GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → dcramer → hive

dcramer / hive

Licence: Apache-2.0 license
My home infrastructure

Programming Languages

Jinja
831 projects
python
139335 projects - #7 most used programming language
HTML
75241 projects
javascript
184084 projects - #8 most used programming language
shell
77523 projects
CSS
56736 projects

Labels

homeassistanthomelab

Projects that are alternatives of or similar to hive

HASSAddons
Home Assistant Add-on Repository
Stars: ✭ 34 (+9.68%)
Mutual labels:  homeassistant
Home-Assistant Config
BeardedTinker Home Assistant configuration. Feel free to browse, edit, tweak, improve, criticize and suggest.
Stars: ✭ 241 (+677.42%)
Mutual labels:  homeassistant
hass-mosenergosbyt
Home Assistant Mosenergosbyt personal cabinet data and statistics sensor
Stars: ✭ 21 (-32.26%)
Mutual labels:  homeassistant
luxtronik
Luxtronik integration for Home Assistant
Stars: ✭ 50 (+61.29%)
Mutual labels:  homeassistant
ha-eskom-loadshedding
Fetches loadshedding data from Eskom
Stars: ✭ 48 (+54.84%)
Mutual labels:  homeassistant
heatzy-home-hassistant
Climate Home Assistant component for Heatzy Pilot
Stars: ✭ 22 (-29.03%)
Mutual labels:  homeassistant
pysma
Async library for SMA Solar's WebConnect interface
Stars: ✭ 44 (+41.94%)
Mutual labels:  homeassistant
breaking changes
Component to show potential breaking_changes in the current published version based on your loaded components
Stars: ✭ 83 (+167.74%)
Mutual labels:  homeassistant
weatheralerts
A sensor that gives you weather alerts from alerts.weather.gov.
Stars: ✭ 93 (+200%)
Mutual labels:  homeassistant
ha custom component
Home Assistant Custom Component of BMW Connected Drive
Stars: ✭ 21 (-32.26%)
Mutual labels:  homeassistant
addon-bitwarden
Vaultwarden (Bitwarden) - Home Assistant Community Add-ons
Stars: ✭ 102 (+229.03%)
Mutual labels:  homeassistant
hassio-addons
Homegear as a Hassio add-on
Stars: ✭ 14 (-54.84%)
Mutual labels:  homeassistant
ics
Integration that displays the next event of an ics link (support reoccuring events)
Stars: ✭ 48 (+54.84%)
Mutual labels:  homeassistant
HA-SleepAsAndroid
Sleep As Android integration for Home Assistant
Stars: ✭ 91 (+193.55%)
Mutual labels:  homeassistant
homeassistant-afvalwijzer
Provides sensors for some Dutch waste collectors
Stars: ✭ 119 (+283.87%)
Mutual labels:  homeassistant
addon-base
Docker base images (Alpine) - Home Assistant Community Add-ons
Stars: ✭ 25 (-19.35%)
Mutual labels:  homeassistant
Deebot-for-Home-Assistant
Vacuum component for Ecovacs Deebot Vacuums
Stars: ✭ 204 (+558.06%)
Mutual labels:  homeassistant
maestrogateway
Manage MCZ pellet stoves that are equipped with Maestro technology
Stars: ✭ 30 (-3.23%)
Mutual labels:  homeassistant
addon-chrony
chrony - Home Assistant Community Add-ons
Stars: ✭ 23 (-25.81%)
Mutual labels:  homeassistant
cookiecutter-homeassistant-custom-component
Cookiecutter template for Home Assistant custom component
Stars: ✭ 37 (+19.35%)
Mutual labels:  homeassistant
View All Similar Projects ➔

Hive

This is my work on automating my home infrastructure.

Disclaimer

  • This repo is for me, not you. It's not directly reusable, but I hope you find it helpful.
  • I've not read docs on Ansible, nor do I intend to.
  • First time racking anything, I'm not experienced.

High level this project is primarily for:

  • home assistant with a variety of configurations
  • internal monitoring
  • routine backups outbound to a cloud provider (gcp)
  • various media-related services (private)

The goal is to create a memory of my home infrastructures information. Whether that means it happens via Ansible, or I simply have some record of it in git, it helps service the task of re-configuring a service if it ever needs it.

Some additional goals I have that may or may not have progress in the repo:

  • local focused, especially with "smart" devices (avoiding internet-based solutions)
  • configured via code as much as possible, especially with home assistant
  • secure and private, everythings full of exploits
  • redundancy for important things in life (e.g. google photos)
  • hands-free use, alert me when I need to take action

Table of Contents

Architecture and Devices

There's a variety of things going on, so here's the ongoing list of projects. You'll find some opinions on what sucks, and what doesn't. One important thing to note, my goal was to be decoupled from a specific vendor (e.g. no Nest) and use products with APIs, though that hasn't nessesarily worked or made things better.

