No Description https://hub.docker.com/r/fphammerle/home-assistant

Fabian Peter Hammerle 43a8c74512 upgrade default home assistant version to v2021.7.2 3 years ago
.github b68113b442 Bump docker/setup-buildx-action from 1.4.1 to 1.5.0 3 years ago
CHANGELOG.md cfb519c84f release v1.1.1 3 years ago
Dockerfile 43a8c74512 upgrade default home assistant version to v2021.7.2 3 years ago
Makefile 27cb259961 makefile: remove 'v' prefix from version strings 3 years ago
README.md 05404db2c6 docker-compose/readme: fix support for home-assistant images >=2021.4.0 by mounting tmpfs for async_dns 3 years ago
docker-compose.yml 05404db2c6 docker-compose/readme: fix support for home-assistant images >=2021.4.0 by mounting tmpfs for async_dns 3 years ago

README.md

docker: home assistant 🏡🐳

simple wrapper for home-assistant's official docker image.

changes:

  • dropped setuid and setgid permission bits from all files
  • run home assistant as an unprivileged user (instead of root)

guide: https://www.home-assistant.io/docs/installation/docker/

dockerfile: https://git.hammerle.me/fphammerle/docker-home-assistant/src/master/Dockerfile

signed docker image hashes: https://github.com/fphammerle/docker-home-assistant/tags

$ sudo docker run --name home_assistant \
    -v home_assistant_config:/config:rw \
    -p 8123:8123 \
    --read-only --tmpfs /home/hass/.config/async_dns:mode=1777,size=4k
    --security-opt=no-new-privileges --cap-drop=all \
    --restart unless-stopped \
    fphammerle/home-assistant

mount zwave dongle

$ cat /etc/udev/rules.d/zwave.rules
ACTION=="add", SUBSYSTEM=="tty", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", SYMLINK+="zwave-dongle"
# check permissions of /dev/zwave-dongle
$ sudo docker run --device /dev/zwave-dongle:/dev/zwave-dongle …

mount /proc/device-tree

Required by Adafruit-DHT: https://github.com/adafruit/Adafruit_Python_DHT/blob/a609d7dcfb2b8208b88498c54a5c099e55159636/source/Raspberry_Pi_2/pi_2_mmio.c#L43

/proc/device-tree is a symlink to /sys/firmware/devicetree/base.

However, docker run -v /sys/firmware/devicetree/base:/sys/firmware/devicetree/base:ro … is ineffective.

Docker masks /sys/firmware: https://github.com/moby/moby/pull/26618 https://github.com/docker/docker-ce/blob/v19.03.5/components/engine/oci/defaults.go#L127

Evil workaround:

# start container without explicitly mounting devicetree
$ sudo docker run --name home_assistant …
# umount shadowing tmpfs
$ sudo nsenter --target $(sudo docker inspect --format={{.State.Pid}} home_assistant) --mount umount /sys/firmware