HASSIO on NUC - My Journey

Hi, i recently moved my hassio installation from RPI3 to the new Gemini Lake NUC.
I love how much faster and stable everything is. It really was an upgrad well worth it. Especially since i now have a lot more stuff running on my hassio NUC and everything so far works very fast and flawless…

HOWEVER… as a non linux pro the journey was…for lack of a better word: tedious.

So in order to maybe help some other newbies like me along the way or to avoid the same mistaked i decided to share the whole story:

I had some small requirements for my new system:

Hassio @Docker (i like the hass.io way of using plugins and backups)
Plex Server @Docker (including intel Quicksync HW acceleration)
Wifi & BT working natively as i have them onboard in my NUC

Chapter 1: - Choice of OS
I first went with UBUNTU… install via USB Stick was very easy. Everything seemed to work out of the Box. Wifi & BT was detected. Installed hassio… then the problems began. After restoring the Backup i got a lot of errors and my duckdns was not able to connect to the internet anymore. I simply got no response back. I tried a lot of different solutions but finally gave up.
I then setup DEBIAN… hearing it also being a great choice for an underlying OS.
Debian installed easily as well, i was able to install hassio, restore my backup and surprise…even the duckdns plugin worked… BUT… neither WiFi nor BT was detected… Turns out… the kernel was too old for my Wifi Card…
Sooo… i treid updating the Linux Kernel manually. This took about 4-5h and in the end i still did not have the support for my wifi and BT… i also needed to manually inject the correct intel drivers. I then after maybe 2 days finally managed to get wifi working… but bluetooth still was not working.
That was the point when i decided to give Ubuntu one last try… so back to scratch again and i installed Ubuntu again. (This time it worked out, but more on that in Chapter 2)

Chapter 2: - Installation of hassio
As mentioned i did install Ubuntu again. In order to install hassio and all the other programs i wanted i decided to use docker. So my first step was finding out how docker works.
I basically followed this documentation and installed docker-ce:

After that was out of the way i was first playing around with some of the hello-world examples and then was trying to install hassio on that docker.
The commands i used for that are:

sudo apt-get install apparmor-utils apt-transport-https avahi-daemon ca-certificates curl dbus jq network-manager socat software-properties-common
sudo su
curl -sL https://raw.githubusercontent.com/home-assistant/hassio-build/master/install/hassio_install | bash -s

With this, my HASSIO was working fine HOWEVER still i had the issue with duckdns.
Turns out, Ubuntu is nowadays running a DNSMASQ standard out of the box on Port53. This was clashing with hassio and the urls could not be resolved. In order to stop ubuntu from using it i followed this guide:

In order to get it working however i also had to disable ubuntu from using systemd-resolve:

Disable the systemd-resolved service and stop it:

sudo systemctl disable systemd-resolved.service
sudo service systemd-resolved stop

Put the following line in the [main] section of your /etc/NetworkManager/NetworkManager.conf:

dns=default
Delete the symlink /etc/resolv.conf

rm /etc/resolv.conf

Restart network-manager

sudo service network-manager restart

With that, i finally had a working hassio on my NUC. No more issues so far apart from the SSH Plugin not working and having to install the secondary one from the community plugins… but this seems to be a well known issue.

Chapter 3: PLEX
I wanted to use the PLEX Plugin for hassio, but this has some big limiations:

1. I was not able to link the files on my HDD to a folder that plex hassio plugin can read
2. HW accelerated en/decoding was not implemented

So i decided to install a customer plex docker. In order to achieve this, the best way seemed to be a docker-compose.

So first i installed docker-compose following this guide:

Then in order to install plex and to get the updates (and im not sure if this is even required, but i did it nonetheless)

echo deb https://downloads.plex.tv/repo/deb public main | sudo tee /etc/apt/sources.list.d/plexmediaserver.list
curl https://downloads.plex.tv/plex-keys/PlexSign.key | sudo apt-key add -

After that, sudo apt-get update and the Plex Media Server repo is enabled on the OS.