I'm using a pretty status-quo rack mounted Unifi network architecture. I've got a gen2 controller to support Unifi Protect (Ubiquiti's newest iteration of its NVR), as well as a USG and PoE switch.

Everything's managed in a mid-depth rack in my garage, which aims to rack mount anything it possible can. The rack itself is a 42U design from Navepoint, 800mm deep.

Rack

(Yes, I realize theres fingerprints on it)

The rack consists of the following devices:

  • 4x Sonos AMPs
  • 24 bay Supermicro NAS (thanks serverstore.com!)
  • GPU-less overkill server (straight forward desktop PC in a rack case)
  • Pi-hole (experimental still)
  • Hue hub (legacy)
  • SimpliSafe hub (not lovin it)
  • Lutron Connect bridge
  • Unifi USG
  • Unifi 24 port PoE switch
  • Unifi Gen2 pro controller
  • Unifi AP (temporary, will be mounted elsewhere soon)

There are 5 PoE cameras running to the switch, all external to the living space.

I'm quite happy with what I've pulled off here given I've never done this before. It looks clean, operates fairly quiet, and has future expansion space.

Lights

Nearly all lights are from a Lutron (Radio RA2) system, using the standard telnet APIs. They're mostly configured here to make them accessible to Google Home via Home Assistant (via Nabu Casa's cloud service).

I've got a few hue bulbs as well that are collecting dust.

Other than Lutron's telnet API randomly not working for a while, I'm generally happy with the system.

Audio

I've got a cluster of Sonos amps powering some built-in speakers in various rooms. There's not a lot going on here other than them existing, being rack mounted, and used for some automations. I'd love for Sonos to have more open APIs, but otherwise it's exactly what you pay for.

Doors

WIP. I'm planning to install an Axis door station so I can go keyfob at home (ya ya, I dont want to hear about it). I've got one Yale lock I installed to test, but to be honest it's not to the level of polish or maturity I would have expected these devices be. It's probably one of the best in its class, I just think they're all bad. I'm opting for prosumer or commercial grade where I can and trying to make more thoughtful decisions on everything else. Thus the reason I'm looking at Axis.

Alarm & Cameras

I have a SimpliSafe alarm system that seemed like a great idea at the time, and then I realized all of the local APIs are encrypted and has routinely stopped working with HASS. Turns out all of the security systems are tightly locked to vendors (not literally all, but any that dont look like shit). I'll suck it up with this since it's only the core alarms and sensors.

Additionally I have various Ubiquiti security cameras which archive footage to the NAS.

Various Sensors

There are a variety of Aeotec sensors that I've setup to get a feel for what might be possible. I've had mixed results and wouldn't go as far as recommending them (though I'm new to this).

Additionally, and probably the thing that's worked the best, I'm using Sonoff smart plugs (w/ tasmoto firmware) for power monitoring high value devices, which let's me drive some interesting automations. For example, when the dryer finishes I've got it setup to broadcast via Sonos a simple text-to-speech notification.

Automations

My favorite choice so far has been opting for a Telegram bot to drive the system. I really wanted to make things be reactive - that is, I have no desire to watch or visit a dashboard (sorry my home assistant UI is bland). The Telegram bot is intended ot notify me of important activities, often a substitute for an email, but also allow me to react ot them. For example, if the garage has been left open for a period of time, let me know, and give me a quick action to close the garage. I also intend to bundle camera feeds or snapshots to these important events.

This is still very much a work in progress, and I'm hoping to contribute back to Home Assitant to make it easier to do more powerful automations primarily via the alerts subsystem.

Pi-hole

I followed this guide to setup the raspberry pi with pi-hole. It does the job, but I worry about its lack of redudancy given its acting as the single DNS server. I'm still treating this as an experiment, as I dont really have a desire to block ads at the network level (not all ads are bad, yo), but it was a fun quick build.

NAS

The NAS is running Unraid (great UI!), and has been doing well. I picked up the server itself off of theserverstore.com (rec from a friend) and am super happy with it. Its a refurbished 24 bay 4U dual xeon, 60 gigs of memory that sit there and collect dust. I was previously using a Synology 8 bay, but I stupidly chose Raid 10 and couldn't expand the raid without a bigger set of drive bays (can't add drives, how is that not possible with Raid10). Figured this was a (far) better spend of dollars than a larger Synology. That said, Synology's been great, it's just too expensive.

Home Assistant

A bulk of my time has been spent playing with Home Assistant. I'm not really into much of the smart home endeavor, but I enjoy building things. Many of the configurations are unfinished, and may not be working at all, but I've been spending a lot of time on maintainable structure.

I have had a few goals in mind when playing with it:

  • focus on alerts and non-hass interactions (voice, telegram bot)
  • as much as possible, the configuration is in this repo (wish could be even more so)
  • remove cruft that turns out not to be valuable

You'll find the bulk of this in the hive.hass role, which I'm told is not terribly done. I also have some overkill early work at re-architecting home assistant alerts on top of appdaemon to make my (builders) life easier.

