# homesrv01.dev.lan

Welcome to homesrv01.dev.lan git page.

This repository serves to document and maintain the server where the home assistant runs.

The idea was to create a server with docker where it would be possible to isolate all servers, services and communications related to home automation at network level.

The server itself is on its own vlan (Vlan: homesrv) but requires communication with the Vlans:

- IOT

<!-- omit in toc -->
## Table of Contents

- [Services](#services)
  - [myInfra stack](#myinfra-stack)
  - [SSH](#ssh)
  - [nginx](#nginx)
  - [code-server](#code-server)
  - [Home Assistant](#home-assistant)
  - [Lyrion Music Server (LMS)](#lyrion-music-server-lms)
  - [Mosquitto](#mosquitto)
  - [Wyoming](#wyoming)
  - [Zigbee2mqtt](#zigbee2mqtt)
    - [Docker devices](#docker-devices)
- [Proxmox - lxc container](#proxmox---lxc-container)
- [Operating System](#operating-system)
- [Development, Maintenance and Deployment](#development-maintenance-and-deployment)
- [Ansible roles](#ansible-roles)
  - [myInfra.dev.homesrv01.core](#myinfradevhomesrv01core)
  - [myInfra.dev.homesrv01](#myinfradevhomesrv01)
- [fstab](#fstab)

## Services

### myInfra stack

docker, Portainer, promtail and telegraf [maintained on myInfra repo](/marcio.fernandes&myInfra).

### SSH

Deployed and maintained by ansible role [myInfra.dev.homesrv1](#ansible-roles).

### nginx

Using portainer stack (stack name: nginx) connected to this repo. [Docker Compose](./services/nginx/docker-compose.yaml)

All configuration is set during docker build.

### code-server

Using [custom code-server docker image](/kb/code-server/), includes:

- docker-cli
- ansible
- ansible-lint

For more flexibility on bind mount, stack is maintained directly on portainer (stack name: code-server).

docker-compose.yml example.

```yaml
version: '3'
services:
  code-server:
    container_name: code
    image: git.limbosolutions.com/kb/code-server:latest
    environment:
      - PUID=0
      - PGID=0
      - TZ=Europe/London
      - PASSWORD=${CODESERVER_PASSWORD}
      - DEFAULT_WORKSPACE=/config/workspace
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - code-server_config:/config
      - code-server_root:/root
      - has_config:/config/workspace/has/volumes/config
      - /:/mnt/hostfs
    networks:
      - code
      - reverseproxy_public
    ports:
      - 8444:8443
    restart: unless-stopped
volumes:
#  zigbee2mqtt_data:
#    name: zigbee2mqtt_data
#    external: true
  code-server_config:
  code-server_root:
  has_config:
    name: has_app_config
    external: true
  #mosquitto_config:
  #  external: true
  #mosquitto_data:
  #  external: true
networks:
  code:
  reverseproxy_public:
    external: true
```

### Home Assistant

[Git Repo](https://git.limbosolutions.com/marcio.fernandes/homeAssistant)

### Lyrion Music Server (LMS)

[Check git repo](/marcio.fernandes/lms) for more information how to setup Lyrion Music Server docker container. Or [git repo](/marcio.fernandes/homeassistant#squeezebox-lyrion-music-server) for more information about home assistant integration.

Requires [music docker volume](#myinfradevhomesrv01).

### Mosquitto

[Git Repo](https://git.limbosolutions.com/marcio.fernandes/mosquitto)

### Wyoming

A peer-to-peer protocol for voice assistants (basically JSONL + PCM audio)

```json
{ "type": "...", "data": { ... }, "data_length": ..., "payload_length": ... }
<data_length bytes (optional)>
<payload_length bytes (optional)>
```

Used in Rhasspy and Home Assistant for communication with voice services.

This is an open standard of the Open Home Foundation.

For more information about home assistant integration [check home assistant repo](/marcio.fernandes/homeassistant#wyoming).

Currently using portainer stack  (name: wyoming) with git reference to this repo. [docker compose file](./services/wyoming/docker-compose.yaml).

Gitea [Continuous deploy action](./.gitea/workflows/services.wyoming.yml)

Links:

- [https://github.com/home-assistant/addons/blob/master/whisper/DOCS.md](https://github.com/home-assistant/addons/blob/master/whisper/DOCS.md)
- [https://github.com/rhasspy/wyoming-faster-whisper](https://github.com/rhasspy/wyoming-faster-whisper)
- [https://exitcode0.net/posts/wyoming-whisper-docker-compose/](https://exitcode0.net/posts/wyoming-whisper-docker-compose/)
- [https://exitcode0.net/posts/wyoming-piper-docker-compose/](https://exitcode0.net/posts/wyoming-piper-docker-compose/)

### Zigbee2mqtt

Zigbee to MQTT bridge, get rid of your proprietary Zigbee bridges

Currently using portainer stack (name: zigbee2mqtt) with git reference to this repo [docker compose](./services/zigbee2mqtt/docker-compose.yaml).

