.  
  151. $ ./duck.sh
  152. $ cat duck.log
  153.  
  154. Should see ‘OK’
  155.  
  156.  
  157. Install git:
  158. $ sudo apt-get update
  159. $ sudo apt-get upgrade
  160. $ sudo apt-get install git
  161.  
  162.  
  163. Install Home Assistant in venv:
  164.  
  165. Do the following as a regular user (not root):
  166.  
  167. $ sudo apt-get update
  168. $ sudo apt-get upgrade
  169. $ sudo apt-get install python-pip python3-dev
  170. $ sudo pip install --upgrade virtualenv
  171. $ sudo adduser --system homeassistant
  172. $ sudo addgroup homeassistant
  173. $ sudo usermod -G dialout -a homeassistant
  174. $ sudo mkdir /srv/homeassistant
  175. $ sudo chown homeassistant:homeassistant /srv/homeassistant
  176.  
  177. Switch to the homeassistant user:
  178.  
  179. $ sudo su -s /bin/bash homeassistant
  180.  
  181.  
  182. Create a new virtual environment:
  183.  
  184. $ virtualenv -p python3 /srv/homeassistant
  185.  
  186.  
  187. Activate the venv:
  188.  
  189. $ source /srv/homeassistant/bin/activate
  190.  
  191.  
  192. Run the following command to install Home Assistant inside the virtualenv container:
  193.  
  194. $ pip3 install --upgrade homeassistant
  195.  
  196. Start Home Assistant manually with the "hass" command to make sure that it works as expected:
  197.  
  198. $ hass
  199.  
  200. You should get a bunch of console output with no obvious error messages. To confirm that it's working, open a web browser on a computer on the same network and navigate to http://<ip_address>:8123, which is the default web server port for Home Assistant.
  201.  
  202. If you see the default webpage, you've successfully installed Home Assistant. Now press Ctrl+C in the terminal to exit the process and return to the shell, and exit the virtualenv sub-shell with the following command:
  203.  
  204. $ exit
  205.  
  206.  
  207. To setup Homeassistant to start at boot create the service file with the following command:
  208.  
  209. $ sudo nano /lib/systemd/system/home-assistant@homeassistant.service
  210.  
  211. Now, paste the following content into the new file:
  212.  
  213. [Unit]
  214. Description=Home Assistant
  215. After=network.target
  216.  
  217. [Service]
  218. Type=simple
  219. User=%i
  220. ExecStart=/srv/homeassistant/bin/hass -c "/home/homeassistant/.homeassistant"
  221.  
  222. [Install]
  223. WantedBy=multi-user.target
  224.  
  225.  
  226. #
  227. # Service file for systems with systemd to run Home Assistant as the homeassistant user.
  228. #
  229.  
  230. [Unit]
  231. Description=Home Assistant for %i
  232. After=network.target
  233.  
  234. [Service]
  235. Type=simple
  236. User=%i
  237. ExecStart=/srv/homeassistant/bin/hass
  238. SendSIGKILL=no
  239.  
  240. [Install]
  241. WantedBy=multi-user.target
  242.  
  243.  
  244. Save it.
  245.  
  246. Then, create a symlink from this file to the "active" systemd location, reload the systemd configuration, and start the service:
  247.  
  248. $ sudo ln -s /lib/systemd/system/home-assistant@homeassistant.service /etc/systemd/system/home-assistant@homeassistant.service
  249. $ sudo systemctl --system daemon-reload
  250. $ sudo systemctl enable home-assistant@homeassistant.service
  251. $ sudo systemctl start home-assistant@homeassistant.service
  252.  
  253. You should now be able to open or refresh the same browser window from before and access the Home Assistant web GUI. It might take a few seconds to become available. You can verify that it starts automatically by completely rebooting the system, but this is not strictly necessary.
  254.  
  255. The default config files should automatically be created at the /home/homeassistant/.homeassistant directory.
  256.  
  257. After adding current configuration files to the new homeassistant config folders makes sure to set owner back to the homeassistant user:
  258.  
  259. $ sudo chown -R homeassistant:homeassistant /home/homeassistant
  260.  
  261. And add read/write privileges to the home assistant config folders for your user (<username>):
  262.  
  263. $ sudo setfacl -R -m u:<username>:rwx /home/homeassistant/.homeassistant
  264.  
  265.  
  266.  
  267. Setup letsencrypt using the instructions here:
  268.  
  269. https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt
  270.  
  271. Set up DuckDNS
  272.  
  273. Set up a port forwarding to your HomeAssistant server. Set a forwarding for port 8123 to the internal HA IP on port 8123.
  274.  
  275. Before continuing, make sure your HomeAssistant is now available via http://yourdomain.duckdns.org or whatever domain you set up.
  276.  
  277. Setting up Dehydrated
  278.  
  279. First get a copy of the current dehydrated script.
  280.  
  281. $ git clone https://github.com/lukas2511/dehydrated.git
  282.  
  283. Now change into the new dehydrated directory and create a new domains.txt file containing your duckdns domain name:
  284.  
  285. $ nano domains.txt
  286.  
  287. Add:
  288.  
  289. yourdomain.duckdns.org
  290.  
  291. save & exit file
  292.  
  293. We also need a config file containing the following:
  294.  
  295. $ nano config
  296.  
  297. Add:
  298.  
  299. # Which challenge should be used? Currently http-01 and dns-01 are supported
  300. CHALLENGETYPE="dns-01"
  301.  
  302. # Script to execute the DNS challenge and run after cert generation
  303. HOOK="${BASEDIR}/hook.sh"
  304.  
  305.  
  306. Next we need a hook that will do the DNS challenge for us and will restart HomeAssistant when the certificate has changed. Create a hook.sh file with the following content:
  307.  
