Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- NUC installation using Docker:
- Throughout this procedure you'll need to add your personal details to different sections. Replace anything that has anything between "<...>" or where it says "your" in it.
- Install Debian 9 Desktop:
- use win32diskimager to create a live cd on USB stick
- If needed, follow the instructions for UEFI boot repair from:
- https://arstechnica.com/gadgets/2014/02/linux-on-the-nuc-using-ubuntu-mint-fedora-and-the-steamos-beta/
- install from USB live but don’t reboot.
- Open terminal and the do the following:
- $ sudo mount /dev/sda1 /mnt
- $ sudo mkdir /mnt/EFI/BOOT
- $ sudo cp /mnt/EFI/ubuntu/* /mnt/EFI/BOOT
- $ sudo mv /mnt/EFI/BOOT/grubx64.efi /mnt/EFI/BOOT/bootx64.efi
- - reboot
- Add user to sudoers file:
- $ su
- Enter root password
- $ adduser <username> sudo
- $ exit
- - reboot
- install openssh-server from command line:
- $ sudo apt-get install openssh-server
- Install curl:
- $ sudo apt install curl
- Install git:
- $ sudo apt-get update
- $ sudo apt-get upgrade
- $ sudo apt-get install git
- Setup a static IP
- $ sudo nano /etc/dhcpcd.conf
- Edit /etc/dhcpcd.conf as follows:
- #here is an example which configures a static address, routes and dns.
- interface eth0
- static ip_address=192.168.1.11/24
- static routers=192.168.1.1
- static domain_name_servers=192.168.1.1 8.8.8.8
- save & reboot
- install Putty on the computer you will use to remotely access your Home Assistant machine
- Set up a Key for encrypting SSH:
- Generate key using puttygen
- Create a new .ssh directory (if not already created by default…)
- $ mkdir .ssh
- Change permissions on .ssh to 700 (if not done by default…)
- $ chmod 700 .ssh
- Create a file called “authorized_keys” using nano
- $ nano ~/.ssh/authorized_keys
- Copy & paste the key from puttygen into that file.
- - Save file
- Change permissions of “authorized_keys” to 600
- $ chmod 600 ~/.ssh/authorized_keys
- Restart SSH service
- $ sudo service ssh restart
- Exit putty session
- Run Putty but don't connect then open saved session info & add key to “auth” under SSH
- Change ssh to not allow password login
- $ sudo nano /etc/ssh/sshd_config
- Add the following line
- PasswordAuthentication no
- - Save
- Restart ssh service
- $ sudo service ssh restart
- Get rid of iv6
- $ sudo nano /etc/sysctl.conf
- Add:
- net.ipv6.conf.all.disable_ipv6=1
- - Save file
- Commit changes
- $ sudo sysctl -p
- Install & setup WinSCP on the computer you plan to use to remotely edit your configuration files:
- Give WinSCP the ability to edit files:
- Select SCP/Shell under Environment
- Select profile.
- Select edit.
- Select advanced.
- Under Shell on the left select “bin/bash“
- After authorized keys from above is complete:
- Select profile.
- Select edit.
- Select advanced.
