homeassistant: Add bluetooth support

2023-04-01 18:54:46 +00:00 · 2023-04-01 18:54:46 +00:00 · 7b88de9100
commit 7b88de9100
parent 1285656eae
4 changed files with 59 additions and 0 deletions
--- a/roles/homeassistant/files/homeassistant-local.pp
+++ b/roles/homeassistant/files/homeassistant-local.pp
--- a/roles/homeassistant/files/homeassistant-local.te
+++ b/roles/homeassistant/files/homeassistant-local.te
@ -0,0 +1,21 @@
+
+module homeassistant-local 1.0;
+
+require {
+	type container_t;
+	type system_dbusd_var_run_t;
+	type system_dbusd_t;
+	type bluetooth_t;
+	class sock_file write;
+	class unix_stream_socket connectto;
+	class dbus send_msg;
+}
+
+#============= bluetooth_t ==============
+allow bluetooth_t container_t:dbus send_msg;
+
+#============= container_t ==============
+allow container_t bluetooth_t:dbus send_msg;
+allow container_t system_dbusd_t:dbus send_msg;
+allow container_t system_dbusd_t:unix_stream_socket connectto;
+allow container_t system_dbusd_var_run_t:sock_file write;
--- a/roles/homeassistant/tasks/main.yml
+++ b/roles/homeassistant/tasks/main.yml
@ -10,6 +10,42 @@
    group: ha
    shell: /sbin/nologin

+- name: Install dependencies
+  ansible.builtin.package:
+    name: bluez
+    state: installed
+
+- name: Enable bluetooth services
+  ansible.builtin.service:
+    name: bluetooth
+    state: started
+    enabled: true
+
+- name: Copy SELinux module
+  ansible.builtin.copy:
+    dest: /usr/local/share/selinux/homeassistant-local.pp
+    src: homeassistant-local.pp
+    mode: 0644
+    owner: root
+    group: "{{ ansible_wheel }}"
+
+- name: Check if selinux module is loaded
+  ansible.builtin.command:
+    argv:
+      - semodule
+      - -l
+  register: result
+  check_mode: false
+  changed_when: false
+
+- name: Install SELinux module
+  ansible.builtin.command:
+    argv:
+      - semodule
+      - -i
+      - /usr/local/share/selinux/homeassistant-local.pp
+  when: '"homeassistant-local" not in result.stdout_lines'
+
 - name: Fix SELinux contexts from config directory
  community.general.sefcontext:
    path: /export/homeassistant(/.*)?
--- a/roles/homeassistant/templates/homeassistant-container.service.j2
+++ b/roles/homeassistant/templates/homeassistant-container.service.j2
@ -9,6 +9,8 @@ ExecStart=/usr/bin/podman run \
    --rm -p 127.0.0.1:8001:8123 \
    --name homeassistant \
    --env TZ=Europe/Helsinki \
+    --userns keep-id \
+    --volume /run/dbus:/run/dbus:rw \
    --volume /srv/homeassistant:/config:rw \
    docker.io/homeassistant/home-assistant:{{ homeassistant_version }}
 ExecStop=/usr/bin/podman stop --ignore homeassistant