Archlinux home assistant supervised install

rokam · August 6, 2022, 12:44am

I’m running home assistant supervised in my archlinux machine. To help others, I’ve created an AUR package. Check it out at AUR (en) - homeassistant-supervised

Any feedback is appreciated.

nickrout · August 6, 2022, 2:29am

I love arch, a great system. But so long as everyone who uses this realises it will be unsupported. (except by you )

rokam · August 6, 2022, 3:30am

Sure, I get it. But my homeassistant machine is also my HTPC. And I had issues with some packages available on Debian. That is my least effort way of dealing with it.

I’ve just reversed engineered supervised installer and converted to arch pkg. Also, any help to maintain is appreciated.

nickrout · August 6, 2022, 5:01am

I applaud it, and I am now subscribed to this thread, so will do what I can.

Karmak23 · August 29, 2022, 10:21am

I subscribed to this thread too, as I will use the AUR installer in the next days.

Same setup here, HA is on my HTPC, and I need add-ons and all the fancy bells & whistles to get frigate full integration.

Thanks for your work.

rokam · August 29, 2022, 12:48pm

That’s my first package. Any feedback is appreciated.

adi-mistrzu · September 7, 2022, 7:08pm

Hi, I build your HA supervised, I see it in system process but HA still not supervised.

Anyone try test it ?

rokam · September 8, 2022, 6:20pm

What defines a supervised homeassistant? For me this shows as supervised:

Also acessing the observer into http://ip:4357/ :

adi-mistrzu · September 9, 2022, 8:41am

obraz
obraz

Probably Unhealthy is because they have problem with connection to bluetooth.
I have HASS from official repository in pacman.

rokam · September 9, 2022, 9:38am

Have you configured AppArmor?
https://wiki.archlinux.org/title/AppArmor

You need to add this Kernel Parameters:

lsm=landlock,lockdown,yama,integrity,apparmor,bpf

And enable apparmor service: apparmor.service

adi-mistrzu · September 9, 2022, 4:21pm

I had to rebuild the kernel to enable AppArmor.
Now is online:
obraz

But HASS still not supervised.

rokam · September 9, 2022, 6:13pm

Have you already enabled and started both services:
hassio-apparmor.service and hassio-supervisor.service

Also run:

$ aa-enabled

And

# aa-status

Karmak23 · September 15, 2022, 7:07am

I already had frigate installed as docker container, and tuned /etc/docker/daemon.json for SHM upgrade. The AUR package complained the file is already present on the FS.

I backed it up away, installed homeassistant-supervised and merged my setting manually.

I suggest a more flexible way of installation of the file, but I am not competent on Arch (yet). On debian I know there are a bunch of package maintainer script to merge configuration files and not ship them “barely” as normal package files.

I think there is the same thing on Arch but don’t know how it is called nor how it works.

rokam · September 15, 2022, 12:01pm

Thanks for the feedback Karmak23. I’ll consider it in a future update.

