I ended up using the ubus
integration instead.
Here is my SaltStack formula which I run against my OpenWrt device. You should be able to surmise what the formula is doing from the code:
#!objects
import os
from shlex import quote
from salt://homenetwork/openwrt/lib.sls import template_file, push_file, restart_service, enable_service, install_packages
context = pillar(sls.split(".")[0])
slsp = sls.replace(".", "/")
installed = install_packages(['uhttpd-mod-ubus'])
for files, services in [
[
[
("/usr/share/rpcd/acl.d/assistant.json", "644"),
("/etc/config/rpcd", "644"),
],
["rpcd"],
],
[
[
("/etc/config/uhttpd", "644")
],
["uhttpd"],
],
]:
pushed = []
for file, mode in files:
templated = template_file(file, basedir="salt://%s" % slsp, mode=mode, context=context)
pushed.extend(push_file(file, watch=templated))
if services:
for service in services:
enable_service(service, watch=installed)
restart_service(service, watch=pushed)
This is assistant.json
referred above:
{
{{ integrations.openwrt.user | json }}: {
"description": "Read only user access role for Home Assistant",
"read": {
"ubus": {
"*": [ "*" ]
},
"uci": [ "*" ]
},
"write": {}
}
}
This is rpcd
referred above:
config rpcd
option socket /var/run/ubus/ubus.sock
option timeout 30
config login
option username 'root'
option password '$p$root'
list read '*'
list write '*'
config login
option username '{{ integrations.openwrt.user }}'
option password '{{ integrations.openwrt.crypted_password }}'
list read '{{ integrations.openwrt.user }}'
list write '{{ integrations.openwrt.user }}'
This is uhttpd
referred above. I think this was needed because there was no knob to turn off SSL in the integration (and my patch to enable it was rejected by the core devs):
config uhttpd 'main'
list listen_http '0.0.0.0:80'
list listen_http '[::]:80'
list listen_https '0.0.0.0:443'
list listen_https '[::]:443'
# Disable HTTPS redirect.
# FIXME ubus integration with Home Assistant requires it, but should not.
# Submit a patch upstream to fix this.
option redirect_https '0'
option home '/www'
option rfc1918_filter '1'
option max_requests '3'
option max_connections '100'
option cert '/etc/uhttpd.crt'
option key '/etc/uhttpd.key'
option cgi_prefix '/cgi-bin'
list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
option script_timeout '60'
option network_timeout '30'
option http_keepalive '20'
option tcp_keepalive '1'
option ubus_prefix '/ubus'
config cert 'defaults'
option days '730'
option key_type 'rsa'
option bits '2048'
option ec_curve 'P-256'
option country 'ZZ'
option state 'Somewhere'
option location 'Unknown'
option commonname 'OpenWrt'