SONOFF Universal Zigbee 3.0 USB Dongle Plus attached on [proxmox host](#proxmox---lxc-container).

Patch security on [proxmox host](#proxmox---lxc-container).
(usb passthrough to [lxc container](#proxmox---lxc-container))

```yaml
#on proxmox hosting server
chown 100000:100020 /dev/ttyUSB0
chown 100000:100020 /dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0
```

#### Docker devices

```yaml
....
    devices:
      # Make sure this matched your adapter location
      - /dev/ttyUSB0:/dev/ttyUSB0
....

```

Links

- [https://www.zigbee2mqtt.io/](https://www.zigbee2mqtt.io/)
- [Home assistant integration](/marcio.fernandes/homeassistant#Zigbee2mqtt)
- [Continuos Deploy - git action](./.gitea/workflows/services.zigbee2mqtt.yml)

## Proxmox - lxc container

Currently hosted on a proxmox ubuntu container.

```bash
#   cat /etc/pve/lxc/105.conf
arch: amd64
cmode: shell
cores: 2
features: fuse=1,keyctl=1,nesting=1
hostname: homesrv01
memory: 1500
net0: name=eth0,bridge=vmbr0,firewall=1,ip6=dhcp,...,type=veth
onboot: 1
ostype: ubuntu
protection: 1
rootfs: local-lvm:vm-105-disk-0,size=32G
swap: 1500
unprivileged: 1
lxc.cgroup2.devices.allow: c 189:* rwm
lxc.mount.entry: usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 none bind,optional,create=file
lxc.cgroup2.devices.allow: c 188:* rwm
lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file
```

lxc.cgroup2.devices.allow and lxc.mount.entry identification

```bash
# identify usb pen
lsusb 

# example 
# Bus 001 Device 008: ID 10c4:ea60 Silicon Labs CP210x UART Bridge


#replace with bus and device id
ls -l /dev/bus/usb/001/008

#example result
# crw-rw-r-- 1 root root 189, 7 May 17 15:56 /dev/bus/usb/001/008

# so

#lxc.cgroup2.devices.allow: c 189:* rwm
#lxc.mount.entry: usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 none bind,optional,create=file

ls -l /dev/serial/by-id/
# example result
#lrwxrwxrwx 1 root root 13 May 17 15:56 usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 -> ../../ttyUSB0

ls -l /dev/ttyUSB0
#example result
#crw-rw---- 1 root dialout 188, 0 May 17 15:56 /dev/ttyUSB0

#so

#lxc.cgroup2.devices.allow: c 188:* rwm
#lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file
```

## Operating System

```bash
# lsb_release -a
Distributor ID: Ubuntu
Description:    Ubuntu 24.04 LTS
Release:        24.04
Codename:       noble

# uname -r
6.8.4-3-pve
```

## Development, Maintenance and Deployment

Using gitea action for continuous deploys, visual studio code ([code workspace](./.code-workspace)) on my machine for maintenance and development related to hosting server, and a docker container with code server for editing docker container volumes.

Ansible scripts can be used locally, remotely or by gitea actions.

## Ansible roles

### myInfra.dev.homesrv01.core

- ssh server
- admin user
- git package
- curl package

```bash
#execute local
sudo ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 ansible/core.yml
```

### myInfra.dev.homesrv01

[Requires myInfra stack](#myinfra-stack).

- daily auto update script
- music docker volume. [requires sshfs mount to media on nas](#fstab)

```bash
#execute local
sudo ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 ansible/site.yml
```

```bash
# check auto update scripts logs
journalctl -r -t auto-update
```

## fstab

requires sshpass  
apt install sshpass

requires file /root/.ssh/media_readonly@minio.nas.lan.password containing clear text password used on sshfs

```bash
# /etc/fstab
# used by docker volume music using an s3 bucket on self hosted minio
sshfs#media_readonly@nas.lan:/music /mnt/media/music fuse port=9022,defaults,_netdev,allow_other,follow_symlinks,reconnect,ssh_command=sshpass\040-f\040/root/.ssh/media_readonly@minio.nas.lan.password\040ssh 0 0
```