My docker compose.yaml for plex looks like the following:

version: '2'
services:
  plex:
    image: plexinc/pms-docker:plexpass
    container_name: plex
    restart: unless-stopped
    volumes:
      - /media/htpc/plex/config:/config
      - /media/htpc:/media:ro
      - /media/htpc/plex/deb:/deb
      - /media/htpc/plex/transcode:/transcode
    network_mode: host
    environment:
      - PLEX_CLAIM=INSERTYOURCLAIMCODEHERE
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
    devices:
      - /dev/dri:/dev/dri

In order to get updates to the latest plexsever automatically at restart you have to add this piece of code into your yaml:

image: plexinc/pms-docker:plexpass

Chapter 4: HDD Issues
On primeday i was able to get my hands on some good external HDDs. I formated them with EXFAT as it was my believe that this is a linux file format…
But Ubuntu was not able to read any of my files… so i first had to install a EXFAT Driver:
sudo apt-get install exfat-fuse exfat-utils

Next problem was that only one my external HDDs was going to sleep. The other one was constantly running. HDParm was giving me errors for my 2nd drive and i was not able to set it to sleep manually… after several hours i finally found a good solution. An external program that monitors the uptime and is able to automatically bring the stubborn HDD to sleep:
HD-IDLE.

I have this setup now running for about 3 weeks and have not had any problems.
Everything seems to be very stable and is so much faster and responsive than on the raspberry. Restart takes only seconds instead of minutes and even my FFMPEG Cameras are working without any stutter or CPU stress.

I can only recommend going the NUC road if your still on the fence and hope that my “Guide” or collection of guides can help you get there faster and without a headache like me^^

thanks for this tip, intel nuc here , on ubuntu, docker, hassio ,

ive also added onto ubuntu the following , portainer, webmin and cockpit

I don’t understand why you would add the Plex server repo, when you’re using docker. It’s a wasted step and unnecessary

THanks for this write-up. I plan to do the same thing (also installing Plex) and will likely run into the same issues as you.

@flamingm0e

As said, i do not understand all of the intricacies of Linux, and am just glad it still works fine after about half a year.
Linux and I will probably never be close friends;)

Maybe you can tell my why this repo is not needed in a docker situation?

When you add a repo to your package manager it is to install the software and keep it updated from that repo.

Docker doesn’t use or need your package manager. That’s the point of docker. There are no dependencies in the OS. Docker is pulling an image and running it.

If you had installed the application using aptget, the repo would be used by your system to update Plex. But since you ran docker it literally didn’t use the repo at all for running Plex.

Thanks, ill try to edit the first post and reflect that … but seems like I’m not allowed to edit this post anymore…

As a side note but since we are talking about media server installs…

How does the PLEX media server compare to Kodi?

I used PLEX a long time ago on Windows but I remember it being pretty resource intensive at the time and it seemed to want to modify my media directories/files to it’s own structure.

I wasn’t able to find a good Kodi docker image so I have Kodi installed directly on my Debian OS. Of course, I do like the idea of using a media server in Docker but I don’t know if I like the idea of going back to PLEX.

If I could find a good Docker port of Kodi that would be great.

@flamingm0e, do you have any knowledge of a good Kodi docker image?

Threadjack off…er…um…

They are different things.

Kodi is a client.

Plex media server is a server.

You’re basically asking to run GUI apps in docker. This isn’t going to work well.

The Kodi software also actually runs a DLNA server as well as acting as a client on the host machine.

I use it right now to serve video, music and picture files to several DLNA-enabled bluray players on my network.

ex2867×173 16.9 KB

I don’t even care if the GUI runs as long as the server portion works and I can run the configuration via a web app.

But it seems the answer to the question is no.

To get Kodi running you need a GUI though, right? Docker doesn’t play well with apps that require a GUI.

Unless someone has created a Kodi server app? I don’t know. Plex works beautifully for me and has for years.

If all you need is a dlna server, there are several out there.

Yes, at least in my current version.

That’s what I was hoping to find any info on.