- Select Authentication under SSH on the left
- Enter location of private key you saved from Puttygen above
- Setup duckdns
- create a dynamic dns name (using duckdns.org)
- yourdomain.duckdns.org
- yourdomain2.duckdns.org (not required)
- token = xxxxxxxxxxxxxxxxxxxxxxxxxxx
- install duckdns
- $ mkdir duckdns
- $ cd duckdns
- $ nano duck.sh
- create an update script by entering the following:
- echo url="https://www.duckdns.org/update?domains=yourdomain,yourdomain2&token=xxxxxxxxxxxxx" | curl -k -o ~/duckdns/duck.log -K -
- - save file
- change permissions on file
- $ sudo chmod 700 duck.sh
- set it to update the public ip every 5 minutes
- $ sudo crontab -e
- Pick default editor (selection 1)
- Add line:
- */5 * * * * ~/duckdns/duck.sh >/dev/null 2>&1
- - Save file
- Test the file
- $ ./duck.sh
- $ cat duck.log
- Should see ‘OK’
- Install Docker
- https://docs.docker.com/install/linux/docker-ce/debian/#install-docker-ce-1
- $ sudo apt-get install \
- apt-transport-https \
- ca-certificates \
- curl \
- gnupg2 \
- software-properties-common
- $ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add –
- $ sudo apt-key fingerprint 0EBFCD88
- $ sudo add-apt-repository \
- "deb [arch=amd64] https://download.docker.com/linux/debian \
- $(lsb_release -cs) \
- stable"
- $ sudo apt-get update
- $ sudo apt-get install docker-ce
- To test docker installed correctly:
- $ sudo docker run hello-world
- To update docker:
- $ sudo apt-get update
- $ sudo apt-get install docker-ce
- Install Docker Images
- Homeassistant:
- Create a new config directory:
- /home/<username>/docker/hass-config (or wherever you want it but you will need to adjust the paths below accordingly)
- Create and run a new home assistant container:
- $ sudo docker run -d --name="home-assistant" --restart=unless-stopped -v /home/<username>/docker/hass-config:/config -v /etc/localtime:/etc/localtime:ro --net=host homeassistant/home-assistant
- The above will create the basic config files at the config directory. Copy existing config files to that directory & restart the container.
- The above will only create an installation of HA without the access to the zigbee and z wave devices.
- If you already have an existing zwave or zigbee install on another HA then copy the options.xml & ozw config xml files to the config directory
- To get access to the USB devices run the following:
- $ sudo docker run -d --name="home-assistant" --restart=unless-stopped -v /home/<username>/docker/hass-config:/config -v /etc/localtime:/etc/localtime:ro --device /dev/zigbee:/dev/zigbee --device /dev/ttyUSB-ZStick-5G:/dev/ttyUSB-ZStick-5G --net=host homeassistant/home-assistant
- The above will work when you modify the /etc/udev/rules.d/99-com.rules file to make the zigbee & zwave USB sticks persistent.
- For the Aeotec Zwave Gen 5 USB stick add this to the end of above udev file:
- SUBSYSTEM=="tty", ATTRS{idVendor}=="0658", ATTRS{idProduct}=="0200", SYMLINK+="ttyUSB-ZStick-5G"
- If you want to use the HUSBZB-1 Zigbee stick add the following to that same file:
- SUBSYSTEM=="tty", ATTRS{interface}=="HubZ ZigBee Com Port", SYMLINK+="zigbee"
- One problem using Docker is that you can't run shell commands on the host machine from within the Home Assistant container.
- To be able to do that you need to see the section below to set it up. Then come here and run the new docker command to enable that functionality:
- $ sudo docker run -d --name="home-assistant" --restart=unless-stopped -v /home/<username>/docker/hass-config:/config -v /etc/localtime:/etc/localtime:ro -v /home/finity/docker/sshkey/.ssh:/root/.ssh --device /dev/zigbee:/dev/zigbee --device /dev/ttyUSB-ZStick-5G:/dev/ttyUSB-ZStick-5G --net=host homeassistant/home-assistant
- To install a specific version of Home Assistant add
- :0.xx.x
- To the end of the image name
- ##########################################################
- these containers are all optional but are useful:
- Portainer:
- https://portainer.readthedocs.io/en/stable/deployment.html#quick-start
- $ sudo docker run --name portainer -d -p 9001:9000 --restart=unless-stopped -v /var/run/docker.sock:/var/run/docker.sock -v /opt/portainer:/data portainer/portainer
- user: admin
- pass: net
- create a new user & password
- -------------
- NGINX/Letsencrypt:
- From: https://community.home-assistant.io/t/nginx-reverse-proxy-set-up-guide-docker/54802
- Get uid & gid:
- $ id <username>
- Create config directory
- $ mkdir /home/<username>/docker/letsencrypt/config
- Forward ports 80 & 443 to your NGINX machine.
