README.md 1.9 KB
docker: home assistant 🏡🐳
simple wrapper for home-assistant's official docker image.
changes:
- dropped
setuidandsetgidpermission bits from all files - run home assistant as an unprivileged user (instead of
root)
guide: https://www.home-assistant.io/docs/installation/docker/
dockerfile: https://git.hammerle.me/fphammerle/docker-home-assistant/src/master/Dockerfile
signed docker image hashes: https://github.com/fphammerle/docker-home-assistant/tags
$ sudo docker run --name home_assistant \
-v home_assistant_config:/config:rw \
-p 8123:8123 \
--read-only --tmpfs /home/hass/.config/async_dns:mode=1777,size=4k
--security-opt=no-new-privileges --cap-drop=all \
--restart unless-stopped \
fphammerle/home-assistant
mount zwave dongle
$ cat /etc/udev/rules.d/zwave.rules
ACTION=="add", SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="zwave-dongle"
# check permissions of /dev/zwave-dongle
$ sudo docker run --device /dev/zwave-dongle:/dev/zwave-dongle …
mount /proc/device-tree
Required by Adafruit-DHT:
https://github.com/adafruit/Adafruit_Python_DHT/blob/a609d7dcfb2b8208b88498c54a5c099e55159636/source/Raspberry_Pi_2/pi_2_mmio.c#L43
/proc/device-tree is a symlink to /sys/firmware/devicetree/base.
However, docker run -v /sys/firmware/devicetree/base:/sys/firmware/devicetree/base:ro … is ineffective.
Docker masks /sys/firmware:
https://github.com/moby/moby/pull/26618
https://github.com/docker/docker-ce/blob/v19.03.5/components/engine/oci/defaults.go#L127
Evil workaround:
# start container without explicitly mounting devicetree
$ sudo docker run --name home_assistant …
# umount shadowing tmpfs
$ sudo nsenter --target $(sudo docker inspect --format={{.State.Pid}} home_assistant) --mount umount /sys/firmware