I use it pretty much exclusively for that right now but I had visions of it being my next step to cutting the cord from the cable/satellite TV companies. Hasn’t worked out for that yet, tho. My wife just isn’t the “cutting edge technology” type.

I have a hard enough time getting her to accept my HA “toy”.

Yeah, maybe I’ll have to give PLEX another shot.

I just remember that it left a bad taste in my mouth after using it a long time back.

Thanks

I was a heavy xbmc user back many years ago. Long before it changed it’s name to Kodi. When I gave Plex a fair shot, it has been a perfect fit for my house. I don’t have to manually configure any clients, the service is just discovered on the network. My wife and son know how to use it and I get no flack from them. It has made the TV and movie viewing in my house much more enjoyable

Definitely try Plex again–it may change your mind. Great web UI, Chromecast, iOS, Android, WebOS, XboxOne, Playstation4 apps, and the ability to do direct transcoding to all the apps I tested. I used to use XBMC/Kodi all the time, but it was a pain trying to setup a centralized DB and this DIY work. Plex is very much plug and play, and is really good at scraping TV, movies and music now. I’m really happy with it, especially since it works with Chromecast so well.

So, to add to my previous Linux Perils:

I adventured into VLANs. I have now a complete Unifi Setup and segregated my IoT devices, my Voice devices (Google Home, Alexa), my general internet and management network.

However, this brought me some new issues, as Hassio was not able to listen on the Multicast L2 that is required for a lot of component. i.e. the Xiaomi Air Purifier was simply not possible to connect. It even flooded my Network so that the Hue integration stopped working completely.

After reading a lot, i finally found the solution is simply adding the VLANs to my HASSIO. All on the same Ethernet Port.

There were basically 2 posts that helped a lot:

and

I just adjusted the whole thing a little bit. So basically it works like this for me:

Step 1: Add "networkmanager" to the packages in the SSH & Web Terminal Addon from the Community Repo.
Step 2: Turn off Protection Mode so you can edit the base system
Step 3: Check the connections by typing: nmcli connection show
Step 4: Create a new VLAN (you can choose the name) under the device that is your ethernet. For me this is enp2s0. nmcli con add type vlan con-name enp2s0@vlan10 dev eth0 id 10
Because i do not define the IP, the Gateway or the DNS i am using my DHCP Server for it.
Step 5: Recreate for any other VLAN. id = vlan id.
Step 6: After restart all of the previously not found devices are finally back. Even the WOL works like a charm.

New Update - Zero Tier

I recently discovered the great service Zero Tier. Luckily, there already is an Addon for Hassio

My goal is to replace my VPN (from Unifi) with the ZeroTier solution. However, i do not know if its possible to install ZeroTier on my Unifi Gear (USG). Therefore i needed the possibility for my Hassio Zero Tier to route all traffic from all my LANs (and VLANs) to my ZeroTier Network.

By default, this is not working and i was reading a lot of different things that are required. I tried setting up firewall rules on my unifi gear but nothing worked. Finally i found a great post explaining how to “bridge” the networks.

https://www.reddit.com/r/zerotier/comments/9714a2/easy_way_of_bridging_lan_for_remote_access/

So basically, we need to adjust the IP Tables. I used the same method as in my post above via using the terminal addon. However for IP Tables the terminal addon even works when protection mode is enabled.

So first i checked my current iptables with this command:

iptables -L

then i added my network and all the VLANs: (enp2s0 = NIC ID for my LAN Network. ztc**** = NIC ID for my ZeroTier Lan.) You can find it easily via

ncmli connection

iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp2s0.10 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp2s0.20 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp2s0.30 -j MASQUERADE

iptables -A FORWARD -i enp2s0 -o ztc******  -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp2s0.10 -o ztc******  -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp2s0.20 -o ztc******  -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp2s0.30 -o ztc******  -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i ztc****** -o enp2s0 -j ACCEPT
iptables -A FORWARD -i ztc****** -o enp2s0.10 -j ACCEPT
iptables -A FORWARD -i ztc****** -o enp2s0.20 -j ACCEPT
iptables -A FORWARD -i ztc****** -o enp2s0.30 -j ACCEPT

Now it is time to also configure the Zero Tier network. So simply login to your zerotier network website https://my.zerotier.com/

In “Managed Routes” you need to add for every LAN or VLAN to the “Destination” side and on the “via” side you add the ZeroTier IP of the Hassio Addon.
This can look like this in the end:

And with this its done. I now can ping and access all of my Lan (& VLAN) devices via ZeroTier.