What I'm enjoying so far:

  • the washer/dryer alerts are literally the GREATEST THING EVER
  • the telegram bot is awesome, though its only as good as the automations
  • google cloud integration (using Nabu Casa / hass cloud) has worked extremely well, and was easy to configure
  • some custom widgets for garbage collection and train/bus times

What has failed miserably:

  • simplisafe: recently it just stopped working (probably related to their new 2fa push)
  • ecobee: probably gonna get replaced
  • mopar: i just wanted to telegram myself when I've left my car doors unlocked at home
  • aeotec: one of the sensors barely ever works, the others have been fine

Other

Google Photos Sync

I'm using gphotos-sync -- which is clearly someones ocean of sweat and tears -- to automatically pull down copies of my photos. I'm not worried about Google ditching this product, so its more of an exercise to achieve it. It doesn't work perfectly (see the project for limitations), but hopefully Google will improve this over time.

You'll find the automation for this in hive.gphotos.

Internal Monitoring

There's a weak Kibana and Influx setup. It's not highly functional, and I'm not really sure what I was thinking when I thought it was a good idea.

There's a cool generic dashboard with an endless list of system metrics though.

VPN

I previously was running an Intel Nuc with a bunch of services and had that configured to route all traffic through Private Internet Access. I haven't gotten around to making it work well, and may not ever do it. There's remnants of that in the README as well as some efforts in the hive.pia role.

Ansible / Machine Configuration

This is mostly scattered notes so I remember how anything works in disaster scenarios.

Bootstrap

sudo apt-add-repository -y ppa:ansible/ansible
sudo apt-get update
sudo apt-get install -y ansible

Encrypted Values

Hopefully everything personally identifiable is encrypted, as well as the various external accounts. I'm sure ya'll can Google my address and phone number, but it seemed like a straight forward approach to anonymizing much of the information.

It needs ansible-passwd defined w/ the vault password (which I store in 1Password).

Strings are then encrypted bit-by-bit, which frankly is a pain in the ass:

ansible-vault encrypt-string [value]

Cameras

Cameras are all Unifi protect devices from Ubiquiti. To configure them for hass do the following:

  • Hit IP directly
  • Login with ubnt + password (found in protect settings)
  • Enable anonymous snapshot

In protect itself:

  • Hit Cameras
  • Enable [Medium] RSTP stream

The hive.protect role will attempt to auto archive footage automatically to the nas.

Network Firewall Notes

This is to help assist setting up VLAN/general configuration. Specifically notes are for Unifi configurations.

Google Home - MDNS (Services -> MDNS) Plex - TCP/32400 Sonos - UPNP (Services -> UNPN -> Enable for IOT), TCP/3500

Firewall

TODO: I've yet to re-implement this, and may take another pass.

The goal here is to route all external traffic through a VPN provider to create an additional layer of privacy.

Configure IP tables via ufw:

sudo apt-get install ufw

This denies all in and outgoing traffic:

sudo ufw default deny outgoing
sudo ufw default deny incoming

Optional step for OpenSSH users or if you want to allow/block a specific service:

sudo ufw app list //will show some services, OpenSSH among others
sudo ufw OpenSSH allow //allows OpenSHH. this works for other services too

Allow traffic to VPN interface:

# replace "tun0" with your vpn interface name --> see sudo ifconfig
sudo ufw allow out on tun0 from any to any
# replace "tun0" with your vpn interface name --> see sudo ifconfig
sudo ufw allow in on tun0 from any to any

Allow OpenVPN connections to PIA:

sudo ufw allow out vpn

This allows all traffic from and to the VPN server (US Silicon Valley):

sudo ufw allow in from 104.156.228.0/104.156.228.255 to any
sudo ufw allow out from any to 104.156.228.0/104.156.228.255

This step allows connections within your LAN:

sudo ufw allow in from 10.0.0.0/8
sudo ufw allow out to 10.0.0.0/8
sudo ufw allow in from 172.16.0.0/12
sudo ufw allow out to 172.16.0.0/12
sudo ufw allow in from 192.168.0.0/16
sudo ufw allow out to 192.168.0.0/16
sudo ufw allow in from fd00::/8
sudo ufw allow out to fd00::/8

Allow various network services:

sudo ufw allow out bonjour
sudo ufw allow out samba

sudo ufw allow proto udp from 192.168.0.0/16 to any port 137
sudo ufw allow proto udp from 192.168.1.0/24 to any port 138
sudo ufw allow proto tcp from 192.168.1.0/24 to any port 139
sudo ufw allow proto tcp from 192.168.1.0/24 to any port 445

Allow all requests to HTTPS services:

sudo ufw allow out proto tcp from any to any port 443

Enable the firewall:

sudo ufw enable

References

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].