Best security practices with Docker HA

Still getting a grip on everything so wonder on any best practices for installation. Actually found none with security in mind. And as HA is getting more and more popular this becomes a security concern.

Is it a correct assumption that a non login user should be created on a linux system

adduser homeassistant --system

Delegated the rights to run docker container? And specified as the main user for that?

This post has some ideas

I run the container version of Home Assistant, and I run it as root under my normal Linux user. I’ve wondered if this is ok , and I’m sure there are better options to secure it, but I’ve focused more on securing remote access, and securing ssh as much as possible. I use Portainer and make sure that is only exposed over the secure wireguard vpn. I use host networking to not have issues with discovery, but I dont run the container in priviledged mode- it shouldn’t need this. Developers added that to the documentation to make it easier to map a zigbee stick for zha, but the device flag to map the usb is better. If you’re not using zha, there’s definitely no reason for priviledged mode. Using provildged mode really overrides all the security normally built into docker. Here’s a link to additional docker documentation on security.

Here’s another good post about security for Home Assistant in general.