diff --git a/config/homeassistant/configuration.yaml b/config/homeassistant/configuration.yaml new file mode 100644 index 0000000..0b508df --- /dev/null +++ b/config/homeassistant/configuration.yaml @@ -0,0 +1,24 @@ + +# Loads default set of integrations. Do not remove. +default_config: + +# Text to speech +tts: + - platform: google_translate + +automation: !include automations.yaml +script: !include scripts.yaml +scene: !include scenes.yaml + +# Database +recorder: + db_url: postgresql://homeassistant:homeassistant@ha_postgres/ha + +# Nginx setup +http: + use_x_forwarded_for: true + trusted_proxies: + - 127.0.0.1 + - 192.168.192.5 + - 172.16.0.0/12 + - 192.168.0.0/28 diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf index bc233ee..a9e0447 100644 --- a/config/nginx/nginx.conf +++ b/config/nginx/nginx.conf @@ -254,41 +254,53 @@ http { } } - ### GLADYS ASSISTANT ### + ### HOME ASSISTANT ### - upstream gladys { - server gladys:80; + upstream homeassistant { + server homeassistant:8123; } server { listen 80; - server_name gladys.spanskiduh.xyz; - access_log /logs/gladys.log custom_log; + server_name ha.spanskiduh.xyz; + access_log /logs/homeassistant.log custom_log; location /.well-known/acme-challenge/ { root /var/www/certbot; } + location / { - return 301 https://gladys.spanskiduh.xyz$request_uri; + proxy_set_header Host $host; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + return 301 https://ha.spanskiduh.xyz$request_uri; } } server { listen 443 ssl http2; - server_name gladys.spanskiduh.xyz; - access_log /logs/gladys.log custom_log; + server_name ha.spanskiduh.xyz; + access_log /logs/homeassistant.log custom_log; - ssl_certificate /etc/letsencrypt/live/gladys.spanskiduh.xyz/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/gladys.spanskiduh.xyz/privkey.pem; + ssl_certificate /etc/letsencrypt/live/ha.spanskiduh.xyz/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/ha.spanskiduh.xyz/privkey.pem; location / { - proxy_pass "http://gladys/"; + proxy_set_header Host $host; + proxy_http_version 1.1; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_pass "http://homeassistant/"; } } - ### AUTISM-APP ### upstream autism-app { diff --git a/docker-compose.yml b/docker-compose.yml index 0d37d7c..d29747b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,6 @@ version: '3.6' + # # ISOLATED NETWORKS # @@ -15,12 +16,12 @@ networks: name: nextcloud_network autism_app_network: name: autism_app_network - gladys_network: - name: gladys_network kimai_network: name: kimai_network photoprism_network: name: photoprism_network + ha_network: + name: ha_network services: @@ -39,10 +40,12 @@ services: - nextcloud - nextcloud_db - autism_app - - gladys - kimai - kimai_db - photoprism + - homeassistant + - ha_postgres + - mqtt ports: - 80:80 - 443:443 @@ -50,7 +53,7 @@ services: - ${DOCKER_CONFIG_DIR}/nginx/nginx.conf:/etc/nginx/nginx.conf:ro - ${DOCKER_CONFIG_DIR}/certbot/conf:/etc/letsencrypt:ro - ${DOCKER_CONFIG_DIR}/certbot/www:/var/www/certbot:ro - - ${NGINX_LOG_DIR}/:/logs + - ${DOCKER_LOG_DIR}/:/logs command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" networks: - transmission_network @@ -58,9 +61,9 @@ services: - gitea_network - nextcloud_network - autism_app_network - - gladys_network - kimai_network - photoprism_network + - ha_network certbot: image: certbot/certbot:latest @@ -211,7 +214,7 @@ services: