From 7b88de910018c7cdcf9e8bd9a720b20521a683a9 Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Sat, 1 Apr 2023 18:54:46 +0000 Subject: [PATCH] homeassistant: Add bluetooth support --- .../files/homeassistant-local.pp | Bin 0 -> 1737 bytes .../files/homeassistant-local.te | 21 ++++++++++ roles/homeassistant/tasks/main.yml | 36 ++++++++++++++++++ .../homeassistant-container.service.j2 | 2 + 4 files changed, 59 insertions(+) create mode 100644 roles/homeassistant/files/homeassistant-local.pp create mode 100644 roles/homeassistant/files/homeassistant-local.te diff --git a/roles/homeassistant/files/homeassistant-local.pp b/roles/homeassistant/files/homeassistant-local.pp new file mode 100644 index 0000000000000000000000000000000000000000..e3fe854c1d94f1f172df85610e67d50138d5d1b8 GIT binary patch literal 1737 zcmchX(QXql5Jf`(0YaixEAiYP0Kp&lg*W=d2UwfL(1p!fT6>{L`~u>8`&8y6d)rA$ zB~&V|bUouclNo#E%&*HI7Y}B$89X%pwEcnE5AROixBYm2a++6Tm*yrN8%cX=1nkf9 zIyI%Vr8a$i)#YW=Jv904>o>v7J_x}_QvhGhkyeYbP#vwLeihf{(-8p!C-Avr-=4=( zht#ZN$;&UPKASR@x$o1m){Fr3Gb|uIer&t+*fxmYhPEbU=>TNr#b>J&hrnh+kYm>S zlD)=7;d7(v>l8lEj$E6zPeZIPEp`8{KDB%=HLW9`Y8AgWLmb9FRvOSqP0Zan+@c#( z&AFb%`oco{A3l&jVW&ZrdYe^4-HJSYR{StgaXlV%k6;_9JXtgk^go?Gn6BT*qIm?{ zK*eu6%YF9HQ>U-T|LQTfru5RCgZWTl#SK-jF;3vuyU-Fm?Z_)ztpm=D5c z-7ff0Im{stHtTlz8=v<<9#k#ayXaPCgD_dlefh5BKe^nQx5ixHt|H^}=BQK@%apvD th(3VNUqnN2Zoc9gYHn~Tgk^~B%#o`><+B)CZZP=}Lu#i$^-&Anz;A~Af8+oF literal 0 HcmV?d00001 diff --git a/roles/homeassistant/files/homeassistant-local.te b/roles/homeassistant/files/homeassistant-local.te new file mode 100644 index 0000000..60f2983 --- /dev/null +++ b/roles/homeassistant/files/homeassistant-local.te @@ -0,0 +1,21 @@ + +module homeassistant-local 1.0; + +require { + type container_t; + type system_dbusd_var_run_t; + type system_dbusd_t; + type bluetooth_t; + class sock_file write; + class unix_stream_socket connectto; + class dbus send_msg; +} + +#============= bluetooth_t ============== +allow bluetooth_t container_t:dbus send_msg; + +#============= container_t ============== +allow container_t bluetooth_t:dbus send_msg; +allow container_t system_dbusd_t:dbus send_msg; +allow container_t system_dbusd_t:unix_stream_socket connectto; +allow container_t system_dbusd_var_run_t:sock_file write; diff --git a/roles/homeassistant/tasks/main.yml b/roles/homeassistant/tasks/main.yml index d8637aa..f2f53d1 100644 --- a/roles/homeassistant/tasks/main.yml +++ b/roles/homeassistant/tasks/main.yml @@ -10,6 +10,42 @@ group: ha shell: /sbin/nologin +- name: Install dependencies + ansible.builtin.package: + name: bluez + state: installed + +- name: Enable bluetooth services + ansible.builtin.service: + name: bluetooth + state: started + enabled: true + +- name: Copy SELinux module + ansible.builtin.copy: + dest: /usr/local/share/selinux/homeassistant-local.pp + src: homeassistant-local.pp + mode: 0644 + owner: root + group: "{{ ansible_wheel }}" + +- name: Check if selinux module is loaded + ansible.builtin.command: + argv: + - semodule + - -l + register: result + check_mode: false + changed_when: false + +- name: Install SELinux module + ansible.builtin.command: + argv: + - semodule + - -i + - /usr/local/share/selinux/homeassistant-local.pp + when: '"homeassistant-local" not in result.stdout_lines' + - name: Fix SELinux contexts from config directory community.general.sefcontext: path: /export/homeassistant(/.*)? diff --git a/roles/homeassistant/templates/homeassistant-container.service.j2 b/roles/homeassistant/templates/homeassistant-container.service.j2 index e83d1a5..433490a 100644 --- a/roles/homeassistant/templates/homeassistant-container.service.j2 +++ b/roles/homeassistant/templates/homeassistant-container.service.j2 @@ -9,6 +9,8 @@ ExecStart=/usr/bin/podman run \ --rm -p 127.0.0.1:8001:8123 \ --name homeassistant \ --env TZ=Europe/Helsinki \ + --userns keep-id \ + --volume /run/dbus:/run/dbus:rw \ --volume /srv/homeassistant:/config:rw \ docker.io/homeassistant/home-assistant:{{ homeassistant_version }} ExecStop=/usr/bin/podman stop --ignore homeassistant