Home Explore Help
Register Sign In
fphammerle
/
switchbot-mqtt
mirror of https://github.com/fphammerle/switchbot-mqtt
1
0
Fork 1
Files Issues 0 Wiki
Browse Source

readme: adapt section about network stack/namespace & home assistant; fix instructions for docker; changelog: document now required access to D-Bus system socket

Fabian Peter Hammerle 5 months ago
parent
e964cce38e
commit
e5633b5044
2 changed files with 11 additions and 7 deletions
Split View Show Diff Stats
  1. 5 0
      CHANGELOG.md
  2. 6 7
      README.md

+ 5 - 0
CHANGELOG.md
View File 

@@ -11,6 +11,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ### Changed
 
 - TLS now enabled by default (disable via `--mqtt-disable-tls`)
 
 - require `PySwitchbot>=0.14.0,<0.41` instead of `PySwitchbot>=0.10.0,<0.13`
 
+- switchbot-mqtt now requires access to the D-Bus' system socket
 
+  `/var/run/dbus/system_bus_socket`
 
+  as `bleak` controls bluetooth via BlueZ over D-Bus.
 
+  access to network namespace containing bluetooth interface is thus
 
+  no longer required.
 
 - `--fetch-device-info` no longer requires `CAP_NET_ADMIN`
 
   (bluepy-helper replaced with bleak)
 
 - replaced [paho-mqtt](https://github.com/eclipse/paho.mqtt.python)

+ 6 - 7
README.md
View File 

@@ -116,21 +116,18 @@ When disconnecting (graceful shutdown or unexpected loss of connection), `offlin
 
 
 Why not use the official [SwitchBot integration](https://www.home-assistant.io/integrations/switchbot/)?
 
 
-I prefer not to share the host's **network stack** with home assistant
 
+Older versions of pySwitchbot (before bleak replaced bluepy) required access to the host's **network stack**.
 
+I prefer not to share the host's network stack with home assistant's container
 
 (more complicated network setup
 
 and additional [netfilter](https://en.wikipedia.org/wiki/Netfilter) rules required for isolation).
 
 
 Sadly, `docker run --network host` even requires `--userns host`:
 
 > docker: Error response from daemon: cannot share the host's network namespace when user namespaces are enabled.
 
 
-The docker image built from this repository works around this limitation
 
-by explicitly running as an **unprivileged user**.
 
-
 
 The [official home assistant image](https://hub.docker.com/r/homeassistant/home-assistant)
 
 runs as `root`.
 
 This imposes an unnecessary security risk, especially when disabling user namespace remapping
 
 (`--userns host`).
 
-See https://github.com/fphammerle/docker-home-assistant for an alternative.
 
 
 ### Setup
 
 
@@ -166,7 +163,8 @@ Annotation of signed tags `docker/*` contains docker image digests: https://gith
 
 ```sh
 
 $ docker build -t switchbot-mqtt .
 
 $ docker run --name spelunca_switchbot \
 
-    --userns host --network host \
 
+    --userns host \
 
+    -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
 
     switchbot-mqtt:latest \
 
     switchbot-mqtt --mqtt-host HOSTNAME_OR_IP_ADDRESS
 
 ```
 
@@ -179,7 +177,6 @@ services:
 
   switchbot-mqtt:
 
     image: switchbot-mqtt
 
     container_name: switchbot-mqtt
 
-    network_mode: host
 
     userns_mode: host
 
     environment:
 
     - MQTT_HOST=localhost
 
@@ -187,6 +184,8 @@ services:
 
     #- MQTT_USERNAME=username
 
     #- MQTT_PASSWORD=password
 
     #- FETCH_DEVICE_INFO=yes
 
+    volumes:
 
+    - /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket
 
     restart: unless-stopped
 
 ```