homeassistant: Add bluetooth support
This commit is contained in:
parent
1285656eae
commit
7b88de9100
4 changed files with 59 additions and 0 deletions
BIN
roles/homeassistant/files/homeassistant-local.pp
Normal file
BIN
roles/homeassistant/files/homeassistant-local.pp
Normal file
Binary file not shown.
21
roles/homeassistant/files/homeassistant-local.te
Normal file
21
roles/homeassistant/files/homeassistant-local.te
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
|
||||||
|
module homeassistant-local 1.0;
|
||||||
|
|
||||||
|
require {
|
||||||
|
type container_t;
|
||||||
|
type system_dbusd_var_run_t;
|
||||||
|
type system_dbusd_t;
|
||||||
|
type bluetooth_t;
|
||||||
|
class sock_file write;
|
||||||
|
class unix_stream_socket connectto;
|
||||||
|
class dbus send_msg;
|
||||||
|
}
|
||||||
|
|
||||||
|
#============= bluetooth_t ==============
|
||||||
|
allow bluetooth_t container_t:dbus send_msg;
|
||||||
|
|
||||||
|
#============= container_t ==============
|
||||||
|
allow container_t bluetooth_t:dbus send_msg;
|
||||||
|
allow container_t system_dbusd_t:dbus send_msg;
|
||||||
|
allow container_t system_dbusd_t:unix_stream_socket connectto;
|
||||||
|
allow container_t system_dbusd_var_run_t:sock_file write;
|
||||||
|
|
@ -10,6 +10,42 @@
|
||||||
group: ha
|
group: ha
|
||||||
shell: /sbin/nologin
|
shell: /sbin/nologin
|
||||||
|
|
||||||
|
- name: Install dependencies
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: bluez
|
||||||
|
state: installed
|
||||||
|
|
||||||
|
- name: Enable bluetooth services
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: bluetooth
|
||||||
|
state: started
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
- name: Copy SELinux module
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: /usr/local/share/selinux/homeassistant-local.pp
|
||||||
|
src: homeassistant-local.pp
|
||||||
|
mode: 0644
|
||||||
|
owner: root
|
||||||
|
group: "{{ ansible_wheel }}"
|
||||||
|
|
||||||
|
- name: Check if selinux module is loaded
|
||||||
|
ansible.builtin.command:
|
||||||
|
argv:
|
||||||
|
- semodule
|
||||||
|
- -l
|
||||||
|
register: result
|
||||||
|
check_mode: false
|
||||||
|
changed_when: false
|
||||||
|
|
||||||
|
- name: Install SELinux module
|
||||||
|
ansible.builtin.command:
|
||||||
|
argv:
|
||||||
|
- semodule
|
||||||
|
- -i
|
||||||
|
- /usr/local/share/selinux/homeassistant-local.pp
|
||||||
|
when: '"homeassistant-local" not in result.stdout_lines'
|
||||||
|
|
||||||
- name: Fix SELinux contexts from config directory
|
- name: Fix SELinux contexts from config directory
|
||||||
community.general.sefcontext:
|
community.general.sefcontext:
|
||||||
path: /export/homeassistant(/.*)?
|
path: /export/homeassistant(/.*)?
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,8 @@ ExecStart=/usr/bin/podman run \
|
||||||
--rm -p 127.0.0.1:8001:8123 \
|
--rm -p 127.0.0.1:8001:8123 \
|
||||||
--name homeassistant \
|
--name homeassistant \
|
||||||
--env TZ=Europe/Helsinki \
|
--env TZ=Europe/Helsinki \
|
||||||
|
--userns keep-id \
|
||||||
|
--volume /run/dbus:/run/dbus:rw \
|
||||||
--volume /srv/homeassistant:/config:rw \
|
--volume /srv/homeassistant:/config:rw \
|
||||||
docker.io/homeassistant/home-assistant:{{ homeassistant_version }}
|
docker.io/homeassistant/home-assistant:{{ homeassistant_version }}
|
||||||
ExecStop=/usr/bin/podman stop --ignore homeassistant
|
ExecStop=/usr/bin/podman stop --ignore homeassistant
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue