Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- NUC Installation in python venv
- Throughout this procedure you'll need to add your personal details to different sections. Replace anything that has anything between "<...>" or where it says "your" in it.
- Install Debian 9 Desktop:
- use win32diskimager to create a live cd on USB stick
- If needed, follow the instructions for UEFI boot repair from:
- https://arstechnica.com/gadgets/2014/02/linux-on-the-nuc-using-ubuntu-mint-fedora-and-the-steamos-beta/
- install from USB live but don’t reboot.
- Open terminal and the do the following:
- $ sudo mount /dev/sda1 /mnt
- $ sudo mkdir /mnt/EFI/BOOT
- $ sudo cp /mnt/EFI/ubuntu/* /mnt/EFI/BOOT
- $ sudo mv /mnt/EFI/BOOT/grubx64.efi /mnt/EFI/BOOT/bootx64.efi
- - reboot
- Add user to sudoers file:
- $ su
- Enter root password
- $ adduser <username> sudo
- $ exit
- - reboot
- install openssh-server from command line:
- $ sudo apt-get install openssh-server
- install Putty on the computer you will use to run terminal commands on the HA machine if necessary.
- Set up a Key for encrypting SSH:
- Generate key using puttygen
- Create a new .ssh directory (if not already created by default…)
- $ mkdir .ssh
- Change permissions on .ssh to 700 (if not done by default…)
- $ chmod 700 .ssh
- Create a file called “authorized_keys” using nano
- $ nano ~/.ssh/authorized_keys
- Copy and paste the entire key from puttygen
- - Save file
- Change permissions of “authorized_keys” to 600
- $ chmod 600 ~/.ssh/authorized_keys
- Restart SSH service
- $ sudo service ssh restart
- Exit putty session
- Run Putty and before connecting open saved session info & add key to “auth” under SSH
- Connect via SSH using Putty to test that the key is working
- Change ssh to not allow password login
- $ sudo nano /etc/ssh/sshd_config
- Add the following line to the end:
- PasswordAuthentication no
- - Save
- Restart ssh service
- $ sudo service ssh restart
- Get rid of iv6
- $ sudo nano /etc/sysctl.conf
- Add:
- net.ipv6.conf.all.disable_ipv6=1
- Save file
- Commit changes
- $ sudo sysctl -p
- Install & Setup WinSCP on computer you will use to edit configuration files:
- - Give WinSCP the ability to edit files:
- Select SCP/Shell under Environment
- Select profile.
- Select edit.
- Select advanced.
- Under Shell on the left select “bin/bash“
- - After authorized keys from above is complete:
- Select profile.
- Select edit.
- Select advanced.
- Select Authentication under SSH on the left
- Enter location of private key that you created and saved from Puttygen
- Install curl:
- $ sudo apt install curl
- Setup duckdns if desired:
- create a dynamic dns name (using duckdns.org)
- yourdomain.duckdns.org
- yourdomain2.duckdns.org (if desired, you only need one)
- token = xxxxxxxxxxxxxxxxxxxxxxx
- install duckdns
- $ mkdir duckdns
- $ cd duckdns
- $ nano duck.sh
- create an update script by entering the following:
- echo url="https://www.duckdns.org/update?domains=yourdomain,yourdomain2&token=xxxxxxxxxxxip=" | curl -k -o ~/duckdns/duck.log -K -
- save file
- change permissions on file
- $ sudo chmod 700 duck.sh
- set it to update the public ip every 5 minutes
- $ sudo crontab -e
- Pick default editor (selection 1)
- Add line:
- */5 * * * * ~/duckdns/duck.sh >/dev/null 2>&1
- Save file
- Test the file
- $ ./duck.sh
- $ cat duck.log
- Should see ‘OK’
- Install git:
- $ sudo apt-get update
- $ sudo apt-get upgrade
- $ sudo apt-get install git
- Install Home Assistant in venv:
- Do the following as a regular user (not root):
- $ sudo apt-get update
- $ sudo apt-get upgrade
- $ sudo apt-get install python-pip python3-dev
- $ sudo pip install --upgrade virtualenv
- $ sudo adduser --system homeassistant
- $ sudo addgroup homeassistant
- $ sudo usermod -G dialout -a homeassistant
- $ sudo mkdir /srv/homeassistant
- $ sudo chown homeassistant:homeassistant /srv/homeassistant
- Switch to the homeassistant user:
- $ sudo su -s /bin/bash homeassistant
- Create a new virtual environment:
- $ virtualenv -p python3 /srv/homeassistant
- Activate the venv:
- $ source /srv/homeassistant/bin/activate
- Run the following command to install Home Assistant inside the virtualenv container:
- $ pip3 install --upgrade homeassistant
- Start Home Assistant manually with the "hass" command to make sure that it works as expected:
- $ hass
- You should get a bunch of console output with no obvious error messages. To confirm that it's working, open a web browser on a computer on the same network and navigate to http://<ip_address>:8123, which is the default web server port for Home Assistant.
