205 lines
5.1 KiB
YAML
205 lines
5.1 KiB
YAML
---
|
|
- name: Create group
|
|
ansible.builtin.group:
|
|
name: homeassistant
|
|
|
|
- name: Create user
|
|
ansible.builtin.user:
|
|
name: homeassistant
|
|
comment: Podman HomeAssistant
|
|
group: homeassistant
|
|
shell: /sbin/nologin
|
|
|
|
- name: Enable user lingering
|
|
ansible.builtin.command:
|
|
argv:
|
|
- loginctl
|
|
- enable-linger
|
|
- homeassistant
|
|
creates: /var/lib/systemd/linger/homeassistant
|
|
|
|
- name: Install dependencies
|
|
ansible.builtin.package:
|
|
name: "{{ item }}"
|
|
state: installed
|
|
with_items:
|
|
- bluez
|
|
- git
|
|
- patch
|
|
- yamllint
|
|
|
|
- name: Get venv support for container
|
|
ansible.builtin.git:
|
|
dest: /usr/local/src/homeassistant-docker-venv
|
|
repo: https://github.com/tribut/homeassistant-docker-venv.git
|
|
update: true
|
|
version: master
|
|
register: git_result
|
|
|
|
- name: Create venv support directory
|
|
ansible.builtin.file:
|
|
path: /usr/local/libexec/homeassistant-docker-venv
|
|
state: directory
|
|
mode: "0755"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: Check if venv support script exists
|
|
ansible.builtin.stat:
|
|
path: /usr/local/libexec/homeassistant-docker-venv/run
|
|
changed_when: false
|
|
register: stat_result
|
|
|
|
- name: Copy venv support script
|
|
ansible.builtin.copy:
|
|
dest: /usr/local/libexec/homeassistant-docker-venv/run
|
|
src: /usr/local/src/homeassistant-docker-venv/run
|
|
mode: "0755"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
remote_src: true
|
|
when: not stat_result.stat.exists or git_result.changed
|
|
|
|
# https://github.com/home-assistant/core/issues/128214
|
|
- name: Patch venv support script
|
|
ansible.posix.patch:
|
|
dest: /usr/local/libexec/homeassistant-docker-venv/run
|
|
src: homeassistant-docker-venv.patch
|
|
notify: Restart homeassistant
|
|
|
|
- name: Enable bluetooth services
|
|
ansible.builtin.service:
|
|
name: bluetooth
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Copy SELinux module
|
|
ansible.builtin.copy:
|
|
dest: /usr/local/share/selinux/homeassistant-local.pp
|
|
src: homeassistant-local.pp
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
|
|
- name: Check if selinux module is loaded
|
|
ansible.builtin.command:
|
|
argv:
|
|
- semodule
|
|
- -l
|
|
register: result
|
|
check_mode: false
|
|
changed_when: false
|
|
|
|
- name: Install SELinux module
|
|
ansible.builtin.command:
|
|
argv:
|
|
- semodule
|
|
- -i
|
|
- /usr/local/share/selinux/homeassistant-local.pp
|
|
when: '"homeassistant-local" not in result.stdout_lines'
|
|
|
|
- name: Fix SELinux contexts from config directory
|
|
community.general.sefcontext:
|
|
path: /export/homeassistant(/.*)?
|
|
setype: container_file_t
|
|
when: ansible_selinux_python_present
|
|
|
|
- name: Allow podman to use devices
|
|
ansible.posix.seboolean:
|
|
name: container_use_devices
|
|
state: true
|
|
persistent: true
|
|
|
|
- name: Allow homeassistant to connect specific devices
|
|
ansible.builtin.copy:
|
|
dest: /etc/udev/rules.d/99-homeassistant.rules
|
|
src: 99-homeassistant.rules
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: Reload udev rules
|
|
|
|
- name: Create config directory
|
|
ansible.builtin.file:
|
|
path: /export/homeassistant
|
|
state: directory
|
|
mode: "0700"
|
|
owner: homeassistant
|
|
group: homeassistant
|
|
setype: _default
|
|
|
|
- name: Link config directory
|
|
ansible.builtin.file:
|
|
dest: /srv/homeassistant
|
|
src: /export/homeassistant
|
|
state: link
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
follow: false
|
|
|
|
- name: Copy authentication command
|
|
ansible.builtin.copy:
|
|
dest: /srv/homeassistant/auth-command.py
|
|
src: auth-command.py
|
|
mode: "0755"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
setype: _default
|
|
|
|
- name: Create directories for custom integrations
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
state: directory
|
|
mode: "0755"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
setype: _default
|
|
with_items:
|
|
- /srv/homeassistant/custom_components
|
|
- /srv/homeassistant/downloads
|
|
|
|
- name: Download extra integrations
|
|
ansible.builtin.git:
|
|
dest: "/srv/homeassistant/downloads/{{ item.name }}"
|
|
repo: "{{ item.repo }}"
|
|
update: true
|
|
version: "{{ item.version }}"
|
|
notify: Restart homeassistant
|
|
with_items: "{{ homeassistant_integrations | default([]) }}"
|
|
|
|
- name: Link extra integrations
|
|
ansible.builtin.file:
|
|
dest: "/srv/homeassistant/custom_components/{{ item.name }}"
|
|
src: "../downloads/{{ item.name }}/custom_components/{{ item.name }}"
|
|
state: link
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
follow: false
|
|
with_items: "{{ homeassistant_integrations | default([]) }}"
|
|
|
|
- name: Create service file
|
|
ansible.builtin.template:
|
|
dest: /etc/systemd/system/homeassistant-container.service
|
|
src: homeassistant-container.service.j2
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: Restart homeassistant
|
|
|
|
- name: Enable service
|
|
ansible.builtin.service:
|
|
name: homeassistant-container
|
|
state: started
|
|
enabled: true
|
|
|
|
- name: Copy nginx config
|
|
ansible.builtin.copy:
|
|
dest: "/etc/nginx/conf.d/{{ inventory_hostname }}/homeassistant.conf"
|
|
content: |
|
|
location / {
|
|
proxy_pass http://127.0.0.1:8008;
|
|
}
|
|
mode: "0644"
|
|
owner: root
|
|
group: "{{ ansible_wheel }}"
|
|
notify: Restart nginx
|