- Run the docker container:
- $ sudo docker run -d --cap-add=NET_ADMIN --name=letsencrypt --restart=unless-stopped -v /home/<username>/docker/letsencrypt/config:/config -v /etc/localtime:/etc/localtime:ro -e PGID=1000 -e PUID=1000 -e EMAIL=<youremail@address.com> -e URL=yourdomain.duckdns.org -e SUBDOMAINS=hass,conf,graf -e VALIDATION=http -p 80:80 -p 443:443 -e TZ=<your timezone> linuxserver/letsencrypt
- Once you run the container, you’ll need to edit (DON’T RENAME THE OLD DEFAUALT FILE TO SOMETHING ELSE – IT WILL MESS IT UP) the default file at:
- home/<username>/docker/letsencrypt/config/nginx/site-confs/default
- Make sure you comment out the following lines in the server blocks.
- auth_basic "Restricted"#;
- auth_basic_user_file /config/nginx/.htpasswd;
- These lines will enforce password protection from Nginx and when you try to login you will not be able. You may need to activate this for some component. For instance the configurator component, for some reason will no longer follow its settings file and once live you’ll be able to access it without password. So you’ll need to create an Nginx user:password with this command: docker exec -it letsencrypt htpasswd -c /config/nginx/.htpasswd .
- Default config file:
- ###########################################
- ## Version 2018/04/20 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/default
- # listening on port 80 disabled by default, remove the "#" signs to enable
- # redirect all traffic to https
- #server {
- # listen 80;
- # server_name _;
- # return 301 https://$host$request_uri;
- #}
- # main server block
- server {
- listen 443 ssl default_server;
- root /config/www;
- index index.html index.htm index.php;
- server_name yourdomain.duckdns.org;
- # enable subfolder method reverse proxy confs
- include /config/nginx/proxy-confs/*.subfolder.conf;
- # all ssl related config moved to ssl.conf
- include /config/nginx/ssl.conf;
- client_max_body_size 0;
- location / {
- try_files $uri $uri/ /index.html /index.php?$args =404;
- }
- location ~ \.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
- # With php7-cgi alone:
- fastcgi_pass <yourmachine IP>:9000;
- # With php7-fpm:
- #fastcgi_pass unix:/var/run/php7-fpm.sock;
- fastcgi_index index.php;
- include /etc/nginx/fastcgi_params;
- }
- # sample reverse proxy config for password protected couchpotato running at IP 192.168.1.50 port 5050 with base url "cp"
- # notice this is within the same server block as the base
- # don't forget to generate the .htpasswd file as described on docker hub
- # location ^~ /cp {
- # auth_basic "Restricted";
- # auth_basic_user_file /config/nginx/.htpasswd;
- # include /config/nginx/proxy.conf;
- # proxy_pass http://192.168.1.50:5050/cp;
- # }
- }
- # sample reverse proxy config without url base, but as a subdomain "cp", ip and port same as above
- # notice this is a new server block, you need a new server block for each subdomain
- #server {
- # listen 443 ssl;
- #
- # root /config/www;
- # index index.html index.htm index.php;
- #
- # server_name cp.*;
- #
- # include /config/nginx/ssl.conf;
- #
- # client_max_body_size 0;
- #
- # location / {
- # auth_basic "Restricted";
- # auth_basic_user_file /config/nginx/.htpasswd;
- # include /config/nginx/proxy.conf;
- # proxy_pass http://192.168.1.50:5050;
- # }
- #}
- ### HOMEASSISTANT ####
- server {
- listen 443 ssl;
- root /config/www;
- index index.html index.htm index.php;
- server_name hass.<username>.duckdns.org;
- include /config/nginx/ssl.conf;
- client_max_body_size 0;
- location / {
- # auth_basic "Restricted";
- # auth_basic_user_file /config/nginx/.htpasswd;
- proxy_set_header Host $host;
- proxy_redirect http:// https://;
- proxy_http_version 1.1;
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection "upgrade";
- proxy_buffering off;
- proxy_ssl_verify off;
- # include /config/nginx/proxy.conf;
- proxy_pass http://192.168.1.11:8123;
- }
- }
- ### CONFIGURATOR ###
- #
- #server {
- # listen 443 ssl;
- #
- # root /config/www;
- # index index.html index.htm index.php;