- If you see the default webpage, you've successfully installed Home Assistant. Now press Ctrl+C in the terminal to exit the process and return to the shell, and exit the virtualenv sub-shell with the following command:
- $ exit
- To setup Homeassistant to start at boot create the service file with the following command:
- $ sudo nano /lib/systemd/system/home-assistant@homeassistant.service
- Now, paste the following content into the new file:
- [Unit]
- Description=Home Assistant
- After=network.target
- [Service]
- Type=simple
- User=%i
- ExecStart=/srv/homeassistant/bin/hass -c "/home/homeassistant/.homeassistant"
- [Install]
- WantedBy=multi-user.target
- #
- # Service file for systems with systemd to run Home Assistant as the homeassistant user.
- #
- [Unit]
- Description=Home Assistant for %i
- After=network.target
- [Service]
- Type=simple
- User=%i
- ExecStart=/srv/homeassistant/bin/hass
- SendSIGKILL=no
- [Install]
- WantedBy=multi-user.target
- Save it.
- Then, create a symlink from this file to the "active" systemd location, reload the systemd configuration, and start the service:
- $ sudo ln -s /lib/systemd/system/home-assistant@homeassistant.service /etc/systemd/system/home-assistant@homeassistant.service
- $ sudo systemctl --system daemon-reload
- $ sudo systemctl enable home-assistant@homeassistant.service
- $ sudo systemctl start home-assistant@homeassistant.service
- You should now be able to open or refresh the same browser window from before and access the Home Assistant web GUI. It might take a few seconds to become available. You can verify that it starts automatically by completely rebooting the system, but this is not strictly necessary.
- The default config files should automatically be created at the /home/homeassistant/.homeassistant directory.
- After adding current configuration files to the new homeassistant config folders makes sure to set owner back to the homeassistant user:
- $ sudo chown -R homeassistant:homeassistant /home/homeassistant
- And add read/write privileges to the home assistant config folders for your user (<username>):
- $ sudo setfacl -R -m u:<username>:rwx /home/homeassistant/.homeassistant
- Setup letsencrypt using the instructions here:
- https://www.splitbrain.org/blog/2017-08/10-homeassistant_duckdns_letsencrypt
- Set up DuckDNS
- Set up a port forwarding to your HomeAssistant server. Set a forwarding for port 8123 to the internal HA IP on port 8123.
- Before continuing, make sure your HomeAssistant is now available via http://yourdomain.duckdns.org or whatever domain you set up.
- Setting up Dehydrated
- First get a copy of the current dehydrated script.