  308. $ nano hook.sh
  309.  
  310. Add:
  311.  
  312. #!/usr/bin/env bash
  313. set -e
  314. set -u
  315. set -o pipefail
  316.  
  317. domain="yourdomain"
  318. token="xxxxxxxxxxxxxxxxxx"
  319.  
  320. case "$1" in
  321. "deploy_challenge")
  322. curl "https://www.duckdns.org/update?domains=$domain&token=$token&txt=$4"
  323. echo
  324. ;;
  325. "clean_challenge")
  326. curl "https://www.duckdns.org/update?domains=$domain&token=$token&txt=removed&clear=true"
  327. echo
  328. ;;
  329. "deploy_cert")
  330. sudo systemctl restart home-assistant@homeassistant.service
  331. ;;
  332. "unchanged_cert")
  333. ;;
  334. "startup_hook")
  335. ;;
  336. "exit_hook")
  337. ;;
  338. *)
  339. echo Unknown hook "${1}"
  340. exit 0
  341. ;;
  342. esac
  343.  
  344.  
  345. Be sure to change the token and domain at the top of the script. Also make the hook script executable:
  346.  
  347. $ chmod 755 hook.sh
  348.  
  349.  
  350. Generating the Certificate
  351.  
  352. Time to run dehydrated.
  353.  
  354. First, register a new private key with letsencrypt:
  355.  
  356. $ ./dehydrated --register --accept-terms
  357.  
  358. Should see:
  359.  
  360. # INFO: Using main config file /home/homeassistant/dehydrated/config
  361. + Generating account key...
  362. + Registering account key with ACME server...
  363. + Done!
  364.  
  365.  
  366. Then generate the certificate:
  367.  
  368. $ ./dehydrated -c
  369.  
  370. Should see:
  371.  
  372. # INFO: Using main config file /home/homeassistant/dehydrated/config
  373. Processing myhome.duckdns.org
  374. + Signing domains...
  375. + Generating private key...
  376. + Generating signing request...
  377. + Requesting challenge for myhome.duckdns.org...
  378. OK
  379. + Responding to challenge for myhome.duckdns.org...
  380. OK
  381. + Challenge is valid!
  382. + Requesting certificate...
  383. + Checking certificate...
  384. + Done!
  385. + Creating fullchain.pem...
  386. + Walking chain...
  387. + Done!
  388.  
  389.  
  390. That's it. We now have a valid certificate!
  391.  
  392. Automate Renewing
  393.  
  394. Let'sEncrypt certificates expire after 90 days, so we need to automatically renew them. We simply call dehydrated via cron on every 1st day of the month:
  395.  
  396. $ crontab -e
  397.  
  398. Add:
  399.  
  400. 0 1 1 * * /home/homeassistant/dehydrated/dehydrated -c
  401.  
  402.  
  403. Reconfigure HomeAssistant
  404.  
  405. Need to add read privileges to the dehydrated folder for the homeassistant user:
  406.  
  407. $ sudo setfacl -R -m u:homeassistant:rwx /home/<username>/dehydrated
  408.  
  409. Edit your configuration.yaml and add the new certificate to the http section:
  410.  
  411. configuration.yaml
  412.  
  413. http:
  414. .
  415. .
  416. .
  417. ssl_certificate: /home/finity/<username>/certs/yourdomain.duckdns.org/fullchain.pem
  418. ssl_key: /home/<username>/dehydrated/certs/yourdomain.duckdns.org/privkey.pem
  419.  
  420.  
  421. Finally restart HomeAssistant
  422.  
  423. $ sudo systemctl restart home-assistant@homeassistant.service
  424.  
  425. Your HomeAssistant should now be available via https://yourdomain.duckdns.org:8123.
  426.  
  427.  
  428. Set up an automation to show the status of your certs on the dashboard
  429.  
  430. $ sudo apt-get update
  431. $ sudo apt-get install ssl-cert-check
  432.  
  433.  
  434.  
  435. Install mosquito:
  436.  
  437. $ sudo apt-get install mosquitto
  438. $ sudo apt-get install mosquitto-clients
  439.  
  440. Edit the config file:
  441.  
  442. $ sudo nano /etc/mosquitto/mosquitto.conf
  443.  
  444. Add the following:
  445.  
  446. allow_anonymous false
  447. password_file /etc/mosquitto/pwfile
  448. listener 1883
  449.  
  450. comment out the existing line:
  451.  
  452. # include_dir /etc/mosquitto/conf.d
  453.  
  454. save
  455.  
  456. Create a username:
  457.  
  458. $ sudo mosquitto_passwd -c /etc/mosquitto/pwfile <username>
  459.  
  460. It will then ask for a password
  461.  
  462.  
  463. To test:
  464.  
  465. Open two instances of putty
  466.  
  467. In one instance put in the following:
  468.  
  469. $ mosquitto_sub -d -u <username> -P <password> -t "dev/test"
  470.  
  471. This will subscribe to the topic “dev/test” and listen until you stop it wich ctrl-c
  472.  
  473. In the other instance put in:
  474.  
  475. mosquitto_pub -d -u <username> -P <password> -t "dev/test" -m "Hello world"
  476.  
  477. this will publish the words “hello worldf to the topic “dev/test”
  478.  
  479. you should see those words appear in the listener
  480.  
  481. you can test it in HA by opening the services area, select mqtt, select publich then fill in the desired phrase:
  482.  
  483. {
  484. “topic”: “dev/test”,
  485. “payload”: “hello world”
  486. }
  487.  
  488. Then click call service
  489.  
  490. You see those words pop up again in the listener
  491.  
  492. To access the MQTT server from outside your network set up your router to open port 1883
Advertisement
RAW Paste Data Copied
Advertisement