PHOTOPRISM_ORIGINALS_LIMIT: 5000 # file size limit for originals in MB (increase for high-res video) PHOTOPRISM_HTTP_COMPRESSION: "gzip" # improves transfer speed and bandwidth utilization (none or gzip) PHOTOPRISM_LOG_LEVEL: "info" # log level: trace, debug, info, warning, error, fatal, or panic - PHOTOPRISM_PUBLIC: "false" # no authentication required (disables password protection) + PHOTOPRISM_PUBLIC: "false" # no authentication required (disables password protection) PHOTOPRISM_READONLY: "true" # do not modify originals directory (reduced functionality) PHOTOPRISM_EXPERIMENTAL: "true" # enables experimental features PHOTOPRISM_DISABLE_CHOWN: "false" # disables storage permission updates on startup @@ -225,38 +228,66 @@ services: PHOTOPRISM_JPEG_QUALITY: 85 # image quality, a higher value reduces compression (25-100) PHOTOPRISM_DETECT_NSFW: "true" # flag photos as private that MAY be offensive (requires TensorFlow) PHOTOPRISM_UPLOAD_NSFW: "true" # allows uploads that MAY be offensive - PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server + PHOTOPRISM_DATABASE_DRIVER: "sqlite" # SQLite is an embedded database that doesn't require a server PHOTOPRISM_SITE_CAPTION: "AI-Powered Photos App" PHOTOPRISM_SITE_DESCRIPTION: "" # meta site description - PHOTOPRISM_SITE_AUTHOR: "spanskiduh" # meta site author + PHOTOPRISM_SITE_AUTHOR: "spanskiduh" # meta site author devices: - "/dev/dri:/dev/dri" working_dir: "/photoprism" # do not change or remove volumes: - - "/home/hsrv/d_personal/data/nextcloud/data/spanskiduh/files/InstantUpload/Camera:/photoprism/originals" # Original media files (DO NOT REMOVE) + - "/home/hsrv/d_personal/data/nextcloud/data/spanskiduh/files/InstantUpload/:/photoprism/originals" # Original media files (DO NOT REMOVE) - "${DOCKER_DATA_DIR}/photoprism:/photoprism/storage" # *Writable* storage folder for cache, database, and sidecar files (DO NOT REMOVE) networks: - photoprism_network - # # IOT MANAGEMENT & DASHBOARD (todo) # - gladys: - image: gladysassistant/gladys:v4 - container_name: gladys - privileged: true + + mqtt: + image: eclipse-mosquitto:latest + container_name: mqtt + restart: unless-stopped + ports: + - 1883:1883 + - 9001:9001 + volumes: + - ${DOCKER_LOG_DIR}:/mosquitto/log + - ${DOCKER_DATA_DIR}/mqtt:/mosquitto/data + - ${DOCKER_CONFIG_DIR}/mqtt:/mosquitto/config + networks: + - ha_network + + ha_postgres: + image: postgres:latest + container_name: ha_postgres restart: unless-stopped environment: - NODE_ENV: production - SQLITE_FILE_PATH: /var/lib/gladysassistant/gladys-production.db + - POSTGRES_DB=ha + - POSTGRES_USER=${POSTGRES_HA_USERNAME} + - POSTGRES_PASSWORD=${POSTGRES_HA_PASSWORD} volumes: - - /var/run/docker.sock:/var/run/docker.sock - - ${DOCKER_DATA_DIR}/gladysassistant:/var/lib/gladysassistant - - /dev:/dev + - ${DOCKER_DATA_DIR}/ha_postgres:/var/lib/postgresql/data + - /etc/localtime:/etc/localtime:ro networks: - - gladys_network + - ha_network + + homeassistant: + depends_on: + - ha_postgres + container_name: homeassistant + image: homeassistant/home-assistant:latest + restart: unless-stopped + privileged: true + command: [ "python", "-m", "homeassistant", "--config", "/config", "--log-rotate-days", '3' ] + volumes: + - ${DOCKER_CONFIG_DIR}/homeassistant:/config + - /etc/localtime:/etc/localtime:ro + - /etc/timezone:/etc/timezone:ro + networks: + - ha_network # # OTHER SERVICES