- $ git clone https://github.com/lukas2511/dehydrated.git
- Now change into the new dehydrated directory and create a new domains.txt file containing your duckdns domain name:
- $ nano domains.txt
- Add:
- yourdomain.duckdns.org
- save & exit file
- We also need a config file containing the following:
- $ nano config
- Add:
- # Which challenge should be used? Currently http-01 and dns-01 are supported
- CHALLENGETYPE="dns-01"
- # Script to execute the DNS challenge and run after cert generation
- HOOK="${BASEDIR}/hook.sh"
- Next we need a hook that will do the DNS challenge for us and will restart HomeAssistant when the certificate has changed. Create a hook.sh file with the following content:
- $ nano hook.sh
- Add:
- #!/usr/bin/env bash
- set -e
- set -u
- set -o pipefail
- domain="yourdomain"
- token="xxxxxxxxxxxxxxxxxx"
- case "$1" in
- "deploy_challenge")
- curl "https://www.duckdns.org/update?domains=$domain&token=$token&txt=$4"
- echo
- ;;
- "clean_challenge")
- curl "https://www.duckdns.org/update?domains=$domain&token=$token&txt=removed&clear=true"
- echo
- ;;
- "deploy_cert")
- sudo systemctl restart home-assistant@homeassistant.service
- ;;
- "unchanged_cert")
- ;;
- "startup_hook")
- ;;
- "exit_hook")
- ;;
- *)
- echo Unknown hook "${1}"
- exit 0
- ;;
- esac
- Be sure to change the token and domain at the top of the script. Also make the hook script executable:
- $ chmod 755 hook.sh
- Generating the Certificate
- Time to run dehydrated.
- First, register a new private key with letsencrypt:
- $ ./dehydrated --register --accept-terms
- Should see:
- # INFO: Using main config file /home/homeassistant/dehydrated/config
- + Generating account key...
- + Registering account key with ACME server...
- + Done!
- Then generate the certificate:
- $ ./dehydrated -c
- Should see:
- # INFO: Using main config file /home/homeassistant/dehydrated/config
- Processing myhome.duckdns.org
- + Signing domains...
- + Generating private key...
- + Generating signing request...
- + Requesting challenge for myhome.duckdns.org...
- OK
- + Responding to challenge for myhome.duckdns.org...
- OK
- + Challenge is valid!
- + Requesting certificate...
- + Checking certificate...
- + Done!
- + Creating fullchain.pem...
- + Walking chain...
- + Done!
- That's it. We now have a valid certificate!
- Automate Renewing
- Let'sEncrypt certificates expire after 90 days, so we need to automatically renew them. We simply call dehydrated via cron on every 1st day of the month:
- $ crontab -e
- Add:
- 0 1 1 * * /home/homeassistant/dehydrated/dehydrated -c
- Reconfigure HomeAssistant
- Need to add read privileges to the dehydrated folder for the homeassistant user:
- $ sudo setfacl -R -m u:homeassistant:rwx /home/<username>/dehydrated
- Edit your configuration.yaml and add the new certificate to the http section:
- configuration.yaml
- http:
- .
- .
- .
- ssl_certificate: /home/finity/<username>/certs/yourdomain.duckdns.org/fullchain.pem
- ssl_key: /home/<username>/dehydrated/certs/yourdomain.duckdns.org/privkey.pem
- Finally restart HomeAssistant
- $ sudo systemctl restart home-assistant@homeassistant.service
- Your HomeAssistant should now be available via https://yourdomain.duckdns.org:8123.
- Set up an automation to show the status of your certs on the dashboard
- $ sudo apt-get update
- $ sudo apt-get install ssl-cert-check
- Install mosquito:
- $ sudo apt-get install mosquitto
- $ sudo apt-get install mosquitto-clients
- Edit the config file:
- $ sudo nano /etc/mosquitto/mosquitto.conf
- Add the following:
- allow_anonymous false
- password_file /etc/mosquitto/pwfile
- listener 1883
- comment out the existing line:
- # include_dir /etc/mosquitto/conf.d
- save
- Create a username:
- $ sudo mosquitto_passwd -c /etc/mosquitto/pwfile <username>
- It will then ask for a password
- To test:
- Open two instances of putty
- In one instance put in the following:
- $ mosquitto_sub -d -u <username> -P <password> -t "dev/test"
- This will subscribe to the topic “dev/test” and listen until you stop it wich ctrl-c
- In the other instance put in:
- mosquitto_pub -d -u <username> -P <password> -t "dev/test" -m "Hello world"
- this will publish the words “hello worldf to the topic “dev/test”
- you should see those words appear in the listener
- you can test it in HA by opening the services area, select mqtt, select publich then fill in the desired phrase:
- {
- “topic”: “dev/test”,
- “payload”: “hello world”
- }
- Then click call service
- You see those words pop up again in the listener
- To access the MQTT server from outside your network set up your router to open port 1883
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement