casa/README.md

# homesrv01.dev.lan

Welcome to homesrv01.dev.lan git page.

This repository serves to document and maintain the server where the home assistant runs.

The goal was to create a server with docker where it would be possible to isolate, services and communications related to home automation at network level.

The server itself is on its own vlan (Vlan: homesrv) but requires communication with the others Vlans:

- IOT

<!-- omit in toc -->
## Table of Contents

- [Services](#services)
  - [myInfra stack](#myinfra-stack)
  - [SSH](#ssh)
  - [nginx](#nginx)
  - [code-server](#code-server)
  - [Home Assistant](#home-assistant)
  - [Lyrion Music Server (LMS)](#lyrion-music-server-lms)
  - [Mosquitto](#mosquitto)
  - [Wyoming](#wyoming)
  - [Zigbee2mqtt](#zigbee2mqtt)
    - [Docker devices](#docker-devices)
- [Proxmox - lxc container](#proxmox---lxc-container)
- [Operating System](#operating-system)
- [Development, Maintenance and Deployment](#development-maintenance-and-deployment)
  - [Docker context](#docker-context)
- [Ansible roles](#ansible-roles)
  - [myInfra.dev.homesrv01.core](#myinfradevhomesrv01core)
  - [myInfra.dev.homesrv01](#myinfradevhomesrv01)
- [fstab](#fstab)

## Services

### myInfra stack

docker, Portainer, promtail and telegraf [maintained on myInfra repo](/marcio.fernandes&myInfra).

### SSH

Deployed and maintained by ansible role [myInfra.dev.homesrv1](#ansible-roles).

### nginx

Using portainer stack (stack name: nginx) connected to this repo. [Docker Compose](./services/nginx/docker-compose.yaml)

All sites configurations set during docker build.

### code-server

Using [custom code-server docker image](/kb/code-server/), includes:

- docker-cli
- ansible
- ansible-lint

For more flexibility on bind mount, stack is maintained directly on portainer (stack name: code-server).

docker-compose.yml example.

```yaml
version: '3'
services:
  code-server:
    container_name: code
    image: git.limbosolutions.com/kb/code-server:latest
    environment:
      - PUID=0
      - PGID=0
      - TZ=Europe/London
      - PASSWORD=${CODESERVER_PASSWORD}
      - DEFAULT_WORKSPACE=/config/workspace
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - code-server_config:/config
      - code-server_root:/root
      - has_config:/config/workspace/has/volumes/config
      - /:/mnt/hostfs
    networks:
      - code
      - reverseproxy_public
    ports:
      - 8444:8443
    restart: unless-stopped
volumes:
#  zigbee2mqtt_data:
#    name: zigbee2mqtt_data
#    external: true
  code-server_config:
  code-server_root:
  has_config:
    name: has_app_config
    external: true
  #mosquitto_config:
  #  external: true
  #mosquitto_data:
  #  external: true
networks:
  code:
  reverseproxy_public:
    external: true
```

### Home Assistant

[Git Repo](https://git.limbosolutions.com/marcio.fernandes/homeAssistant)

### Lyrion Music Server (LMS)

[Check git repo](/marcio.fernandes/lms) for more information how to setup Lyrion Music Server docker container. Or [git repo](/marcio.fernandes/homeassistant#squeezebox-lyrion-music-server) for more information about home assistant integration.

Requires [music docker volume](#myinfradevhomesrv01).

### Mosquitto

[Git Repo](https://git.limbosolutions.com/marcio.fernandes/mosquitto)

### Wyoming

A peer-to-peer protocol for voice assistants (basically JSONL + PCM audio)

```json
{ "type": "...", "data": { ... }, "data_length": ..., "payload_length": ... }
<data_length bytes (optional)>
<payload_length bytes (optional)>
```

Used in Rhasspy and Home Assistant for communication with voice services.

This is an open standard of the Open Home Foundation.

For more information about home assistant integration [check home assistant repo](/marcio.fernandes/homeassistant#wyoming).

Currently using portainer stack  (name: wyoming) with git reference to this repo. [docker compose file](./services/wyoming/docker-compose.yaml).

Gitea [Continuous deploy action](./.gitea/workflows/services.wyoming.yml)

Links:

- [https://github.com/home-assistant/addons/blob/master/whisper/DOCS.md](https://github.com/home-assistant/addons/blob/master/whisper/DOCS.md)
- [https://github.com/rhasspy/wyoming-faster-whisper](https://github.com/rhasspy/wyoming-faster-whisper)
- [https://exitcode0.net/posts/wyoming-whisper-docker-compose/](https://exitcode0.net/posts/wyoming-whisper-docker-compose/)
- [https://exitcode0.net/posts/wyoming-piper-docker-compose/](https://exitcode0.net/posts/wyoming-piper-docker-compose/)

### Zigbee2mqtt

Zigbee to MQTT bridge, get rid of your proprietary Zigbee bridges

Currently using portainer stack (name: zigbee2mqtt) with git reference to this repo [docker compose](./services/zigbee2mqtt/docker-compose.yaml).

