4 years ago · 7337481cd2
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1,15 @@
 
				+# Changelog
			
 
				+All notable changes to this project will be documented in this file.
			
 
				+
			
 
				+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
			
 
				+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
			
 
				+
			
 
				+## [Unreleased]
			
 
				+### Added
			
 
				+- docker-compose: mount config volume
			
 
				+
			
 
				+### Changed
			
 
				+- wrap official docker image
			
 
				+
			
 
				+### Fixed
			
 
				+- docker-compose: forward correct default port `8123`
			
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,31 +1,17 @@
 
				-FROM python:3.7-alpine3.9
			
 
				+ARG HOME_ASSISTANT_VERSION=0.104.3
			
 
				+FROM homeassistant/home-assistant:$HOME_ASSISTANT_VERSION
			
 
				 
			
 
				-RUN apk add --no-cache \
			
 
				-    eudev-dev `#python_openzwave` \
			
 
				-    g++ \
			
 
				-    gcc \
			
 
				-    libffi-dev `#pycares` \
			
 
				-    linux-headers `#python_openzwave` \
			
 
				-    make \
			
 
				-    openssl-dev `#cryptography`
			
 
				+# inherited:
			
 
				+# CMD ["python3", "-m", "homeassistant", "--config", "/config"]
			
 
				 
			
 
				-RUN adduser -D hass \
			
 
				-    && mkdir /config \
			
 
				+# not inherited:
			
 
				+EXPOSE 8123/tcp
			
 
				+
			
 
				+# why do the home assistant maintainers run their containers as root?!
			
 
				+RUN python3 -c 'import os; assert os.geteuid() == 0, "finally..."' \
			
 
				+    && find / -xdev -type f -perm /u+s -exec chmod -c u-s {} \; \
			
 
				+    && find / -xdev -type f -perm /g+s -exec chmod -c g-s {} \; \
			
 
				+    && adduser -D hass \
			
 
				     && chown hass /config
			
 
				 VOLUME /config
			
 
				 USER hass
			
 
				-ENV PATH "/home/hass/.local/bin:${PATH}"
			
 
				-
			
 
				-# no wheels available for homeassistant-pyozw
			
 
				-# https://pypi.org/project/homeassistant-pyozw/0.1.2/#files
			
 
				-RUN pip install --user --no-cache-dir homeassistant-pyozw==0.1.2
			
 
				-# https://github.com/home-assistant/home-assistant/blob/0.89.0/requirements_all.txt
			
 
				-COPY --chown=hass ./runtime-requirements.txt /tmp
			
 
				-RUN pip install --user --no-cache-dir --requirement /tmp/runtime-requirements.txt \
			
 
				-    && rm /tmp/runtime-requirements.txt
			
 
				-
			
 
				-RUN pip install --user --no-cache-dir \
			
 
				-    homeassistant==0.89.0 \
			
 
				-    home-assistant-frontend==20190305.0
			
 
				-
			
 
				-CMD ["python", "-m", "homeassistant", "--config", "/config"]
			
--- a/README.md
+++ b/README.md
@@ -1,18 +1,31 @@
 
				-https://www.home-assistant.io/docs/installation/docker/
			
 
				+# docker: home assistant 🏡🐳
			
 
				 
			
 
				-https://github.com/home-assistant/home-assistant/blob/dev/virtualization/Docker/setup_docker_prereqs
			
 
				+imple wrapper for
			
 
				+[home-assistant](https://github.com/home-assistant/home-assistant)'s
			
 
				+[official docker image](https://hub.docker.com/r/homeassistant/home-assistant).
			
 
				 
			
 
				-https://github.com/home-assistant/home-assistant/blob/dev/requirements_all.txt
			
 
				+differences:
			
 
				+* dropped `setuid` and `setgid` permission bits from all files
			
 
				+* run home assistant as an unprivileged user (instead of `root`)
			
 
				+
			
 
				+guide: https://www.home-assistant.io/docs/installation/docker/
			
 
				+
			
 
				+dockerfile: https://git.hammerle.me/fphammerle/docker-home-assistant/src/master/dockerfile
			
 
				 
			
 
				 ```sh
			
 
				-$ sudo docker build --tag=home-assistant .
			
 
				-$ sudo docker volume create home-assistant-config
			
 
				+$ sudo docker run --name home_assistant \
			
 
				+    -v home_assistant_config:/config:rw \
			
 
				+    -p 8123:8123 \
			
 
				+    --security-opt=no-new-privileges --cap-drop=all \
			
 
				+    --restart unless-stopped \
			
 
				+    fphammerle/home-assistant
			
 
				+```
			
 
				+
			
 
				+## mount zwave dongle
			
 
				+
			
 
				+```
			
 
				 $ cat /etc/udev/rules.d/zwave.rules
			
 
				 ACTION=="add", SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="zwave-dongle"
			
 
				 # check permissions of /dev/zwave-dongle
			
 
				-$ sudo docker run --rm --publish=8123:8123 \
			
 
				-    --mount "source=home-assistant-config,target=/config,rw" \
			
 
				-    --device /dev/zwave-dongle:/dev/zwave-dongle \
			
 
				-    --security-opt=no-new-privileges --cap-drop=all \
			
 
				-    home-assistant
			
 
				+$ sudo docker run --device /dev/zwave-dongle:/dev/zwave-dongle …
			
 
				 ```
			
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,11 +2,16 @@
 
				 # https://docs.ansible.com/ansible/latest/modules/docker_service_module.html
			
 
				 version: '2'
			
 
				 
			
 
				+volumes:
			
 
				+  config:
			
 
				+
			
 
				 services:
			
 
				   homeassistant:
			
 
				     build: .
			
 
				     image: fphammerle/home-assistant
			
 
				-    ports: ['8124:8124']
			
 
				+    volumes: ['config:/config:rw']
			
 
				+    ports: ['127.0.0.1:8123:8123']
			
 
				     restart: on-failure
			
 
				+    security_opt: [no-new-privileges]
			
 
				 
			
 
				 # https://docs.docker.com/compose/compose-file/compose-file-v2/
			
--- a/runtime-requirements.txt
+++ b/runtime-requirements.txt
@@ -1,16 +0,0 @@
 
				-cryptography==2.5
			
 
				-
			
 
				-PyNaCl==1.3.0
			
 
				-PyQRCode==1.2.1
			
 
				-aiohttp_cors==0.7.0
			
 
				-distro==1.4.0
			
 
				-flux_led==0.22
			
 
				-gTTS-token==1.1.3
			
 
				-mutagen==1.42.0
			
 
				-netdisco==2.3.0
			
 
				-pyairvisual==3.0.1
			
 
				-pydispatcher==2.0.5
			
 
				-pyotp==2.2.6
			
 
				-sqlalchemy==1.2.18
			
 
				-warrant==0.6.1
			
 
				-xmltodict==0.11.0