casa/README.md

# homesrv01.dev.lan

Welcome to homesrv01.dev.lan git page.

This repository serves to document and maintain the server where the home assistant runs.

The idea was to create a server with docker where it would be possible to isolate all servers, services and communications related to home automation at the network level.

The server itself is on its own vlan (Vlan: homesrv) but requires communication with the Vlans:

- IOT
  
Using [code-server docker container](#code-server) for Development / Maintenance.

<!-- omit in toc -->
## Table of Contents

- [Services](#services)
  - [Docker](#docker)
  - [Volumes](#volumes)
  - [Portainer](#portainer)
  - [Promtail](#promtail)
  - [Telegraf](#telegraf)
    - [Setup \& Update](#setup--update)
  - [nginx](#nginx)
  - [code-server](#code-server)
  - [Home Assistant](#home-assistant)
  - [Lyrion Music Server (LMS)](#lyrion-music-server-lms)
  - [Mosquitto](#mosquitto)
  - [Wyoming](#wyoming)
  - [Zigbee2mqtt](#zigbee2mqtt)
    - [Docker devices](#docker-devices)
- [Host](#host)
  - [proxmox - lxc container](#proxmox---lxc-container)
  - [OS](#os)
  - [Packages and Requirements](#packages-and-requirements)
  - [Users \& Groups](#users--groups)
  - [fstab](#fstab)
  - [ssh](#ssh)
  - [Update](#update)

## Services

### Docker

### Volumes

``` bash
# requires mount /mnt/media@sshfs:nas.lan
# required by LMS service
docker volume create --driver local --opt type=none --opt device=/mnt/media@sshfs:nas.lan/music  --opt o=bind music


# required by code-server service
# required by Promtail service
# required by Telegraf service
docker volume create --driver local --opt type=none --opt device=/  --opt o=bind hostfs
```

### Portainer

maintained by ansible myInfra.docker.portainer role

### Promtail

maintained by ansible myInfra.docker.promtail role

### Telegraf

#### Setup & Update

maintained by ansible myInfra.docker.telegraf role

### nginx

Using portainer stack (stack name: nginx) connected to this repo. [Docker Compose](./services/nginx/docker-compose.yaml)

All configuration is set during docker build.

### code-server

for more flexibility on bind mount stack is maintained directly on portainer (stack name: code-server).

docker-compose.yml example.

```yaml
version: '3'
services:
  code-server:
    container_name: code
    image: lscr.io/linuxserver/code-server:latest
    environment:
      - PUID=0
      - PGID=0
      - TZ=Europe/London
      - PASSWORD=${CODESERVER_PASSWORD}
      - DEFAULT_WORKSPACE=/config/workspace
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - code-server_config:/config
      - code-server_root:/root
      - has_config:/config/workspace/has/volumes/config
      - hostfs:/mnt/hostfs
      #- ./../nginx/volumes/nginx_conf:/config/workspace/host/repos/homesrv01.dev.lan/services/nginx/volumes/nginx_conf
      #- mosquitto_config:/config/workspace/host/repos/homesrv01.dev.lan/services/mosquitto/volumes/config
      #- mosquitto_data:/config/workspace/host/repos/homesrv01.dev.lan/services/mosquitto/volumes/data
      #- zigbee2mqtt_data:/config/workspace/host/repos/homesrv01.dev.lan/services/zigbee2mqtt/volumes/data
      - hostfs:/mnt/hostfs
    networks:
      - code
      - reverseproxy_public
    ports:
      - 8444:8443
    restart: unless-stopped
volumes:
#  zigbee2mqtt_data:
#    name: zigbee2mqtt_data
#    external: true
  code-server_config:
  code-server_root:
  has_config:
    name: has_app_config
    external: true
  hostfs:
    external: true
  #mosquitto_config:
  #  external: true
  #mosquitto_data:
  #  external: true
networks:
  code:
  reverseproxy_public:
    external: true
```

### Home Assistant

[Git Repo](https://git.limbosolutions.com/marcio.fernandes/homeAssistant)

### Lyrion Music Server (LMS)

[Check git repo](/marcio.fernandes/lms) for more information how to setup Lyrion Music Server docker container. Or [git repo](/marcio.fernandes/homeassistant#squeezebox-lyrion-music-server) for more information about home assistant integration.

Requires [music docker volume](#volumes).

### Mosquitto

[Git Repo](https://git.limbosolutions.com/marcio.fernandes/mosquitto)

### Wyoming

A peer-to-peer protocol for voice assistants (basically JSONL + PCM audio)

```json
{ "type": "...", "data": { ... }, "data_length": ..., "payload_length": ... }
<data_length bytes (optional)>
<payload_length bytes (optional)>
```

Used in Rhasspy and Home Assistant for communication with voice services.

This is an open standard of the Open Home Foundation.

For more information about home assistant integration [check home assistant repo](/marcio.fernandes/homeassistant#wyoming).

Currently using portainer stack  (name: wyoming) with git reference to this repo. [docker compose file](./services/wyoming/docker-compose.yaml).

Gitea [Continuous deploy action](./.gitea/workflows/services.wyoming.yml)

Links:

- [https://github.com/home-assistant/addons/blob/master/whisper/DOCS.md](https://github.com/home-assistant/addons/blob/master/whisper/DOCS.md)
- [https://github.com/rhasspy/wyoming-faster-whisper](https://github.com/rhasspy/wyoming-faster-whisper)
- [https://exitcode0.net/posts/wyoming-whisper-docker-compose/](https://exitcode0.net/posts/wyoming-whisper-docker-compose/)
- [https://exitcode0.net/posts/wyoming-piper-docker-compose/](https://exitcode0.net/posts/wyoming-piper-docker-compose/)

### Zigbee2mqtt

Zigbee to MQTT bridge, get rid of your proprietary Zigbee bridges

Currently using portainer stack (name: zigbee2mqtt) with git reference to this repo [docker compose](./services/zigbee2mqtt/docker-compose.yaml).

SONOFF Universal Zigbee 3.0 USB Dongle Plus attached on [proxmox host](#host).

Patch security on [proxmox host](#host).
(usb passthrough to [lxc container](#proxmox---lxc-container))

``` yaml
#on proxmox hosting server
chown 100000:100020 /dev/ttyUSB0
chown 100000:100020 /dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0
```

#### Docker devices

``` yaml
....
    devices:
      # Make sure this matched your adapter location
      - /dev/ttyUSB0:/dev/ttyUSB0
....

```

Links

- [https://www.zigbee2mqtt.io/](https://www.zigbee2mqtt.io/)
- [Home assistant integration](/marcio.fernandes/homeassistant#Zigbee2mqtt)
- [Continuos Deploy - git action](./.gitea/workflows/services.zigbee2mqtt.yml)

## Host

Currently hosted on a proxmox ubuntu container.

### proxmox - lxc container

```bash
#   cat /etc/pve/lxc/105.conf
arch: amd64
cmode: shell
cores: 2
features: fuse=1,keyctl=1,nesting=1
hostname: homesrv01
memory: 1500
net0: name=eth0,bridge=vmbr0,firewall=1,ip6=dhcp,...,type=veth
onboot: 1
ostype: ubuntu
protection: 1
rootfs: local-lvm:vm-105-disk-0,size=32G
swap: 1500
unprivileged: 1
lxc.cgroup2.devices.allow: c 189:* rwm
lxc.mount.entry: usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 none bind,optional,create=file
lxc.cgroup2.devices.allow: c 188:* rwm
lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file
```

lxc.cgroup2.devices.allow and lxc.mount.entry identification

```bash
# identify usb pen
lsusb 

# example 
# Bus 001 Device 008: ID 10c4:ea60 Silicon Labs CP210x UART Bridge


#replace with bus and device id
ls -l /dev/bus/usb/001/008

#example result
# crw-rw-r-- 1 root root 189, 7 May 17 15:56 /dev/bus/usb/001/008

# so

#lxc.cgroup2.devices.allow: c 189:* rwm
#lxc.mount.entry: usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 none bind,optional,create=file

ls -l /dev/serial/by-id/
# example result
#lrwxrwxrwx 1 root root 13 May 17 15:56 usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 -> ../../ttyUSB0

ls -l /dev/ttyUSB0
#example result
#crw-rw---- 1 root dialout 188, 0 May 17 15:56 /dev/ttyUSB0

#so

#lxc.cgroup2.devices.allow: c 188:* rwm
#lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file
```

### OS

```bash
# lsb_release -a
Distributor ID: Ubuntu
Description:    Ubuntu 24.04 LTS
Release:        24.04
Codename:       noble

# uname -r
6.8.4-3-pve
```

### Packages and Requirements

```bash
apt update -y && apt upgrade -y
apt install curl -y
apt install git -y
curl -fsSL https://get.docker.com -o get-docker.sh && sh ./get-docker.sh 
docker run hello-world && docker info
apt install sshfs
apt install ansible
```

### Users & Groups

```bash
# add user admin to docker group, so sudo is not required when executing docker commands
usermod -aG docker admin
```

### fstab

```bash
# /etc/fstab

# used by docker volume music
sshfs#media@nas.lan:/home/media /mnt/media@sshfs:nas.lan fuse defaults,_netdev,allow_other,follow_symlinks 0 0
```

### ssh

```bash
#/etc/ssh/sshd_config
PermitRootLogin no
```

```bash
systemctl restart ssh
```

### Update

```bash
./scripts/auto-update.sh
ln -s $PWD/scripts/auto-update.sh /etc/cron.daily/auto-update
journalctl -r -t auto-update
```