- #
- # server_name conf.bussnet.duckdns.org;
- #
- # include /config/nginx/ssl.conf;
- #
- # client_max_body_size 0;
- #
- # location / {
- # auth_basic "Restricted";
- # auth_basic_user_file /config/nginx/.htpasswd;
- # include /config/nginx/proxy.conf;
- # proxy_pass http://192.168.1.11:3218;
- # }
- #}
- ### GRAFANA ###
- #
- #server {
- # listen 443 ssl;
- #
- # root /config/www;
- # index index.html index.htm index.php;
- #
- # server_name graf.xxxxxxx.duckdns.org;
- #
- # include /config/nginx/ssl.conf;
- #
- # client_max_body_size 0;
- #
- # location / {
- ## auth_basic "Restricted";
- ## auth_basic_user_file /config/nginx/.htpasswd;
- # include /config/nginx/proxy.conf;
- # proxy_pass http://192.168.1.11:3003;
- # }
- #}
- # enable subdomain method reverse proxy confs
- include /config/nginx/proxy-confs/*.subdomain.conf;
- -----------------------------------------
- Synchthing:
- $ sudo docker create --name=syncthing --restart=unless-stopped -v /home/<username>/docker/syncthing/config:/config -v /home/<username>/docker/hass-config:/hass-sync -v /etc/localtime:/etc/localtime:ro -e PGID=1000 -e PUID=1000 -e UMASK_SET=000 -p 8384:8384 -p 22000:22000 -p 21027:21027/udp linuxserver/syncthing
- Install Syncthing on the other computer.
- Create a new folder named /hass-sync and share it
- -------------------------------
- Ha-dockermon:
- $ sudo docker run -d --name=ha-dockermon --restart=unless-stopped -v /var/run/docker.sock:/var/run/docker.sock -v /home/<username>/docker/ha-dockermon:/config -p 8126:8126 philhawthorne/ha-dockermon
- --------------------------------
- MQTT:
- $ sudo docker run -itd --name=eclipse-mosquitto -p 1884:1883 -p 9002:9001 -v /home/<username>/docker/mqtt/config/mosquitto.conf:/mosquitto/config/mosquitto.conf -v /home/<username>/docker/mqtt/config/passwd:/mosquitto/config/passwd -v /home/<username>/docker/mqtt/data:/mosquitto/data -v /home/<username>/docker/mqtt/log:/mosquitto/log -e PGID=1000 -e PUID=1000 -e UMASK_SET=000 eclipse-mosquitto
- Download the default mosquitto.conf file from:
- https://raw.githubusercontent.com/eclipse/mosquitto/master/mosquitto.conf
- and edit as necessary. Change the persistence info and logging.
- Give those files full permissions using:
- $ sudo chmod 777 -R /home/<username>/docker/mqtt/
- Then enter the shell of the container by:
- $ sudo docker exec -it eclipse-mosquitto sh
- Create a username and password:
- / # mosquitto_passwd -c /mosquitto/config/passwd/pwfile <mqtt username>
- Once it goes to the next line just type in the password (there won’t be a prompt until after you hit enter)
- Re-enter password
- / # exit
- --------------------------------
- OZWCP:
- for the zwcfg... file you will need to find out the correct file name from your config folder.
- https://github.com/ruimarinho/docker-openzwave
- $ sudo docker create --name openzwave -itd -p 8090:8090 --device=/dev/ttyUSB-ZStick-5G -v /home/<username>/docker/hass-config/options.xml:/root/open-zwave-control-panel/config/options.xml -v /home/<username>/docker/hass-config/zwcfg_0xecbef344.xml:/root/open-zwave-control-panel/zwcfg_0xecbef344.xml ruimarinho/openzwave
- How to use this image:
- To launch the OpenZWave Control Panel, you should add a device map to your Z-Wave Controller and map the server port (by default 8090).
- In this example, the USB Z-Wave Controller is available on the host under /dev/ttyACM0, but the USB device enumeration varies from host and OS (another popular nomenclature is /dev/ttyUSB*).
- ❯ docker run --rm -it -p 8090:8090 --device=/dev/ttyACM0 ruimarinho/openzwave
- Now go to http://127.0.0.1:8090 and enter /dev/ttyACM0 under Device name. Click on Initialize to boot the network and that's it.
- Integration with Home Assistant:
- As mentioned below, you can also share the zwcfg_0x_<HomeId>.xml and options.xml file between applications on the host. The following is an example of sharing the Z-Wave network configuration with the popular Home Assistant home automation software, available under /volume1/applications/home-assistant/.