Hi, thanks a lot for your post, do you mind helping me a bit. So I have HASSIO and this ZeroTier One addon. All is working fine.
I can access from outside my LAN only the devices in my network that have a ZeroTier program (HASSIO, a QNAP, PI3), all the other I can’t access.

On my HASSIO/NUC if I do iptable -L I have this

me@ubuntu:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (2 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:8126
ACCEPT     tcp  --  anywhere             172.30.33.0          tcp dpt:8884
ACCEPT     tcp  --  anywhere             172.30.33.0          tcp dpt:8883
ACCEPT     tcp  --  anywhere             172.30.33.0          tcp dpt:1884
ACCEPT     tcp  --  anywhere             172.30.33.0          tcp dpt:1883
ACCEPT     tcp  --  anywhere             172.30.33.1          tcp dpt:tproxy
ACCEPT     tcp  --  anywhere             172.30.33.2          tcp dpt:9541
ACCEPT     udp  --  anywhere             172.30.33.3          udp dpt:21027
ACCEPT     tcp  --  anywhere             172.30.33.3          tcp dpt:8384
ACCEPT     udp  --  anywhere             172.30.33.4          udp dpt:ntp
ACCEPT     tcp  --  anywhere             172.30.33.7          tcp dpt:8086
ACCEPT     tcp  --  anywhere             172.30.33.8          tcp dpt:ssh
ACCEPT     tcp  --  anywhere             172.30.33.9          tcp dpt:9050
ACCEPT     tcp  --  anywhere             172.30.33.11         tcp dpt:5037
ACCEPT     tcp  --  anywhere             172.30.33.12         tcp dpt:7277
ACCEPT     tcp  --  anywhere             172.30.33.13         tcp dpt:8000
ACCEPT     tcp  --  anywhere             172.30.33.14         tcp dpt:https
ACCEPT     tcp  --  anywhere             172.30.33.14         tcp dpt:81
ACCEPT     tcp  --  anywhere             172.30.33.15         tcp dpt:mmcc
ACCEPT     tcp  --  anywhere             172.30.33.14         tcp dpt:http
ACCEPT     tcp  --  anywhere             172.30.33.15         tcp dpt:5000

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Then I do this (enp0s25 is the name of my NIC oif the HASSIO/NUC, zthnxxxo is the ZT1 name, both I got via ifconfig)

me@ubuntu:~$ sudo iptables -t nat -A POSTROUTING -o enp0s25 -j MASQUERADE
me@ubuntu:~$ sudo iptables -A FORWARD -i enp0s25 -o zthnxxxo -m state --state RELATED,ESTABLISHED -j ACCEPT
me@ubuntu:~$ sudo iptables -A FORWARD -i zthnxxxo-o enp0s25 -j ACCEPT

then did this in ZT1 configuration (192.168.192.12 is the ZT1 address of the HASSIO/NUC, which has a local LAN 192.168.1.12)

image1259×166 2.79 KB

Now I can access from outside the LAN
192.168.1.12
192.168.192.xxx (xxx my devices that have ZT1 apps)

but not the other 192.168.1.yyy

EDIT, never mind it works, after switching OFF and ON again the Zerotier of my Android!!!

Wow, I was looking for a reliable solution as this since the 90s!!

BTW I did NOT do the following

" make sure you have allowManaged=1 in your /var/lib/zerotier-one/networks.d/###.local.conf file or whatever is respective to your system"

Ah yes me neither As I read in the reddit thread this also seems not to be a requirement for this solution

Hi, there is a pi3 that I need to reach and can’t since I did your suggestions, nothing i do works.
Wish now to go back, any clue on how to remove those iptables?