adi-mistrzu · September 18, 2022, 11:23am

Status od ArmArmor

[adi@STORKserver ~]$ aa-enabled
Yes
[adi@STORKserver ~]$ aa-status
apparmor module is loaded.
64 profiles are loaded.
64 profiles are in enforce mode.
   /usr/lib/apache2/mpm-prefork/apache2
   /usr/lib/apache2/mpm-prefork/apache2//DEFAULT_URI
   /usr/lib/apache2/mpm-prefork/apache2//HANDLING_UNTRUSTED_INPUT
   /usr/lib/apache2/mpm-prefork/apache2//phpsysinfo
   apache2
   apache2//DEFAULT_URI
   apache2//HANDLING_UNTRUSTED_INPUT
   apache2//phpsysinfo
   avahi-daemon
   dnsmasq
   dnsmasq//libvirt_leaseshelper
   docker-default
   dovecot
   dovecot-anvil
   dovecot-auth
   dovecot-config
   dovecot-deliver
   dovecot-dict
   dovecot-director
   dovecot-doveadm-server
   dovecot-dovecot-auth
   dovecot-dovecot-lda
   dovecot-dovecot-lda//sendmail
   dovecot-imap
   dovecot-imap-login
   dovecot-lmtp
   dovecot-log
   dovecot-managesieve
   dovecot-managesieve-login
   dovecot-pop3
   dovecot-pop3-login
   dovecot-replicator
   dovecot-script-login
   dovecot-ssl-params
   dovecot-stats
   hassio-supervisor
   hassio-supervisor///usr/bin/gdbus
   hassio-supervisor///usr/bin/git
   identd
   klogd
   lsb_release
   mdnsd
   nmbd
   nscd
   ntpd
   nvidia_modprobe
   nvidia_modprobe//kmod
   php-fpm
   ping
   samba-bgqd
   samba-dcerpcd
   samba-rpcd
   samba-rpcd-classic
   samba-rpcd-spoolss
   smbd
   smbldap-useradd
   smbldap-useradd///etc/init.d/nscd
   syslog-ng
   syslogd
   traceroute
   winbindd
   zgrep
   zgrep//helper
   zgrep//sed
0 profiles are in complain mode.
0 profiles are in kill mode.
0 profiles are in unconfined mode.
0 processes have profiles defined.
0 processes are in enforce mode.
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
0 processes are in kill mode.

Karmak23 · September 18, 2022, 8:01pm

Just to let you know, as far as I configured it (and after having done all the apparmor stuff you wrote), your supervised version works like a charm.

I’m currently looking for a “clean” way to bind-mount read-only the frigate host storage path, just for HA to display the remaining storage in my dashboard via the sensor.systemmonitor. I already got /, I want /home/data.

Where is the “main” HA container configuration file ?

EDIT: I will start here : [Solved] Hassio and volume mount issues - #2 by febalci This doesn’t seem very clean because changes are not kept when container is updated, I have to redo the configuration. Is there any way to have a docker-compose.yml file somewhere ?

rokam · September 18, 2022, 11:21pm

Sorry @adi-mistrzu ! Don’t know what’s wrong in your scenario.

rokam · September 18, 2022, 11:32pm

The files are located at: /usr/share/hassio/homeassistant/. Just add a link inside that path and it’ll do the job. Remember to add the right permission to that folder.

mvicomoya · September 19, 2022, 12:29am

For anyone landing here and seeing their supervisor reported as “Unhealthy” even after following all the installation steps listed in the Arch Wiki page, try this:

Triple-check you have apparmor service running
Make sure you have added the kernel parameters (see previous comments)
Re-install the homeassistant-supervised AUR package

This made my supervisor “Healthy” for a brief moment. Then I checked the supervisor logs:

docker logs -f hassio_supervisor

I noticed it was being flagged as “Unhealthy” due to running the watchtower container on the same host. This seems to make the supervisor unhealthy. I assume an incorrectly configured watchtower container could mess up with the running Hassio containers so they just flag it.

After stopping and removing watchtower, it shows as “Healthy” and I can install add-ons as expected.

adi-mistrzu · September 23, 2022, 10:21pm

Rokam, I posted a comment on AUR with errors I found in the installer.

in my case the problem is probably in this:

docker logs -f hassio_supervisor

...
22-09-24 00:14:27 ERROR (MainThread) [supervisor.host.network] Can't update config on eth0: ipv4.gateway: gateway is invalid
...
22-09-24 00:14:31 INFO (SyncWorker_0) [supervisor.docker.interface] Downloading docker image ghcr.io/home-assistant/None-homeassistant with tag landingpage.
22-09-24 00:14:31 ERROR (SyncWorker_0) [supervisor.docker.interface] Can't install ghcr.io/home-assistant/None-homeassistant:landingpage: 400 Client Error for http+docker://localhost/v1.41/images/create?tag=landingpage&fromImage=ghcr.io%2Fhome-assistant%2FNone-homeassistant&platform=linux%2Farm64: Bad Request ("invalid reference format: repository name must be lowercase")
22-09-24 00:14:31 WARNING (MainThread) [supervisor.homeassistant.core] Fails install landingpage, retry after 30sec

But I still don’t know how to fix it.
I don’t know yet where he gets the None-homeassistant address