SONOFF Universal Zigbee 3.0 USB Dongle Plus attached on [proxmox host](#proxmox---lxc-container).

Patch security on [proxmox host](#proxmox---lxc-container).
(usb passthrough to [lxc container](#proxmox---lxc-container))

```yaml
#on proxmox hosting server
chown 100000:100020 /dev/ttyUSB0
chown 100000:100020 /dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0
```

#### Docker devices

```yaml
....
    devices:
      # Make sure this matched your adapter location
      - /dev/ttyUSB0:/dev/ttyUSB0
....

```

Links

- [https://www.zigbee2mqtt.io/](https://www.zigbee2mqtt.io/)
- [Home assistant integration](/marcio.fernandes/homeassistant#Zigbee2mqtt)
- [Continuos Deploy - git action](./.gitea/workflows/services.zigbee2mqtt.yml)

## Proxmox - lxc container

Currently hosted on a proxmox ubuntu container.

```bash
#   cat /etc/pve/lxc/105.conf
arch: amd64
cmode: shell
cores: 2
features: fuse=1,keyctl=1,nesting=1
hostname: homesrv01
memory: 1500
net0: name=eth0,bridge=vmbr0,firewall=1,ip6=dhcp,...,type=veth
onboot: 1
ostype: ubuntu
protection: 1
rootfs: local-lvm:vm-105-disk-0,size=32G
swap: 1500
unprivileged: 1
lxc.cgroup2.devices.allow: c 189:* rwm
lxc.mount.entry: usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 none bind,optional,create=file
lxc.cgroup2.devices.allow: c 188:* rwm
lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file
```

lxc.cgroup2.devices.allow and lxc.mount.entry identification

```bash
# identify usb pen
lsusb 

# example 
# Bus 001 Device 008: ID 10c4:ea60 Silicon Labs CP210x UART Bridge


#replace with bus and device id
ls -l /dev/bus/usb/001/008

#example result
# crw-rw-r-- 1 root root 189, 7 May 17 15:56 /dev/bus/usb/001/008

# so

#lxc.cgroup2.devices.allow: c 189:* rwm
#lxc.mount.entry: usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 dev/serial/by-id/usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 none bind,optional,create=file

ls -l /dev/serial/by-id/
# example result
#lrwxrwxrwx 1 root root 13 May 17 15:56 usb-ITead_Sonoff_Zigbee_3.0_USB_Dongle_Plus_c0e8eeb4b38ded118e7c06f6b86ce6f8-if00-port0 -> ../../ttyUSB0

ls -l /dev/ttyUSB0
#example result
#crw-rw---- 1 root dialout 188, 0 May 17 15:56 /dev/ttyUSB0

#so

#lxc.cgroup2.devices.allow: c 188:* rwm
#lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file
```

## Operating System

```bash
# lsb_release -a
Distributor ID: Ubuntu
Description:    Ubuntu 24.04 LTS
Release:        24.04
Codename:       noble

# uname -r
6.8.4-3-pve
```

## Development, Maintenance and Deployment

Using gitea action for continuous deploys, visual studio code ([code workspace](./.code-workspace)) on my machine for maintenance and development related to hosting server, and a docker container with code server for editing docker container volumes.

Ansible scripts can be used locally, remotely or by gitea actions.

### Docker context
 
 ```bash
 # create context to homesrv01 docker on development devices
 docker context create homesrv01 --docker host=ssh://admin@homesrv01.dev.lan
```

## Ansible roles

### myInfra.dev.homesrv01.core

- ssh server
- admin user
- git package
- curl package

```bash
#execute local
sudo ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 ansible/core.yml
```

### myInfra.dev.homesrv01

[Requires myInfra stack](#myinfra-stack).

- daily auto update script
- music docker volume. [requires sshfs mount to media on nas](#fstab)

```bash
#execute local
sudo ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 ansible/site.yml
```

```bash
# check auto update scripts logs
journalctl -r -t auto-update
```

## fstab

requires sshpass  
apt install sshpass

requires file /root/.ssh/media_readonly@minio.nas.lan.password containing clear text password used on sshfs

```bash
# /etc/fstab
# used by docker volume music using an s3 bucket on self hosted minio
sshfs#media_readonly@nas.lan:/music /mnt/media/music fuse port=9022,defaults,_netdev,allow_other,follow_symlinks,reconnect,ssh_command=sshpass\040-f\040/root/.ssh/media_readonly@minio.nas.lan.password\040ssh 0 0
```