- First, stop Home Assistant. Assuming you've used --name home-assistant when launching the container (otherwise you need to grab its container id), run:
- ❯ docker stop home-assistant
- Launch the OpenZWave Control Panel:
- ❯ docker run --name openzwave --rm -it -p 8090:8090 \
- --device=/dev/ttyACM0 \
- -v /volume1/applications/home-assistant/options.xml:/root/open-zwave-control-panel/config/options.xml \
- -v /volume1/applications/home-assistant/zwcfg_0x00001111.xml:/root/open-zwave-control-panel/zwcfg_0x00001111.xml \
- ruimarinho/openzwave
- Run all the desired operations on the OpenZWave Control Panel and don't forget to hit Save if you've changed something.
- When you're done, stop the OpenZWave Control Panel and launch Home Assistant again:
- ❯ docker stop openzwave && docker start home-assistant
- Done!
- --------------------------------
- TasmoAdmin:
- $ sudo docker run -d --name tasmoadmin --restart=unless-stopped -v /home/<username>/docker/tasmoadmin/data:/data -p 9003:80 raymondmm/tasmoadmin
- The url is http://<your_host_ip>:9003 which opens TasmoAdmin.
- --------------------------------
- Zigbee2MQTT:
- https://github.com/Koenkk/zigbee2mqtt
- $ sudo docker run -itd --name="zigbee2mqtt" --restart=unless-stopped -v /etc/localtime:/etc/localtime:ro --net=host -v /home/<username>/docker/zigbee2mqtt/data:/app/data --device=/dev/Zigbee2MQTT koenkk/zigbee2mqtt
- ---------------------------------
- Amazon-Dash:
- https://github.com/Nekmo/amazon-dash
- $ sudo docker pull nekmo/amazon-dash:latest
- $ sudo docker run -itd --network=host --name="amazon-dash" --restart=unless-stopped -v /home/<username>/docker/amazon-dash/amazon-dash.yml:/config/amazon-dash.yml nekmo/amazon-dash:latest amazon-dash run --ignore-perms --root-allowed --config /config/amazon-dash.yml
- ###########################################
- Add ability to use command line in docker container:
- https://hastebin.com/sojasolite.sql
- 1-Need to modify the host user privileges to skip typing your password with sudo
- sudo visudo
- hostuser ALL=(ALL) NOPASSWD:ALL
- 2-create the following directory:
- $ mkdir /home/<username>/docker/sshkey/.ssh
- Then mount this volume in HA container to preserve the sshkey generated from the HA container and used to execute shell commands. Key will then persist through reboot or upgrades.
- -v /home/hass/<username>/sshkey/.ssh:/root/.ssh
- 3-login to container via portainer or
- $ sudo docker exec -it home-assistant /bin/bash
- 4-generate sshkey. - https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2
- $ ssh-keygen -t rsa (press enter, enter, enter)
- 5-copy the sshkey to your host ***
- $ ssh-copy-id hostuser@192.168.x.x (type password when prompted)
- *** this won’t work if you have an existing authorized_keys file. You have to copy the key manually into the file. Put one key per line with no lines between them.
- MI45fiHjJAeyCxH//eSFrI9Mzi2NR9njQTAW5YviSmvetYjuCTLHSTVOFycgiHR34Tfn2LUSOALQ7zUvq8yXseVFI7OHC5X07zPnbvQw28UMAlmhego6rOZ3exQKobORwqYpk7xVRj5FNr4vnff2/u7SWsZRlQylUBa4ZKK+W1TPEc7knXPl8cesh3YJ+J62ncCiNVgzSgQ7qjMmrRnuLkB3DNKPs1BIlC6t3x0abMotSgom0WZIGGGIR3MIouFp root@NUC
- additional info from:
- https://megamorphf.github.io/homeassistant/hyperion/ssh/hassio/2018/01/22/controlling-anything-via-ssh.html
- https://www.cyberciti.biz/tips/linux-multiple-ssh-key-based-authentication.html
- https://wiki.mcs.anl.gov/IT/index.php/SSH_Keys:authorized_keys
- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement